🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Locked IN from HERE !!!

Possible Subdomain Takeover on redacted.com due to misconfigured AWS ELB ( elastic load balancer )

Need help confirming a possible subdomain takeover on redacted.com If you have an AWS account and know how to set up ELB stuff, let’s work together on a quick PoC. We'll split 50/50

Check out this simple flowchart and payload examples that slip past common filters.

You don’t need to know everything in cybersecurity. Just find one thing you love, get really good at it, and you’ll earn respect that no one can take away.

📢 $NAORIS New Public Sale Round Live Following our successful $3M raise, the new Public Sale round is now open. 𝗡𝗮𝗼𝗿𝗶𝘀 𝗣𝗿𝗼𝘁𝗼𝗰𝗼𝗹 - The first Decentralized Post-Quantum Infrastructure securing Web3 and Web2 for the Quantum Era. 🔹𝗟𝗶𝗺𝗶𝘁𝗲𝗱

Some days ago, I mentioned I was going to take the red team approach on some off-platform targets… but plans change. After thinking it through, I’ve decided to make a solid move, from now on, I’m going all in on #Cloudflare as my primary target for the bug hunt challenge.

Bypassed SSRF filters using internal routing logic.

Hacking Google Translate : Stored XSS Discovered by Our Researcher. - The payload was executed inside a Google-owned domain. Vulnerability was responsibly disclosed & now patched. youtu.be/t41GwFCIxes?si…

Don't miss the opportunity !

.....and the lord be with me ❤ #Cloudflare >>>>

Target - Cloudflare Time spent: ~3hrs Terrain: API endpoints Findings: 0 (so far) Spent about 3 hours digging through their API assets, nothing popped yet. Short break now. We return under moonlight.

I discovered an exposed cloudflare EMAIL & TOKEN in an environment not owned or controlled by cloudflare I was able to use the exposed cred to authenticate to the cloudflare API endpoint and i got access. Don't know if cloudflare is gonna close it as OUT-OF-SCOPE

I think companies should rethink how they treat out-of-scope reports I get that OOS is against the rules, but rejecting a critical flaw ( let's say RCE ) just because it’s OOS, then silently fixing it, doesn’t sit right. A little reward for critical vulns goes a long way.

CSP Bypass → DOM XSS - script-src was strict, but object-src left open - Injected SVG file with embedded JS - Loaded via <object data=evil.svg> → executes in origin - JS inside SVG triggers DOM sink (location.hash)

Cloudflare is everywhere i.e websites, mobile apps, OS, IoT devices. So... what if someone actually hacked Cloudflare ? 👀 Think about it, almost every asset relying on it for security could be exposed. Just a thought, lol. Don’t bite me, I’m just brainstorming 😅💭

Tried a SQL injection and got blocked ? Sometimes, that’s the WAF, and not the app being secure. Bypass the WAF, and boom, the app’s exposed. It was never truly safe, just hiding behind that shield. Like a kid hiding behind their parent, take the parent away, see the real truth.

First report to #Cloudflare - Cloudflare Global API Key and email exposed in a public repository. "Cloudflare appreciates researchers who take time to report leaked credentials" - let's see if they're gonna accept this.