kh4sh3i_ – Open Bug Bounty Blog

For Researchers

Frequently Asked Questions Read the FAQ to get best experience with our platform	Write a Blog Post Write a blog post to share your knowledge and get kudos
Browse Bug Bounty Programs Browse active bug bounty programs run by website owners	Report a Vulnerability Report and help remediate a vulnerability found on any website

How it Works

Download presentation and learn
how our platform works

PDF, 500kb

For Website Owners

FAQ: For Website Owners Start here to ensure smooth collaboration with the security researchers	Start a Bug Bounty Start your bug bounty program at no cost and leverage crowd-security testing
FAQ: For Bug Bounty Owners Read how to maximize your ROI from crowd-security testing

How it Works

Download presentation and learn
how our platform works

PDF, 500kb

About

About the Project Read about Open Bug Bounty history, values and mission	API Request National CERTs and law enforcement agencies may request our API
Frequently Asked Questions Review the most popular questions about the project	Contact Us Get in touch

How it Works

Download presentation and learn
how our platform works

PDF, 500kb

Hall of Fame
Forum

Zabbix – SAML SSO Authentication Bypass

Posted on July 8, 2022 by kh4sh3i_

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Dork: usage refrences https://nvd.nist.gov/vuln/detail/CVE-2022-23131 https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage https://github.com/Mr-xn/cve-2022-23131 https://github.com/projectdiscovery/nuclei-templates