3186
Talk and help about bugbounty
There are a lot of paid template u can not imagine how they work and still useless
Читать полностью…
Do you think I can report that I can inject code into HTTP headers and reflect them because the TRACE method is enabled? Does anyone know if I can achieve an impact from this? I have seen reports that justify the impact because it can be stored in logs or cause some XSS at another point in the application.
Читать полностью…
Try injecting internal port on Host: header like Host:x.com:1024 or Host:localhost
Читать полностью…
Ideas to bypass Django panel admin authentication?
Читать полностью…
During the testing of a domain, i accidently found its subdomain which was the server page. Where it was mentioning:
Welc9me to nginx!
If you see this page the nginx server is successfully installefld and working.
Now when i try to acces example.com/.htaccess
It gives 403. Even i tried for /%2ehtaccess but still it is blocking. Now what should i try?
#bitrix 🚨🚨🚨
Уязвимость модуля landing системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление, позволяющая нарушителю выполнить команды ОС на уязвимом узле, получить контроль над ресурсами и проникнуть во внутреннюю сеть.
Bitrix > 23.850.0
RCE, CVSS 10/10
Удаляем модуль landing, если не используется. Обновляем до версии 23.850.0 и выше, если используется.
BDU:2023-05857
Че, пацаны, анимэ?
And in this jason admin directory i get some email ph.no transaction id and bcrypt hashed password but the password can't cracked so can i report that information disclosure or broken access control and another question does it high vulnerability
Читать полностью…
hello guys i am studying bug bounty and networking for 1 year so does hacker1 pay me by finding vulnerabilities or it need exploitation
Читать полностью…
Yes i did it...but what i mean is how to convert stream to pdf if get a stream object code
Читать полностью…
I have got a pdf stream i want to conveet it into pdf document
Читать полностью…
This is unbelievably insanely dope.
this week is gonna be good.
Jazakallah
U cannot achive more than xss or some flase positive or maybe some intentional bugs which aren't eligible for a bounty
Читать полностью…
Hello all please help me, I just bought a vps and running nuclei but I found information like this on nuclei Templates clustered: 1194 (Reduced 1133 Requests) Is yours also like that?
Читать полностью…
In admin page on a specific directory fuzz as much as you can headers params cookies... chance of 80% u will get somewhere ro analyze more
Читать полностью…
Possible ways to bypass WAF specifically for SSRF
Читать полностью…
Как же мы все любим Битрикс, обожаем просто , рай для хакеров
Читать полностью…
Vulnerabilities. You would obviously need to show how it’s vulnerable though. So for example, you stumble across a reflected xss, just do a recording of a non damaging tag like the alert. Don’t actually inject a damaging payload
Читать полностью…
Long term or temporary ones? AK..... long term, use Pacu and try to do some situational awareness and find out what you can do, on the other hand, temporary keys, unless you got them by assuming a role, They might probably be already expired.
Читать полностью…
I recommend anyone new or struggling to try this out. I have taken 7 so far and its worth every penny. Be a master yourself and stop getting confused
Читать полностью…
Guys anyone know how to convert pdf code to pdf Document
Читать полностью…
If You can solve without walkthrough then your are master. 😉
Читать полностью…