ph17ur @ph17ur - Tumblr Blog

#bugbountytips #csrf #2fa #authentication

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

#oswasp #bughunter #htmlinjection #bugbountytips

#bugbountytips #Recon

source: https://medium.com/@kenanistaken/how-to-find-and-exploit-xss-25581bfc0a3d

#bugbountytips #xss

#sublist3r #nmap #masscan #enum

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Source: https://portswigger.net/web-security/cors

#BugBountyTips #cors #portswigger

Using OpenSSL to en/decrypt *things*

eg:

ENCODE - using key $ openssl enc -aes256 -k [YOUR KEY] -in in-file.tgz -out out-file.tgz.enc DECODE - using key $ openssl aes256-cbc -k [YOUR KEY] -in in-file.tgz -out out-file.tgz.enc ENCODE - using salt $ openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc DECODE - using salt$ openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new

#bugbountytips #openssl #encryption

Source: https://twitter.com/MasterSEC_AR/status/1256689299833176069

#bugbountytips

Juice Shop SQLi.

Took me a little while to remember to close the statement off, after ‘%admin%’ so it doesn’t process password.

If you don’t close the statement off, it tries to process password.

#SQLi #bugbountytips

Bug Hunting - Broken Access Control.

Takeaway - “A quick ‘search' in your proxy history for your ID should be [the] requests you inspect first...”

Bug Crowd Uni - Broken Access Control. https://youtu.be/94-tlOCApOc

#bugbountytips

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Bug Crowd Uni: https://youtu.be/gkMl1suyj3M

#xss #bugbountytips

Web Application Hacker's Handbook 2

#bugbountytips #wahh

#bugbountytips #csrf

SSRF on Lyft, by @nahamsec

https://www.nahamsec.com/posts/my-expense-report-resulted-in-a-server-side-request-forgery-ssrf-on-lyft

We hacked Lyft and reported a SSRF to them via their Bug Bounty Program on HackerOne!

HBO abuses DMCA to take down a 13 year old girl's artwork because she used the phrase "winter is coming". Assholes. WINTER IS COMING! Assholes. http://www.theregister.co.uk/2016/12/08/winter_is_coming_hbo_dmca_trademark/

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming