3186
Talk and help about bugbounty
If anyone looking for OSCP or any other hands on cyber security training kindly dm me.
Читать полностью…
guys i need help is this sql blind based when i change my password to '-alert(1)-'
now when i login the web throw an error indicating that my payload was not sanitize and i cant login
I got file upload xss .svg they are now saying more information, how can I escalate and show big impact
Читать полностью…
okay bro let me know you may also describe this by changing the domain name to TARGET.COM
Читать полностью…
lots to read and learn brother, enjoy and have fun!
Читать полностью…
Nope
Emulator is used to run Android apps on windows
is this valid? and can you describe as step to reproduce? like 1. 2. 3. like this?
Читать полностью…
i see. i always found rs256 in that endpoint and i try algorithm confusion but not work😅
Читать полностью…
yes its correct sorry i miss the HS256😅 i thought you found it in RS256
Читать полностью…
Doing products on Amazon using carding for very cheap first I book in your name and adress and show you payment method then you shall pay me
I also do cc to upi
Vapt and soc videos and materials available
Those who r in need can ping
make sure that it is not self xss, this way they will be concerned
Читать полностью…
hi guys. I am looking for active pwn/rev ctf players and researchers))) DM please for questions)
Читать полностью…
Hey friends. I am new in Cybersecurity. I have 0 knowledge. I am learning. I hope everyone will guide me.
Thanks & take love.
you will need to use frida along side burp
there are videos on youtube that would give you a detailed explanation
hit me up if you have issues setting it up
Is emulators a name of program like burp suite or not ?
Читать полностью…
I found this in android application is it important?
{"param500":1,"param501":0,"param502":"YKBYM15","prm2":"SP6mUG6uWQ3oCZPSJzwIoyIPAtgrLGlC6BP22afaLBo0jE5EvM2r7KdCXew8KBpS","prm3":"35420909103999","prm4":"967779080460","timeStp":"17-09-2023 19:26:45.557","check":1,"hash":"A2628833FDD5B6963FBAEA1080B3ECE78DC1F70D9D59E793818E07A2F24DD449","param18":"35420909103999","param1":"4486544324","param2":0.0,"param3":0,"param5":0}
The app to send money to the wallet of number 4486544324
But i can't catch the request becuase it's in android apps
Is there a tool like burpsuite to edit the requests of the android apps?
Hello friends, my name is Lucky or I want to start my career in bug bounty. Can anyone tell me that after finding the target, I do recon that like subdomain finding, directory brute forcing, subdomain take over all those things. what to do later? 🙂
Читать полностью…
yeah
i found it once before in the /.well-knowm/jwks endpoint
so its possible to find the hs256 key from endpoint or js?
Читать полностью…
i won't really call it algorithm confusion attack/bug.
i had the key so i just signed the token.
i think algorithm confusion involves signing an RS256 with a public key and changing the algorithm to HS256....But i maybe wrong
Should i report one by one or all.j. one report؟
Читать полностью…