Last time we showed you how to use encodings in <a>. Now we've made a scheme what symbols in which points you can inject to bypass WAF, filters, sanitizers. gist.github.com/hackerscrolls/… #BugBounty #CyberSecurity #BugBountyTip

関連： Content-Disposition の filename という地雷。　(1個の観点で17個の脆弱性を見つけた話) - ぶるーたるごぶりん brutalgoblin.hatenablog.jp/entry/2023/01/…

I just published a write-up about an account takeover where I abused reverse proxy to hijack the OAuth Code. blog.voorivex.team/hijacking-oaut…

あとで読む

なるほど github.com/golang/go/issu…

I think it's time for a solution ⏰ To solve this challenge, you had to abuse the DOMPurify namespace misconfiguration to trigger an XSS this way 👇 Solution link: challenges.mizu.re/xss_02.html?ht… 1/6

🎄SQLi was first reported 25 years ago, by a researcher once known as Rain Forest Puppy, in Phrack Magazine on this day in 1998. 🎁 Happy birthday SQLi! 🎁 🐛Despite being around for 25 years, it's still essential knowledge for pentesters.

It's been a long winter... I also realized I had broken the challenge... well here is the long-awaited solution. "in%0balert%60%60in" or in plain English "in(mysterious space)alert``in"

My homies mokusou and kodaichodai crushing it at the top of the Japan leaderboard! 🔥

Recently found a bypass in DOMPurify in certain cases. Today, versions 3.0.10 and 2.4.8 were released, fixing the issue. Documented the problem here: blog.slonser.info/posts/dompurif… Thanks to mario of Cure53 for excellent communication! #DOMPurify #security

これも必見だ👀 MySQL の SQL クエリチューニングの要所を掴む勉強会 speakerdeck.com/andpad/mysql-s…

Don’t Force Yourself to Become a Bug Bounty Hunter by Sam Curry samcurry.net/dont-force-you… #BBRENewsletter74

Known Knowns: Fun with the DOM, the parser, illogical trees and "unknowns"... bkardell.com/blog/known-kno…

中段にある「委任について（分類と悪用方法）」がめちゃくちゃ勉強になる内容なので、HTB Business CTF 2024自体に参加してない方もぜひ！

Also, note that semi-open redirects (redirects that can point you to other subdomains of the same tld) are also super helpful here, as there is often some place where you can host files within a target's domain ecosystem. Gotta love that "auto-follow redirect" functionality.

7月19日対戦よろしくお願いしますm(_ _)m #PentestSecJP ◯PentestSecJP_ver1 pentestsecjp.connpass.com/event/317082/

この前IeraeNightで話したWindowsの権限昇格の内容です〜 docswell.com/s/ierae/KQRMJE…

In addition to this amazing discovery, there was another middleware bypass with the `__nextLocale` URL query that was fixed in 2024. I wrote a short article about this vuln CVE-2024-51479. gmo-cybersecurity.com/blog/another-n…

solved! learned a lot from this one. Huge thanks!

ポッドキャスト「Bug Bounty JP Podcast」の企画として、日本人バグハンター11人のインタビュー記事を公開しました！ 日本人バグハンター11人に聞いた！バグバウンティの魅力や面白さについて #BBJP_Podcast - blog of morioka12 scgajge12.hatenablog.com/entry/bughunte…