Vadivel
@v7441767
Web Developer, Security Researcher, Whitehat hacker ;-)
ID:1450543385463308288
19-10-2021 19:24:49
1,0K Tweets
118 Followers
409 Following
HTML injection by itself wonโt be get you crits, but when combined with knowledge of both browser and desktop application behaviour, it can lead to impact.
Here's a breakdown of an exploit Ben Sadeghipour used to get a 40k bounty.
1. Found a HTML injection in a desktop app.
always play with Post Request and stop using sqlmap ๐ค
Ghauri is really excellent in this field
Payload ; 0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z
Just scored a reward Intigriti, check my profile: app.intigriti.com/profile/mitsec #HackWithIntigriti #bugbounty #bugbounty tip
I have a one year PentesterLab voucher for one random person retweeting and replying to this tweet with #nahamcon2023 :)
Godfather Orwa ๐ฏ๐ด Ben Sadeghipour Hey!
If you are looking to clear OSCP this year then make sure to grab a copy of the OSCP Notion Template that I launched.
Practice, check items of list, pass OSCP!
Find your copy here: thebinarybot.gumroad.com/l/oscplist
MobSF - Mobile Security Framework ๐ฑ๐ created by Ajin Abraham
All-in-one mobile pentesting:
๐Static Analysis
๐ฏ Dynamic Analysis
๐ REST API
A thread ๐งต๐
iOS Penetration Testing Cheat Sheet
#MobileSecurity #iOSsecurity by Ivan ล incek
github.com/ivan-sincek/ioโฆ