CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk securityonline.info/cve-2024-40725…

A WAF bypass trick by Gareth Heyes \u2028 <script> var div="<!--<script>" </script><div>/-alert(1) </script>

𝗫𝗦𝗦 𝗕𝘆𝗽𝗮𝘀𝘀 𝗣𝗮𝘆𝗹𝗼𝗮𝗱: javascript​:var a="ale";var b="rt";var c="()";decodeURI("<button popovertarget=x>Click me</button><cybertix onbeforetoggle​="+a+b+c+" popover id=x>CYBERTIX</cybertix>") #bugbountytips by Cybertix

🚀🚀 How to find RXSS in 5 minutes 🚀🚀 🧾 Credit - Ahmad Marzouk 1) subfinder -d target.com -all -o targets.txt *use subfinder with API Keys to extract a lot subdomains* 2) paramspider -l targets.txt 3) cat *.txt | kxss 4) Use this Payload to Bypass case

1000$ IDOR : Unauthorized Project Inclusion in Expense medium.com/@a13h1/1000-id…

Want to quickly swap request methods in Burp Suite Pro? Here’s how! #BurpSuiteShorts

A major security vulnerability in the most recent version of WhatsApp for Windows lets hackers send attachments that contain PHP and Python scripts that execute quietly when the person who received them opens them. Read More - hackingblogs.com/indepth-guide-… #bugbounty #cybersecurity

Identifying and Testing IDOR on URI, Cookies, Special Headers, Body & HTTP Methods. By: Gudetama #bugbountytips #bugbounty

Want a comprehensive guide on how to exploit SQL injections? 🤑 Check out Advanced SQL Injection Techniques by N$! 😎 A Gitbook covering some of the most common and advanced SQL injections that may be present on your target! 👇 buff.ly/3AfzUUz

Have you checked out the new Proxy intercept view? 🚀

⚡ Content-Security Policy bypass with File Uploads 👨🏻‍💻 gronke ➟ Rocket.Chat 🟥 High 💰 None 🔗 hackerone.com/reports/1380157 #bugbounty #bugbountytips #cybersecurity #infosec

⚡ moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573) CWE-20 Impr... 👨🏻‍💻 orange ➟ Internet Bug Bounty 🟧 Medium 💰 $2,600 🔗 hackerone.com/reports/2585374 #bugbounty #bugbountytips #cybersecurity #infosec

⚡ Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for... 👨🏻‍💻 steveflex ➟ U.S. Dept Of Defense 🟥 High 💰 None 🔗 hackerone.com/reports/1100383 #bugbounty #bugbountytips #cybersecurity #infosec

⚡ Blind Stored XSS on the internal host - █████████████ 👨🏻‍💻 Eugene Yakovchuk ➟ U.S. Dept Of Defense 🟥 High 💰 None 🔗 hackerone.com/reports/923912 #bugbounty #bugbountytips #cybersecurity #infosec

⚡ Unauthenticated arbitrary file upload on the https://█████/ (█████████) 👨🏻‍💻 Eugene Yakovchuk ➟ U.S. Dept Of Defense 🟥 High 💰 None 🔗 hackerone.com/reports/698789 #bugbounty #bugbountytips #cybersecurity #infosec

We had a blast at DEF CON ! Met 2000+ visitors on our booth. Met many of our existing students and customers and met many new ones. We sponsored the Adversary Village and the RedTeamVillage. We also had the largest collection of mugs at DEF CON 32 :) After the conference, we

⚡ Local Privilege Escalation via DLL Search-Order Hijacking with Cyber Protection Agent - tibxread.... 👨🏻‍💻 mmg ➟ Acronis 🟧 Medium 💰 None 🔗 hackerone.com/reports/963103 #bugbounty #bugbountytips #cybersecurity #infosec