2114
Talk and help about bugbounty
I'm looking for a job
Completed Btech cse
Can Anyone help me plz
It will take sometime, dont worry that's natural you can either discover the ways in a day or a year depends on ur research and fast learning
Читать полностью…
Hey, can anyone help me to bypass ssl pinning of an app?
The app is in xapk format in play store
Mostly now adays these are main locations due ti upgrade in sec and waf
Читать полностью…
Depends on the SQL server version or the permission of the current user
Читать полностью…
Trying a new SQL tamper. Any one stuck with waf or 406 can dm me.
Читать полностью…
I'm good at exploits.. but lazy for reconnaissance. So if you can help with that. I can exploit it
Читать полностью…
How to burp suite paid version free access . If anyone know pls let me know friends
Читать полностью…
Hi, anyone done with CRTO-2 ? I want help regarding EDR bypass
Читать полностью…
Hii guys, I'm new into bug bounty learning, please I need someone who can guide me... How to learn bug bounty
Читать полностью…
Anyone notice burpsuit isn't properly forwarding request again? The request works perfectly without it, it works well with ZAP proxy, but for some reasons it isn't working well with Burp, please I'll love to hear possible solutions, thank you.
Читать полностью…
This is impossible and takes a very long time. I have programmed a script that does this in Python by. rockyou.txt
Читать полностью…
I know, I thought there was hope of decrypting it, but unfortunately
Читать полностью…
Look sometimes peak traffic cuts u off so my suggestion is have a good payload ready and try bypassing when traffic is low check the off peak time and peak time for your target low traffic always works so monitor know what ur target website is working on
Читать полностью…
Hi Cheet
I've been doing for the past 9 months now and I'm yet to report a valid vulnerability 🥹
The ones that are valid are duplicate
Please can you guide me and put me through on how to get my first bounty on bug bounty🙏
If the database user has got write permission you can upload a shell or if the database server version is got a vulnerability it can be exploited.. sometimes database might contain admin password and that can use to upload shell and get a shell
Читать полностью…
Yes but not actually the case rce can happen only on post request and api or cgi
Читать полностью…
Is it possible to open an RCE vulnerability? Through SQL injection vulnerability
Читать полностью…
We are all here to support each other if you need anything you can ask about it but if you are waiting for the perfect roadmap, i'm sorry to burst your bubble but there is no such thing JUST START and as i said if you need anything you can ask us and good luck for all of us.
Читать полностью…
💰 Apple Will Pay Up To $ 1 Million To Anyone Who Hacks there Private AI Cloud
Yes, you heard correctly. Apple announced that it will pay up to $1 million to security experts to identify flaws that might compromise the security of its private AI cloud.
Apple stated in a post on its security blog that it would provide a maximum $1 million reward to anyone who discovered weaknesses that allowed harmful code to be remotely executed on its Private Cloud Compute servers.
Additionally, Apple is making public the source code for “certain essential components” of Private Cloud Compute.
The Virtual Research Environment, according to Apple, is a collection of tools that let anyone run their “own security analysis of Private Cloud Compute” directly on their Mac.
.git can be Exploited ?
Here are few blogs to exploit .git Directory
https://wh11tew0lf.medium.com/git-folder-bug-bounty-tips-87bf8dab399
ryuukhagetsu/bug-bounty-dir-listing-on-directory-git-4367a359967e" rel="nofollow">https://medium.com/@ryuukhagetsu/bug-bounty-dir-listing-on-directory-git-4367a359967e
levshmelevv/10-000-bounty-for-exposed-git-to-rce-304c7e1f54" rel="nofollow">https://medium.com/@levshmelevv/10-000-bounty-for-exposed-git-to-rce-304c7e1f54
https://sl4x0.medium.com/how-a-git-file-leads-to-zendesk-panel-takeover-11e8d2812076
https://osintteam.blog/git-directory-exposed-leads-to-credentials-disclosure-1d1737638279?gi=756125de593c
https://satyasai1460.medium.com/how-git-folder-can-be-exploited-to-access-sensitive-data-eb805c38fd6c
tanyago/exploiting-exposed-git-file-to-access-webmail-credentials-4b47a3afff38" rel="nofollow">https://medium.com/@tanyago/exploiting-exposed-git-file-to-access-webmail-credentials-4b47a3afff38
mahmud0x/exposed-git-to-bitbucket-account-owners-all-repository-access-7949b158d7bd" rel="nofollow">https://medium.com/@mahmud0x/exposed-git-to-bitbucket-account-owners-all-repository-access-7949b158d7bd
Dhamuharker/critical-git-repository-leaked-internal-data-9508e0476a0e" rel="nofollow">https://medium.com/@Dhamuharker/critical-git-repository-leaked-internal-data-9508e0476a0e
cuncis/gitgraber-a-tool-for-finding-sensitive-information-in-github-repositories-5bb092e253f5" rel="nofollow">https://medium.com/@cuncis/gitgraber-a-tool-for-finding-sensitive-information-in-github-repositories-5bb092e253f5
Uses GPU to significantly increase bruteforce speed
Читать полностью…
hash function is unreversible -> only bruteforce
Читать полностью…