XSS Injection with SQLi (XSSQLi) XSS Injection with SQLi (XSSQLi) Well After our discussion on different types of injection and places you can find SQL injection Vulnerability, an attacker can successfully exploit and SQL injection vulnerability and get access over the database and if he is enough lucky to get access to the File System…
VPS Cheatsheet for bug hunting
I have found myself way too many times forgetting certain commands, or how to perform specific actions related to bug hunting. Solution: make a cheat sheet of all the useful commands. And I figured, you may find it useful, or maybe you already know all of them by heart in which case, good for you….
A Story of IDOR To Account Takeover
Hello Guys ! I am Pramod Yadav a Security Researcher and a Bug Hunter. This Is My First Bug Bounty Writeup. We are Going to See A Story of IDOR and How Could I Have Taken Over Your Account Through It. Before Getting into Details Let’s See What is An IDOR. What is an IDOR?…
How to find valid and impactful CSRFs
Hi , i am Febin , a security researcher. This is my first post in OBB blog, which is about the mighty CSRF attack. IMPACT OF CSRF: In a successful CSRF attack, the attacker causes the victim user to carry out an action unintentionally. For example, this might be to change the email address on…
Using {XSS} to play games on Site
Hello guys, today I’m going to teach you how to play inside any website that has an XSS flaw.This technique is more aimed at making fun videos satirizing websites or even playing with your friends… The code is very simple because it only emblems the application of the game in question and an opening of…
How to Find Contacts To Report Bugs & Security Vulnerabilities | Bug Bounty Tutorials 2020
How to Find Contacts To Report Bugs & Security Vulnerabilities | Bug Bounty Tutorials 2020 in this video tutorial I will show you how to find any contact information about any domain or company.
Improper Access Control – Generic: Unrestricted access to any “connected pack” on docs in coda.io
Summary: When adding a pack to the coda.io doc, a post request is sent to https://coda.io/internalAppApi/documents/[doc ID]/packs with data {“packId”:[pack Id]} where doc ID is the id of doc user wishes to add pack and pack ID is the pack user wants to install. But this request was unrestricted and the user could iterate the…
(Alibaba) message.alibaba.com [IDOR] – [Bug Bounty]
(Paypal) www.paypal.com [CSP High Level] – [XSS Reflected] – [Bug Bounty] – [Write Up]
JDECO.net XSS Vulnerability| CybeReports
The website of Jerusalem District Electricity Company (Arabic: شركة كهرباء محافظة القدس) this XSS sent to us by MD