Bhuwan BhetwalforBhuwan Bhetwal's HandBookblog.bhuwanbhetwal.com.np·3 hours agoBreaking In: How RXSS and SQLi Can Lead to Full Account Takeover and Database AccessThese vulnerabilities were Identified on one of the YesWeHack’s Private Program. I was hunting late night when i received an invitation from one of the Private Program. As they Were Interested on critical reports. I was looking for SQLi, Command Exec...Discuss·53 readsSQL
0xrzforVoorivex's Teamblog.voorivex.team·Oct 23, 2024A Weird CSP Bypass led to $3.5k BountyRoughly 5 months ago, YShahinzadeh and I found an XSS vulnerability that had a weird CSP bypass leading to Account Takeover and received a $3500 bounty. The journey was quite interesting to me as it involved deep recon, reading many documents of the ...Discuss·6 likes·1.5K readscsp bypass
VoorivexforVoorivex's Teamblog.voorivex.team·Oct 11, 2024Drilling the redirect_uri in OAuthI’ve been hunting for several years as a part-time hunter and have discovered many vulnerabilities. My most focused area, and my favorite, is the authentication class, which includes sign-up, sign-in, forgot password, 2FA, account deletion, etc. Nowa...Moustafa Shikho and 3 others are discussing this4 people are discussing thisDiscuss·16 likes·1.7K readsoauth
VoorivexforVoorivex's Teamblog.voorivex.team·Sep 17, 2024Account Takeover due to DNS RebindingHello guys, after a long time, I decided to write a blog post. I chose a vulnerability that I recently uncovered in Hashnode. As you may have already noticed, I set up this blog on Hashnode. Naturally, when I use a third-party service like this, I sp...VC0D3R and 1 other are discussing this2 people are discussing thisDiscuss·30 likes·2.3K readsdns-rebinding
Baruch MettlerforPangea Blogpangea.cloud·Sep 3, 2024ATO detection using ML with Pangea enriched dataAccount takeover (often abbreviated as ATO) is a compromise where a user has lost control of their authentication credentials resulting in them being exposed to malicious actors. These credentials are then used to commit data theft, fraud, and other ...DiscussMachine Learning