It's a recon framework with subdomain tracking, crawling, scanning, passive port scanning, etc
Читать полностью…Let's have a team to build bug finder software and participate in Bug bounty programs to make money.
Читать полностью…You will need atleast 8 gb(bare minimum) of ram,storage depends on how you manage but I'd say 512gb, as long as you can do virtualization it would be fine I guess
Читать полностью…Guys any one help me I need a bugcrowd username I will add a collaboration any one help me report
Читать полностью…I have found critical sensitive information on Trust wallet GitHub,
I tried it normal what's your advice I wanna tell them,
Because I have found more than 5 active wallets phrase.
Good afternoon, everyone. This is the situation: 100% there is a vulnerability in the web application, associated with improper processing of media content, which leads to the possibility of writing to an arbitrary file. The application accepts images, video files and audio files. The processing is done using `ImageMagick (convert)'.
I figured out a little bit what and how. The application converts `GIF` files to mp4
while saving the first frame (as in the case of mp4
for the cover, to png
and then processes ImageMagick-om
). When processing mp3 files, it pulls out the cover if available, and also processes ImageMagick-om. Manipulations with video files and GIFs are performed using ffmpeg-a
The first thought that arises is the use of GhostScript
configured files to write arbitrary files. It is not possible to download ps,xps, etc. files directly by changing the extension, because the application checks the content type.
The second thought is to pour the GhostScript
file into the cover of the mp3 file, which I did, but when pulling it out, ffmpeg
gives an error, as well as when trying to add an incorrect frame to the GIF
with GhostScript
.
Yes, and policy.xml may well be patched where GhostScript
files are prohibited, so this is just a guess.
The main question is which way to look, maybe someone has encountered vulnerabilities in the processing of similar media files. And is it worth continuing to dig towards ImageMagick
?? Or look for a Vulnerability elsewhere. The patch for the vulnerability of this product, among other things, prohibits the guest script in imagemagick, so I looked there right away.
Anyway, thanks for any advice or thoughts, because I don't know where to go anymore =))
Just released a new bug bounty writeups . Have a read.
https://vijetareigns.medium.com/unauthenticated-api-endpoint-to-create-support-ticket-worth-500-789e91ad9a00
Bhai koi fida nhi
Tu try ker course ne le or youtube se padh
Tujhe course ek bar mill jye ge or milte he rahe ge fir tu ek bhe nhi dekha ge I wasted 4 Year essi after I realised then I got job after my hard work
I need advice on how to get a laptop for pentesting, it should be cheap, but I need good quality
Читать полностью…i need a course on bug bounty i need a full course from finding errors to how to contact the administrator
Читать полностью…These are called rigged wallets, so these wallets can use the blockchain but flagged so already reported
Читать полностью…Yeah don't worry their all honeypots don't waste your time either it's a only view wallet, means u can veiw not send or exchange or swap
Or second honeypot is where you have to add tron for you exchange or Transfer which is also a scam
Good day to all. Question about media forms. Is it possible, or has anyone tried to create such a video file: ; The first or several frames should not be images, PlainText files, respectively, it is also necessary to make the ffmpeg utility throw this file away normally when it is called to dump the 1st frame.
The formats are as follows: video/webm video/mp4 video/quicktime video/ogg
I found that quicktime
can save uncompressed data, but the search did not lead to anything, and if you need to look here, then I will dig deeper, now the main thing is to decide on the form.
Or another option, audio in mp3 format, is it possible to correctly upload the cover here, while in the video of a text file, and so that ffmpeg also throws out this cover from it. Thank you!
Login Email Verification Bypass via /oauth/token
https://www.agdepe.xyz/2024/09/login-email-verification-bypass-via.html