Panagiotis Vasilikossecuringbits.com·Jan 17, 2024UUID Sandwich AttacksIf you're using UUIDs (version 1) to implement security features in your application, you may be vulnerable to Sandwich Attacks. Solution: switch to version 4 UUIDs instead.Discuss·2 likes·55 readsApplication Security
Bhavesh aka ShellbreakerforShellbreakershellbreaker.hashnode.dev·Dec 19, 2023Duplicate CSRF… Leads to $$$$Introduction Hey everyone, Bhavesh aka Shellbreaker here! Cybersecurity is my passion, both at work as a security engineer and after hours as a bug bounty hunter. Join me on this adventure as I uncover vulnerabilities and explore the fascinating worl...Discuss·205 readsbugbounty
Thomas Staceythomas.stacey.se·Dec 11, 2023Making Web Cache Deception Critical in 30 MinutesWeb Cache Deception, first discovered (I think...) here, is a rare attack class that enables an attacker to trick users into storing sensitive information in a server-side cache for later retrieval. Unfortunately, throughout all my adventures so far,...Discuss·181 readsWeb Cache Deception
Panagiotis Vasilikossecuringbits.com·Nov 22, 2023Hacking a US AirlineA story about how I hacked a US airline with the help of Youtube ✈️🔓🎥Discuss·34 readsbugbounty
0xrzforVoorivex's Teamblog.voorivex.team·Nov 17, 2023Hijacking OAuth Code via Reverse Proxy for Account TakeoverRecon: The target scope I had selected was fixed to the main application: 1377.targetstaging.app In the first phase of my narrow recon approach, I utilized various services like Archive, Google, and Yahoo to extract endpoints and different paths. Ho...Discuss·62 likes·6.3K readsbugbounty
YoungVandayoungvanda.hashnode.dev·Nov 17, 2023The Art of Monitoring Bug Bounty ProgramsIn the name of Allah Hi guys, I’m YoungVanda and in this write-up I wanna talk about how I monitor BBPs (Bug Bounty Programs) + Introducing you to a new made private tool. The Mindset What would’ve happened if you were the first hunter working on a t...Discuss·46 readsbugbounty
Retr0forR3tr0's Team blogretr0x.hashnode.dev·Nov 13, 2023Eclipsing Shadows: An Odyssey into the Enigmatic Realm of CybersecurityEclipsing Shadows: An Odyssey into the Enigmatic Realm of Cybersecurity In the pulsating heart of the digital era, where shadows linger and neon glows define our interconnected existence, the imperative of safeguarding our virtual sanctuaries has tra...Discuss·9 likes·47 readsethicalhacking
Rushikesh PatilforBreachForcebreachforce.net·Nov 13, 2023Peeling Back the Layers: Unmasking Hidden Secrets in JavaScript CodeHey there! Today, let's go on a little adventure into the world of website secrets. Imagine this: if you add ?_debug=1 to the end of a JavaScript(.js) page's address, it's like unlocking a hidden door. We'll explore a cool security trick that makes a...Discuss·12 likes·89 readsbugbounty
YoungVandayoungvanda.hashnode.dev·Nov 3, 2023Swagger XSS Mass HuntingIn the name of Allah Hi guys, I'm YoungVanda and in this write-up, I’m gonna explain my own approach towards Swagger XSS and why I don’t use the Nuclei template ( swagger-api.yaml) ;d The Entire Flow 1. Find as many subdomains as possible 2. cat all_...Discuss·1 like·43 readsbugbounty
YoungVandayoungvanda.hashnode.dev·Oct 31, 2023My Second VDP Bug Went Critical: Grafana Admin Panel BypassIn the Name of Allah Hi guys, I'm YoungVanda and in this write-up, I wanna talk about my own methodology for finding Grafana admin panel and how I was able to get full access. Let’sssssssssssssssssss Gooooooooooooooooooo 🔥🔥🧨🧨(Just Vibing 😂) My...Discuss·44 readsbugbounty