appsec.fyi · Sources

infosecwriteups.com

140 curated AppSec resources from infosecwriteups.com across 23 topics on appsec.fyi.

infosecwriteups.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-08.

Date Added Resource Excerpt
2026-07-08 2026BadSuccessor — Exploiting delegated Managed Service Accounts in Windows Server 2025AuthZLibrary for exploiting delegated Managed Service Accounts (dMSAs) in Windows Server 2025, detailing the "BadSuccessor" vulnerability. This flaw arises from missing permission checks, allowing low-level users with `CreateChild` rights on an OU to create a dMSA and link it to a privileged account. The system then incorrectly grants the dMSA all of the predecessor's permissions during Kerberos ticket issuance, enabling privilege escalation to high-level administrative roles.
2026-07-08 2026Chaining a DOM XSS Sink, WAF Bypass, Cross-Origin Smuggling, and SDK Abuse into One Click Account…API SecAuthNXSSLibrary for chaining DOM XSS, WAF bypass via `window.name` cross-origin smuggling, and SDK abuse to achieve one-click account takeover. The technique exploits a `javascript:` URL sink, bypasses Akamai's WAF by inserting characters between keywords and parentheses, leverages `window.name` persistence across navigations, and abuses a first-party authentication SDK to retrieve signed JWTs and live AWS STS credentials.
2026-07-08 2026The HTTP 303 SSRF Hack : From Python HTTP Client Defaults to AWS Credential Exfiltration.SecretsSSRFWriteup detailing an HTTP 303 SSRF vulnerability that escalates to AWS credential exfiltration. This exploit chains a user-controlled `token_uri` field in BigQuery service account credentials, an HTTP client with default redirect handling, and the AWS Instance Metadata Service (IMDS). By configuring a server to respond with an HTTP 303 redirect, a POST request to IMDS is implicitly converted to a GET request, allowing the attacker to retrieve temporary IAM credentials for the Kubernetes worker node.
2026-07-08 2026JWTweak v2.1: A Guided, Offline Toolkit for Modern JWT AttacksJWTToolkit for offline JWT attack execution, JWTweak v2.1 guides users through identifying and exploiting vulnerabilities. Users paste JWTs to receive decoded and risk-scored tokens, suggested attack vectors, and step-by-step instructions for executing techniques such as algorithm confusion. This Python 3.8+ powered application requires pyjwt and cryptography libraries and operates entirely offline.
2026-07-07 2026PicoCTF Web Exploitation Easy Category Web Challenge [SSTL 1]SSTIWriteup detailing Server Side Template Injection (SSTI) techniques used to exploit a PicoCTF web challenge. The article explains how to identify template engines like Jinja2 by testing inputs such as `{{ 8*8 }}` and then leverages object traversal through `{{ config }}`, `{{ request }}`, and `{{ self }}` to access Python internals. It demonstrates how to use `__init__.__globals__.__builtins__.__import__('os').popen('ls').read()` and similar payloads to execute system commands and read files like `flag`, highlighting the importance of understanding template engine processing and object structures for deeper exploitation.
2026-07-07 2026How I Found a Data Deletion Bypass via Subdomain SynchronizationAuthZBug BountyWriteup detailing a business logic vulnerability bypass on interconnected subdomains. A Moderator role, lacking delete permissions on the primary account management subdomain, could initiate a full organizational group deletion by exploiting synchronization flaws in the secondary task scheduling subdomain. This allowed for a cascade deletion affecting both platforms, a privilege intended only for Admin or Owner roles. The discovery highlights how understanding application workflows and reading developer documentation can uncover critical security gaps.
2026-07-07 2026How I Found a Critical OAuth Misconfiguration That Led to Account TakeoverAuthNBug BountyWriteup detailing an account takeover vulnerability found via chaining multiple OAuth misconfigurations. The exploit leveraged open client registration, an authorization endpoint lacking authentication enforcement, and PKCE validation weaknesses that allowed token exchanges without client secrets. Additionally, wildcard CORS expanded attack vectors, while Google SSO auto-provisioning provided context for user authentication.
2026-07-07 2026RCE via Gemini Live AI Voice Session Misconfiguration.AIRCELibrary for exploiting RCE vulnerabilities in applications integrating Google's Gemini Live AI Voice sessions by injecting client-controlled setup frames. The vulnerability arises when ephemeral tokens, used for browser-facing WebSocket connections to endpoints like `BidiGenerateContentConstrained`, are issued without proper `live_connect_constraints`. This misconfiguration allows attackers to control session parameters, including the model, system instruction, and critically, the `tools` field, enabling the injection of code execution capabilities. The writeup details how the official Gemini Live API example repository promotes this insecure pattern by omitting the `bidi_generate_content_setup` from token creation.
2026-07-07 2026The File That Answered Back — XXE Hidden in Cell A2XXEWriteup detailing an XML External Entity (XXE) vulnerability discovered in an Excel file upload endpoint. The exploit bypasses Imperva WAF rules by hiding the `DOCTYPE` declaration within the XML structure of an `.xlsx` file, which is essentially a ZIP archive containing XML documents. The writeup explains how to manually construct a valid XLSX file with a malicious XML parser instruction to read server-side files, ultimately returning sensitive data within the application's JSON response.
2026-07-07 2026Mass Assignment and the Identity Drift: From Profile Edit to Insurance TakeoverAuthZBug BountyWriteup detailing Mass Assignment vulnerabilities that enable "identity drift" by allowing attackers to alter sensitive profile fields like legal name, date of birth, and government ID number without invalidating the verified status. This can lead to downstream impacts, such as falsely linking third-party insurance records by manipulating matching attributes like date of birth, effectively granting unauthorized financial access.
2026-07-07 2026Mastering curl Commands Bug Bounty Hunter's GuideBug BountyReconGuide to mastering curl commands for bug bounty hunting, focusing on advanced techniques beyond basic POST requests. It covers real-world workflows like fuzzing, WAF bypasses, pipeline automation, and creative exploitation. Specific examples include subdomain discovery using Certificate Transparency logs with `curl` and `jq`, and header fingerprinting to gather intelligence on target applications.
2026-07-06 2026The Internet’s Dirty Little Secret: Anyone Can Investigate Anyone — and Here Are 20 Free Tools to…OSINTTools for OSINT investigations, offering 20 free online resources that allow individuals to legally gather information on anyone. These platforms enable users to conduct digital investigations comparable to those used by professionals and intelligence agencies, focusing on publicly available data.
2026-07-06 2026AdversaryGraph v5.0: From CTI Mapping to Attack Simulation and SIEM ValidationReconLibrary for CTI-to-detection workflow automation, AdversaryGraph v5.0 enhances attack simulation and SIEM validation. It integrates threat intelligence analysis, MITRE ATT&CK mapping, IOC enrichment, malware analysis, attack-surface mapping, and AI-assisted reporting. New in v5.0, the Attack Simulation module allows analysts to run controlled lab scenarios based on TTPs, inspect target telemetry, forward logs to a SIEM collector, and utilize an AI assistant for multi-phase attack chain drills, directly linking observed behaviors to detection engineering.
2026-07-06 2026I Found an Unauthenticated Attachment Disclosure Bug in a WordPress Support Plugin — and a…AuthZWriteup detailing an unauthenticated attachment disclosure vulnerability in a WordPress support plugin. The research, conducted in an isolated Docker environment, reveals that a specific REST API endpoint lacks proper authorization checks, allowing anonymous users to access sensitive customer attachments like invoices and personal records. The author validates the vulnerability through proof-of-concept requests and MD5 hash comparisons, highlighting the potential for widespread data exfiltration.
2026-07-06 2026TryHackMe — Bounty Hacker: The FTP Server Was Talking. I Just Listened.Bug BountyReconWriteup detailing a TryHackMe room, "Bounty Hacker: The FTP Server Was Talking. I Just Listened." This walkthrough focuses on practical exploitation, starting with anonymous FTP access on port 21 to obtain a username (`lin`) and a password list (`locks.txt`). It then proceeds to use Hydra for an SSH brute-force attack against port 22, successfully gaining a user shell. Privilege escalation is achieved by leveraging `tar`'s `checkpoint-action` capability, as documented on GTFOBins, to execute commands as root and retrieve the final flag.
2026-07-06 2026Protocols and Servers 2 TryHackMe WriteupAuthNLibrary detailing foundational attacks against network protocols, including sniffing with tools like tcpdump and Wireshark, Man-in-the-Middle (MITM) attacks using Bettercap and Responder, and password attacks. The resource emphasizes that cleartext protocols like POP3, FTP, and HTTP are insecure by design, highlighting vulnerabilities where credentials can be exposed over internal networks, legacy systems, and wireless connections. It also covers mitigations such as TLS encryption, network segmentation, and zero-trust principles.
2026-07-06 2026Mr Robot CTF Walkthrough -TryHackMe DetailedAuthZBug BountyReconLibrary detailing a CTF walkthrough, starting with web enumeration via robots.txt to find `key-1-of-3.txt` and `fsocity.dic`. It then covers Nmap scans, Gobuster directory brute-forcing to discover WordPress, and exploiting a Base64-encoded string in the `/license` page's source for WordPress credentials. The entry explains obtaining a reverse shell through the WordPress Theme Editor, cracking an MD5 hash for the `robot` user, and performing privilege escalation by abusing the SUID bit on the `/usr/local/bin/nmap` binary to gain root access.
2026-07-06 2026TryHackMe CTF Writeup of Hidden Deep Into my HeartBug BountyReconWriteup detailing a TryHackMe CTF challenge involving web enumeration. The process begins with analyzing `robots.txt` and `sitemap.xml`, leading to the discovery of a hidden directory. The tool `gobuster` is then employed for further directory enumeration, uncovering an administrator login page. Exploitation involves identifying a password clue within the `robots.txt` comments and successfully logging in to retrieve the flag.
2026-07-04 2026Certified AD Red Team Specialist (AD-RTS): Full Exam Write-UpAuthNAuthZWriteup detailing a full methodology for the Certified AD Red Team Specialist (AD-RTS) exam, covering two distinct adversary paths. Path 1 begins with zero credentials and involves DNS zone transfers for enumeration, ASREPRoasting via GetNPUsers to gain SQL Server access, privilege escalation with GodPotato to SYSTEM, and credential harvesting using MiniDump. This leads to abusing AD Certificate Services (ADCS) via ESC1, leveraging certipy-ad, to request a certificate impersonating Domain Admin. Path 2 focuses on escalating from a low-privilege foothold on a public-facing web server.
2026-07-04 2026TryHackMe: Checkpoint WalkthroughAISupply ChainWalkthrough of a TryHackMe CISO challenge assessing four code review model candidates for production readiness. It details the evaluation telemetry for Candidates B (code_reviewer_lite.safetensors), C (pr_analyzer_v3.h5) with its detected LAMBDA LAYER and suspicious code execution, and D (api.reviewsvc.io) with its unverified endpoint and absent compliance certificate. The assessment involves examining Candidate A's file access to /etc/passwd and its disabled security_review_flag, identifying the CommunityReview policy template, and discovering the supply chain flag THM{supp1y_ch41n_0wn3d}.
2026-07-04 2026TryHackMe — Pickle Rick: Rick Left the Door Open. I Just Walked In.DeserWriteup of the TryHackMe "Pickle Rick" room, detailing how credentials and privilege escalation were found in plain sight. The room features a username leaked in HTML comments, a password in robots.txt, and a direct web shell granting unrestricted sudo access for the www-data user, allowing immediate root access.
2026-07-04 2026TryHackMe — Simple CTF: The Note That Gave Everything AwayBug BountyReconWriteup of TryHackMe's "Simple CTF" room, detailing a straightforward penetration test. It highlights how reconnaissance on an anonymous FTP server, revealing a weak password, coupled with identifying a CMS Made Simple 2.2.8 installation vulnerable to CVE-2019–9053, leads to an initial foothold. Privilege escalation is achieved by exploiting sudo permissions for `/usr/bin/vim`, enabling a shell escape to gain root access.
2026-07-04 2026I found North Korean (DPRK) malware hiding in my tailwind.config.jsSupply ChainLibrary for detecting North Korean (DPRK) malware injected into Node.js projects, specifically found in `tailwind.config.js` files. This malware uses obfuscated code and attempts to exfiltrate data to `api.trongrid.io`. The library highlights the risks of compromised build tools and starter templates, emphasizing the need for thorough inspection of project configuration files.
2026-07-04 2026Post-Compromise Attacks in AD: Credential Validation with CrackMapExecAuthNAuthZWriteup detailing post-compromise Active Directory attacks, focusing on credential validation using CrackMapExec. The article demonstrates using a compromised domain user credential, obtained via LLMNR poisoning, to authenticate against other machines on the network. It covers using CrackMapExec to check credentials, dump local SAM hashes, and leverage the Impacket suite (secretsdump, psexec.py) for further access, along with a brief mention of hash cracking with Hashcat.
2026-07-04 2026Demonstrating LLMNR Poisoning in Active DirectoryAuthNWriteup demonstrating LLMNR poisoning in an Active Directory lab, leveraging the Link Local Multicast Name Resolution protocol's fallback for DNS failures. An attacker can intercept authentication requests for mistyped or non-existent hostnames, capturing NTLM password hashes. The article details using Responder for poisoning and Hashcat with mode 5600 to crack NTLMv2 hashes from a Windows 2016 Server and Windows 10 Enterprise environment.
2026-07-04 2026Host & Network Penetration Testing: Exploitation CTF 2 — eJPT (INE)AuthNAuthZWalkthrough of eJPT Exploitation CTF 2, chaining SMB brute-forcing for user tom's weak password to obtain leaked hashes, then performing a Pass-the-Hash attack against user nancy. These credentials lead to FTP access for user david, revealing flag3.txt and enabling an ASPX webshell upload to retrieve flag4.txt.
2026-07-04 2026Exploiting Resource-Based Constrained Delegation (RBCD)AuthZWriteup on exploiting Resource-Based Constrained Delegation (RBCD) to achieve full Computer Account takeover. The article details how RBCD, introduced in Windows Server 2012, flips the trust direction from outgoing to incoming, allowing any account with write permissions on a computer object to modify its `msDS-AllowedToActOnBehalfOfOtherIdentity` attribute. This vulnerability can be exploited by creating a new computer account (Service A) with an SPN, obtaining a non-forwardable Kerberos ticket via S4U2Self, and then using RBCD to impersonate users to a target resource (Service B) via S4U2Proxy.
2026-07-04 2026TryHackMe: Payload WalkthroughRCEReconWriteup of an AI supply chain compromise on TryHackMe, detailing an investigation into a malicious model that remained undetected for 21 days. The analysis reveals the model's ability to execute shell commands via `system()` and exfiltrate data using POST requests. The writeup highlights the importance of inspecting candidate replacement models, specifically identifying a suspicious `manipulate_output` layer, and emphasizes securing AI model supply chains by verifying provenance and monitoring runtime behavior, referencing the organization `trustworthy-ai-lab` and the shell command `hostname`.
2026-07-02 2026Beyond Canarytokens: Building a DIY Document Tripwire with Passive OS FingerprintingOSINTLibrary for building a DIY document tripwire using a Python HTTP listener and passive OS fingerprinting with p0f. This approach enhances CTI, pentest, and red team analysis by enriching standard Canarytoken alerts with detailed callback metadata and inferred operating system characteristics, offering deeper insights into system interactions.
2026-07-02 2026LLMborghini: TryHackMe AI Security ChallengeAIWalkthrough of the LLMborghini TryHackMe AI Security Challenge, detailing practical steps for prompt injection and jailbreaking against an LLM-powered calendar assistant. The challenge focuses on extracting sensitive internal data, such as the Singapore branch's weekly revenue report, by circumventing the AI's security instructions and gaining unauthorized access to confidential information.
2026-07-02 2026Auth Bypass is it?API SecAuthNAuthZWriteup details a bypass of an MSPACE-style auto-login feature where the backend accepted a fake inner MSPACE token within an encrypted JSON request body, despite a valid outer API bearer token being present. This vulnerability was discovered by observing client-side encrypted API flows and testing how the application handled decrypted data originating from the browser.
2026-07-02 2026ChatGPT: Guardrail Bypass to LFI Vulnerability POCAIWriteup detailing a ChatGPT guardrail bypass leading to a Local File Inclusion (LFI) vulnerability, referencing LLM02:2025 Sensitive Information Disclosure. The exploit involves uploading a file, tricking the LLM into providing a download link via a specific prompt sequence, and then manipulating the download URL's `sandbox_path` parameter. By appending a path traversal payload like `../../../../etc/passwd` to a legitimate file path, the attacker can bypass validation and retrieve sensitive system files, demonstrating a primitive useful in larger exploit chains.
2026-07-02 2026Is the Android Lock Screen an Illusion? A Critical Logical Bypass Discovered in the Gemini AppAIMobileWriteup detailing a critical logical bypass of the Android lock screen within the Gemini app, achieved through a multi-touch interaction exploiting context hijacking. This vulnerability, discovered organically by the author, allowed unauthorized access to sensitive data like chat histories, NotebookLM notebooks, and Gmail drafts by circumventing the system Keyguard. The bypass leveraged inadequate validation of concurrent UI interactions, specifically by maintaining a press on a permitted area while tapping a restricted element, creating a race condition that neutralized security controls. The vulnerability was responsibly disclosed and subsequently patched by Google.
2026-07-02 2026Why Being in the Docker Group Is a Backdoor to Your Whole SystemAuthZRCELibrary explaining how membership in the `docker` group on Linux grants users root privileges on the host system without explicit `sudo` access. It details how this is an intended consequence of Docker's design, not a vulnerability, and provides a proof of concept demonstrating this capability. Administrators are advised on mitigation strategies to prevent this elevated access.
2026-07-02 2026Hack Smarter — City Council (Active Directory)AuthNAuthZWriteup detailing the compromise of a City Council Active Directory environment, starting with only an IP address. The process involved initial port scanning with rustscan, web enumeration with gobuster, and reverse engineering an application executable with strings to uncover a service account. The service account's password was then extracted by intercepting application traffic with Wireshark. Finally, BloodHound was used to map the Active Directory structure via credentials obtained for the svc_services_portal account.
2026-07-02 2026How I Found an Email Verification Bypass on an AI Freelance PlatformAPI SecAuthNWriteup detailing an email verification bypass on an AI freelance platform, discovered by observing network traffic in Chrome DevTools during account registration. The vulnerability stemmed from the platform reusing the same JWT in both the registration response and the email verification link, rendering the email itself unnecessary for account verification. This flaw breaks the trust model of email verification, allowing users to bypass ownership confirmation and potentially impacting features reliant on verified email addresses.
2026-07-01 2026Beating LinkedIn’s Mini Sudoku in 3 Seconds: A Parameter Tampering Case StudyBug BountyWriteup detailing a parameter tampering vulnerability in LinkedIn's Mini Sudoku. The vulnerability allows attackers using tools like Burp Suite to submit an artificially low `timeElapsed` value, as low as 3 seconds, directly to the GraphQL API. This bypasses server-side validation, enabling manipulation of game completion times, leaderboards, and associated badges, though it does not affect account security. The root cause is the application's reliance on client-supplied time data rather than server-side tracking.
2026-07-01 2026Hacking With GoogleOSINTReconWriteup on using Google Search for reconnaissance and dorking, detailing techniques to uncover vulnerabilities via specific service versions, identify exposed cloud assets like S3 buckets, and enumerate subdomains. It explains advanced search operators such as quotes, wildcards, `site:`, `-`, `filetype:`, `inurl:`, `intitle:`, and `intext:`, referencing the Google Hacking Database and emphasizing ethical usage within authorized penetration tests and bug bounty programs.
2026-06-25 2026TryHackMe — Mr. Robot CTF | Full Write-UpAuthZBug BountyPlatform: TryHackMe Room: Mr. Robot CTF Difficulty: Medium Author: Shikhali Jamalzade ( @alisalive ) Date: May 2026 Tags: #CTF #TryHackMe #WordPress #PrivilegeEscalation #PenTest #MrRobot “Give a man ...
2026-06-25 2026I Wasted 3 Days Intercepting a Flutter App. Here’s What Actually Works.BurpMobileThe author spent three days attempting to intercept traffic from a Flutter app for security assessment using various tools and techniques like Burp Suite, Objection, ReFlutter, custom CA installation, VPN interception, and Frida scripts. Despite these efforts, all methods resulted in the app displaying a "no internet" error, rather than typical SSL or certificate warnings. The author found that none of the common approaches were successful in capturing the app's traffic.
2026-06-20 2026VulnHub — sunset: dawn | Full WalkthroughBug BountyThis VulnHub machine, "sunset: dawn" by @whitecr0wz, is a beginner-to-intermediate Debian GNU/Linux 10 machine. The walkthrough details an attack path starting with SMB enumeration. This leads to discovering a writable share, which is directly mapped to a directory used by a root-owned cron job. This vulnerability allows for uploading a reverse shell. No bug bounty payout amount is mentioned.
2026-06-20 2026Web-RTA Exam Writeup — Passed | CyberWarFare LabsBug BountyThe Web-RTA (Web Red Team Analyst) certification from CyberWarFare Labs is a practical, black-box exam focusing on web application penetration testing. It features two live web applications and requires capturing 16 flags, testing real-world vulnerabilities. The exam is designed for beginner to intermediate skill levels and does not include theoretical or multiple-choice questions. No bug bounty payout amount is mentioned in this content.
2026-06-20 2026CRTA Exam Writeup — Passed | CyberWarFare LabsBug BountyThe CRTA (Certified Red Team Analyst) exam from CyberWarFare Labs is a practical, black-box assessment focused on hands-on red teaming. The certification requires users to compromise machines within a live lab environment and collect flags, with no theoretical questions. Success is determined solely by achieving root access and flag retrieval.
2026-06-20 2026Phone Numbers and Emails to Hidden Subdomains: The OSINT Acquisition Pipeline That Uncovered a…OSINTPhone Numbers and Emails to Hidden Subdomains: The OSINT Acquisition Pipeline That Uncovered a Critical Bug A deep technical blog on using phone numbers and email addresses to discover hidden domains,...
2026-06-20 2026“Bug Bounty Bootcamp #48: OAuth + XSS ”AuthNBug BountyXSSThis "Bug Bounty Bootcamp #48" article, titled "OAuth + XSS," explores a potent combination of vulnerabilities: OAuth and Cross-Site Scripting (XSS). The content suggests that by leveraging these two, attackers can achieve account takeovers, effectively describing it as an "ultimate account takeover one-two punch." The article is part of a series and can be found on InfoSec Write-ups. No specific bounty payout amount is mentioned.
2026-06-20 2026BITSCTF 2026 Writeups | OSINT And Steganography / Forensics ChallengesOSINTThis summary details solutions for OSINT and Steganography challenges from BITSCTF 2026. Tools like zsteg, cyberchef, reverse image search, strings, and exiftool were employed. One OSINT challenge involved identifying a "major event" in Copenhagen in early 2024, described by unusual geometric structures near a river. The event's difficulty was rated 6.5/10. No bug bounty payout amount was mentioned.
2026-06-20 2026Breaking Down Two Simple Vulnerabilities That Exposed A School’s Admission RecordsBug BountyIDORSecurity researchers discovered data-exposure vulnerabilities on a school's website, revealing sensitive admission records containing PII like names, emails, and addresses. The `/print-form.php?app_number=` endpoint was vulnerable to Insecure Direct Object Reference (IDOR), allowing access to records by manipulating application numbers.
2026-06-19 2026I Pentested a Real CRM System and Found 4 Critical Vulnerabilities — Here’s the Full Attack ChainBug BountyThe author, Shikhali Jamalzade, conducted a pentest on a real CRM system with explicit authorization. They discovered and successfully chained four critical vulnerabilities, demonstrating a complete attack path. Sensitive details were redacted to protect the organization. No specific bounty payout amount is mentioned in this excerpt.
2026-06-19 2026VulnHub — Shenron: 1 | Full WalkthroughBug BountyThis VulnHub machine, "Shenron: 1" by Shubham Mandloi, is an easy to medium difficulty Ubuntu 20.04.1 LTS target. The walkthrough details a penetration test starting with credentials found in an HTML comment. This leads to a Remote Code Execution vulnerability via a malicious extension upload within a misconfigured Joomla CMS. The ultimate goal is achieving full root access on the system.
2026-06-19 2026TryHackMe — Blog CTF | Full Write-UpRCEThis TryHackMe room, "Blog," is a medium-difficulty CTF focused on a WordPress blog run by "Billy Joel." The challenge features CVE-2019–8942, a WordPress image crop Remote Code Execution vulnerability, alongside a custom binary for privilege escalation. The write-up details the steps to exploit these vulnerabilities to gain access and complete the room. No bounty payout amount is mentioned.
2026-06-19 2026“Bug Bounty Bootcamp #46: Not Allowed From Your IP?”AuthNThis article from InfoSec Write-ups, "Bug Bounty Bootcamp #46: Not Allowed From Your IP?", details advanced techniques for bypassing authentication barriers in bug bounty hunting. The methods discussed include IP spoofing, brute-force attacks, and mass assignment, all aimed at gaining unauthorized access. The focus is on exploiting authentication vulnerabilities to overcome access restrictions. No specific bug bounty payout amount is mentioned in the provided text.
2026-06-19 2026Building a Hackbot for Bug Bounties — Auth Testing Subagent SetupBug BountyIf you have been keeping up with the current state of Bug Bounties on X, you probably heard that some hunters are making small fortunes using their own custom-made hackbots to aid them in Bug Bounty H...
2026-06-19 2026I almost ordered a product for free. (Business Logic Vulnerability)AuthZSecurity engineer Sumeet Mahadik discovered a business logic vulnerability that nearly allowed him to order a product for free. While the exact method isn't detailed, the vulnerability presented an opportunity for significant savings. The content is the beginning of a blog post where Mahadik intends to explain his findings. No bounty payout amount is mentioned.
2026-06-19 2026BEARCAT CTF 2026 WRITEUPSOSINTFlag Format: BCCTF{} #1.RIVER RAIDER (OSINT) For this challenge, we were given a picture of a rogue pirate ship sailing through a river, and we needed to find the name of the bridge right behind it. I...
2026-06-19 2026Build an IDOR Vulnerability Lab: Why WHERE Clauses Don’t Protect Your API.API SecIDORLast time we covered SQL injection . I promised IDOR was next. Today you are going to see why a WHERE clause alone will not save you. When you learn about backend APIs feeding your frontend, you are r...
2026-06-19 2026“Bug Bounty Bootcamp #47: Account Takeover 101 — How to Steal Everyone’s Account (Legally)”AuthZIDORThis article, "Bug Bounty Bootcamp #47: Account Takeover 101," explains that hackers don't need advanced skills to achieve account takeovers. Common vulnerabilities like Insecure Direct Object References (IDOR), insecure invite links, or misconfigured "role" fields can be exploited. The piece encourages readers to learn these techniques legally through bug bounty programs. No specific payout amount is mentioned.
2026-06-17 2026TryHackMe — Break Out The Cage | Full Write-UpBug BountyReconThis TryHackMe room, "Break Out The Cage," is an easy-level challenge designed by Shikhali Jamalzade. The room features a Nicolas Cage theme and incorporates several real-world attack techniques. These include anonymous FTP access, multi-layer cryptography, SSH lateral movement, and cron-based command injection. No bug bounty payout amount is mentioned in the provided content.
2026-06-17 2026TryHackMe — Checkmate | Full WalkthroughAuthZBug BountyOSINTThe TryHackMe "Checkmate" room, an easy-difficulty lab by Shikhali Jamalzade, focuses on password attacks, OSINT, and privilege escalation within a simulated internal network compromise. It challenges users to exploit weak password practices of an IT Operations employee, Marco Bianchi, to gain access to various internal systems, including a firewall and SSH. The walkthrough guides participants through these steps.
2026-06-17 2026Bug Bounty Bootcamp #45: Token?API SecAuthNIn Bug Bounty Bootcamp #45, a critical vulnerability is highlighted: a password reset function that inadvertently leaks the magic token in its API response. This discovery poses a significant security risk, potentially allowing unauthorized access. The article suggests that developers may have even left an endpoint that directly provides this sensitive token, exacerbating the vulnerability. Further details on this insecure implementation and its implications can be found on InfoSec Write-ups. No specific bounty payout amount was stated.
2026-06-17 2026The Crime Blue Team Lab (CyberDefenders)OSINTThis CyberDefenders Blue Team challenge, "The Crime," involves analyzing a victim's phone, seized as evidence in a murder investigation. The objective is to reconstruct the events leading up to the incident by meticulously examining gathered information. Key tools for this analysis include ALEAPP and sqlitebrowser. The content does not mention any bug bounty payout amounts.
2026-06-17 2026CAT Reloaded CTF — CATF 2025 — DFIR ChallengesOSINTThe author successfully solved 4 out of 5 Digital Forensics and Incident Response (DFIR) challenges at the CAT Reloaded CTF — CATF 2025. A writeup detailing their solutions is available on their GitBook account. The first challenge, "Index of Secrets," required retrieving a Windows search database file located at "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb." The writeup focuses on the technical steps involved in solving these DFIR puzzles. No bug bounty payout amount was mentioned.
2026-06-17 2026Mastery Hunt: Hidden API Endpoints — A Deep Dive into API Bug Bounty Recon & ExploitationAPI SecBug BountyReconThis article focuses on API security testing as a crucial aspect of bug bounty hunting, highlighting APIs as a prime target for discovering sensitive data and business logic flaws. It details the process of finding, analyzing, and exploiting hidden API endpoints for bug bounty and penetration testing. The initial phase covered is "Surface Reconnaissance," which involves passive methods for identifying the API attack surface. The content emphasizes the significant value and potential found within API vulnerabilities.
2026-06-17 2026The Intelligent Shield. OpenCTIAI"The Intelligent Shield" proposes an AI-driven enrichment approach for OpenCTI, moving beyond manual threat intelligence. It addresses data fragmentation and lack of context in cyber attacks by utilizing automated machine learning pipelines. This system aims to transform raw threat data into high-confidence intelligence, enabling security teams to effectively manage the overwhelming volume of information and respond to sophisticated threats.
2026-06-16 2026Silent Breach Lab Writeup (CyberDefenders)TalksThis writeup details a blue team challenge from CyberDefenders involving a silent breach at the IMF. The scenario centers on recovering compromised, unreadable data by creating a forensic image of a server. The challenge involves analyzing Windows Mail artifacts, specifically Microsoft HxStore.hxd. The participant is tasked with uncovering crucial information through forensic analysis and decoding. No specific bug bounty payout amount is mentioned in the provided content.
2026-06-16 2026Connectors CTF 2025 — DFIR ChallengesTalksThis is a write-up detailing the solution of three Digital Forensics and Incident Response (DFIR) challenges from CONCTF 2025. The author successfully solved all three independently. One challenge involved a malicious document file, "Invoice_Q1–2021.doc," which was treated like a zip archive to extract its contents and reveal the malicious elements. No specific payout amounts were mentioned.
2026-06-16 2026My Instructor Said “You Can’t Get a Shell.” I Got Root. — Full Web Pentest Exam Write-UpBug BountyRCEThis write-up details a successful penetration test of the VanguardCorp Hotel Management System, a CTF/exam environment. Despite an instructor's assertion that a shell was impossible, the author achieved root access. The assessment was conducted under MilliSec LLC supervision in an isolated lab network on May 24, 2026, involving no real user data.
2026-06-13 2026I Simulated an SSH Brute-Force Attack on My Ubuntu Server — Here’s How Fail2Ban Stopped ItAuthNThe author details setting up an attack lab to simulate SSH brute-force attempts against their Ubuntu server. The primary focus is on observing how Fail2Ban functions to detect and automatically block repeated failed login sequences. The article aims to provide a practical understanding of Fail2Ban's effectiveness in protecting against such attacks. No bug bounty payout amount is mentioned.
2026-06-13 2026Beyond the Patch: Understanding the SonicWall SSL-VPN MFA Bypass ExposureAuthNA SonicWall SSL-VPN vulnerability, CVE-2024–12802, allows attackers to bypass Multi-Factor Authentication (MFA). The flaw lies in how SSL-VPN handles UPN and SAM account formats separately. Attackers can exploit alternative login formats to circumvent MFA, even when it seems active. This issue affects SonicWall Gen6 SSL-VPN devices and has been linked to ransomware attacks. The content does not state a specific bug bounty payout amount.
2026-06-13 2026Header Manipulation: Bypasses, Probing, and the Security Audit Nobody DoesAPI SecAuthZRequest headers are not mere metadata but critical inputs that can be manipulated. Attackers exploit this to bypass access controls, probe for misconfigurations, spoof identities, and test security. This article delves into header manipulation techniques frequently encountered in penetration testing platforms, emphasizing their role in security assessments.
2026-06-13 2026Six levels, one lesson: LLMs cannot keep a secretAIXSSGitHub's Secure Code Game Season 3, a six-level challenge, demonstrates that Large Language Models (LLMs) cannot keep secrets. The game involves prompt injection attacks against vulnerable AI assistants designed to hide information. Players craft attacks to extract these secrets, highlighting that system prompts are not a security measure. The content focuses on hands-on learning of AI security principles through this open-source, browser-based game. No bounty payout amounts are mentioned.
2026-06-13 2026DVWA Cheat Sheet (Low & Medium)Bug BountyBurpSQLiThis cheat sheet focuses on brute-forcing the Damn Vulnerable Web Application (DVWA) at low and medium security levels. The method involves capturing a GET request using Burp Suite after obtaining an error message from an initial username/password test. This request is then sent to Burp Intruder. By clearing existing parameters and selecting the password field, users can configure it for brute-force attacks, preparing to input payloads for password cracking.
2026-06-13 2026IEEE Victoris 4.0 — CTF 2025 — Quals DFIR ChallengesBug BountyOSINTThis writeup details the author's first-blood achievement in two DFIR challenges from IEEE Victoris 4.0 — CTF 2025 Quals. The first challenge, "the Frontdoor," involved analyzing a Linux disk image. By examining `.zsh_history` and `.bash_history`, the author discovered file navigation and Git activity within a `/home/Documents/MyProject` directory, providing initial clues for the investigation.
2026-06-12 2026Building Another Vulnerable Lab — SSRF.SSRFThis blog post is a follow-up to a previous one, detailing how to build a Server-Side Request Forgery (SSRF) lab. The author will guide readers through setting up this vulnerable environment, which will be added to their GitHub repository. The post begins by defining SSRF as a vulnerability where an attacker can cause a server to make unintended requests.
2026-06-12 2026Android App Penetration Testing: From APK Decompilation to Runtime Exploitation [Tools and Labs]MobileThis article introduces the fundamentals of Android penetration testing, covering essential tools and their usage. It emphasizes the necessity of an Android virtual device or a physical device for practical application. The author, while not an expert, aims to provide a useful guide for beginners. The content highlights Android Studio as the official Integrated Development Environment (IDE) for this process. No bug bounty payout amounts are mentioned.
2026-06-12 2026Hacking Into A Server Through FTPRCEThis article explores the continued vulnerability of servers still using FTP (File Transfer Protocol). It highlights how this outdated protocol can be a gateway for attackers to gain unauthorized access to sensitive data and systems. The piece likely details the methods used in such attacks and emphasizes the importance of migrating to more secure alternatives to prevent potential breaches.
2026-06-12 2026Hacking a Fortune 500 Finance Company via Envoy Proxy MisconfigurationIDORA security researcher discovered a vulnerability at a Fortune 500 finance company by exploring their websites. While most domains required SSO credentials, a sister website accessible via Google Dorking allowed verified authors to publish articles. This avenue was initially used to understand the company's systems. The content doesn't mention a specific bug bounty payout amount.
2026-06-12 2026Analyzing CVE-2026-32743: PX4 MAVLink Buffer Overflow DoSSupply ChainThe analysis of CVE-2026-32743 highlights a critical vulnerability in PX4's MAVLink implementation, specifically a buffer overflow leading to a Denial of Service (DoS) attack. This is particularly concerning given the increasing use of autonomous drones in civilian sectors, which are now also potential targets in modern conflicts. The widespread deployment of commercial drones exposes a vulnerability in the global supply chain, where platforms used for agriculture and industry could be compromised. The summary does not mention a specific bug bounty payout amount.
2026-06-12 2026Making A SQLi Lab Is Not Difficult, Build One With Me.SQLiThis content is the second part of a series on building a SQL injection (SQLi) lab. The author highlights SQLi's intrusiveness, noting that it doesn't require privilege escalation and, in this lab's case, can be exploited without tools like Burp. The author also shares an inside joke about pronouncing "SQL" as "skweel." No specific bug bounty payout amount is mentioned in this excerpt.
2026-06-12 2026How I Built a Burp Extension Efficiently with ClaudeAIBurpClaude significantly streamlined Burp extension development for security researchers. The author used Claude to create an extension that flags non-standard HTTP headers, aiding in the discovery of injection vulnerabilities. By prompting Claude, the author generated an idea and a prototype, demonstrating how AI can overcome the coding hurdles previously associated with extension building. The extension leverages the IANA registry of common HTTP headers as a filtering mechanism.
2026-06-12 2026Chaining Stored XSS and CSRF in Typemill CMS: A Deep Dive into Attribute InjectionCSRFXSSA security assessment of Typemill CMS uncovered a critical vulnerability chain combining Stored XSS and CSRF (CVE-2026–53468). An attacker can bypass frontend validation to inject malicious scripts into page metadata. This allows for the theft of admin sessions by exploiting attribute injection. This vulnerability impacts Typemill, a popular flat-file CMS built on PHP and the Slim framework, and poses a significant risk to its users.
2026-06-12 2026AI Security: explanation to Exploitation || Part 1AIThis article introduces AI security, focusing on "jailbreaking" large language models (LLMs) and AI-powered tools. With the widespread adoption of AI in organizations like Meta and Google for task automation, understanding and exploiting vulnerabilities in these systems is becoming crucial. The author plans to delve into the methods and extent of jailbreak exploitation.
2026-06-10 2026SQL Injection in Password Reset: Full Database, One EmailAuthNSQLiA critical SQL injection vulnerability in a password reset function granted a researcher full read access to an entire database, including user records and password hashes. The vulnerability was discovered through a `ukey` parameter in a password reset email. Despite being reported in early 2025, the issue remained live at the time of the report. The researcher was able to extract all data from every table. No specific bounty payout amount was mentioned.
2026-06-10 2026How GraphQL Mutation Aliasing Led to a $12,500 DoS Bug in HackerOne’s Account Recovery FlowBug BountyGraphQLA researcher discovered a Denial of Service (DoS) bug in HackerOne's account recovery process due to a feature in GraphQL called mutation aliasing. This behavior allowed an attacker to trigger multiple, recursive mutations, overwhelming the system and preventing legitimate users from recovering their accounts. HackerOne acknowledged the vulnerability and awarded the researcher $12,500 for their findings.
2026-06-10 2026I Found the Entire Admin UI of a Live PlatformJust By Tweaking Traffic in Burp SuiteAuthZBurpDuring an internship, Hamza Hashim (refang) discovered a significant security vulnerability on the REDACTED.org internship program portal. By manipulating traffic using Burp Suite, he gained access to the entire administrative user interface of the live platform. This article details one of the findings from his broader bug report submitted to the organization.
2026-06-10 2026Zero-Click IP Leak in a Privacy Search Engine: Indirect Prompt Injection & Silent PatchingAIA security researcher discovered a zero-click IP leak vulnerability in Kagi Search, a privacy-focused search engine. The vulnerability exploited an indirect prompt injection technique using a Markdown trick to deanonymize users. This allowed the attacker to force a victim's browser to reveal their IP address, undermining Kagi's core privacy promise. Kagi Search has since quietly patched the vulnerability, indicating a "Not Applicable" status for the report, which the researcher interprets as a silent fix. No specific bug bounty payout amount was mentioned in the provided content.
2026-06-08 2026JavaScript Prototype Pollution Deep Dive : — Reconnaissance, Exploitation & Bug Bounty GuidelineRCEXSSThis article provides a deep dive into JavaScript Prototype Pollution vulnerabilities, explaining the underlying prototype chain and its attack vectors. It covers reconnaissance methodologies, exploitation techniques ranging from XSS to Remote Code Execution (RCE), and real-world bug bounty case studies. The guide also delves into advanced exploit chains, tooling, automation, and defense strategies, offering a production-ready Python scanner. The content focuses on understanding and mitigating this complex JavaScript vulnerability.
2026-06-08 2026OSCP Windows Enumeration Checklist: My Complete Privilege Escalation Workflow for Every BoxAuthZThis article details a comprehensive Windows enumeration workflow for the OSCP certification, focusing on privilege escalation. The author shares their exact process, highlighting key techniques like analyzing WinPEAS output, hunting for credentials, leveraging token abuse, and examining services. The goal is to provide a structured approach for tackling Windows-based machines encountered during the exam, ensuring thoroughness in identifying vulnerabilities and escalating privileges effectively.
2026-06-08 2026SPIP RCE + Docker SUID Escape | THM PublisherRCEThis TryHackMe Publisher challenge focuses on exploiting a vulnerable SPIP CMS. The initial steps involve Nmap reconnaissance to identify open ports and services, revealing SPIP CMS running on the target. Subsequent web enumeration using FFUF helps uncover hidden paths within the SPIP-based Community Magazine. The content does not mention a bug bounty payout amount.
2026-06-08 2026Update: The Ending of My $500 Loss and Web Cache Poisoning Story.SSRFThe author recounts a personal experience where a $500 loss prompted them to revisit a previously discovered Web Cache Poisoning vulnerability. The initial discovery was documented but later forgotten. This unexpected financial setback led the author back to investigate the bug further, with the aim of resolving outstanding questions and understanding the implications of the vulnerability, ultimately turning a loss into a learning opportunity.
2026-06-08 2026The Most Dangerous Security Bug Is the One That Feels Like a FeatureBug BountyThis article argues that the most dangerous security bugs are those that appear to be legitimate features. Such vulnerabilities are difficult to detect because they don't immediately trigger red flags. The author uses the example of a single click potentially compromising a developer's entire identity to illustrate this point, emphasizing that seemingly benign actions can have catastrophic security consequences if not properly scrutinized.
2026-04-19 2026The Art of Breaking OAuth: Real-World Exploits and MisusesAuthNThe Art of Breaking OAuth: Real-World Exploits and Misuses
2026-04-19 2026Broken Access Control: The Quiet Killer in Web ApplicationsAuthZBroken Access Control: The Quiet Killer in Web Applications
2026-04-16 2026Deep Dive into SSTI: Finding and Exploiting Like a ProSSTIDeep Dive into SSTI: Finding and Exploiting Like a Pro
2026-04-16 2026Abusing GraphQL Introspection: A Gateway for Recon and ExploitationGraphQLAbusing GraphQL Introspection: A Gateway for Recon and Exploitation
2026-04-11 2026What is BOLA? 3-digit bounty from TopcoderAPI SecWhat is BOLA? 3-digit bounty from Topcoder
2026-04-10 2026From SSRF to RCE: A 7-Step Chain Against PostHogSSRFFrom SSRF to RCE: A 7-Step Chain Against PostHog
2026-04-10 2026GraphQL Security Flaws and ExploitationGraphQLGraphQL Security Flaws and Exploitation
2026-04-10 2026From Recon to RCE: Hunting React2Shell (CVE-2025-55182)RCEFrom Recon to RCE: Hunting React2Shell (CVE-2025-55182)
2026-04-10 2026Mastering Blind XSS: Real-World Techniques for High BountiesXSSMastering Blind XSS: Real-World Techniques for High Bounties
2026-04-06 2026GraphQL Security: How I Found and Exploited Critical IDOR and Authorization BypassGraphQLIDORGraphQL Security: How I Found and Exploited Critical IDOR and Authorization Bypass
2026-04-06 2026The Complete Beginner's Guide to Bug Bounty ReconnaissanceReconThe Complete Beginner's Guide to Bug Bounty Reconnaissance
2026-04-06 2026How Bug Bounty Hunters Are Using Claude CodeBug BountyHow Bug Bounty Hunters Are Using Claude Code
2026-04-06 2026Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2SQLiBug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2
2026-04-03 2026Comprehensive Bug Bounty Hunting Methodology (2024 Edition)Bug BountyComprehensive Bug Bounty Hunting Methodology (2024 Edition)
2026-04-03 2026Hail Frida!! The Universal SSL Pinning Bypass for AndroidMobileHail Frida!! The Universal SSL Pinning Bypass for Android
2026-03-02 2026Breaking the Trust Boundary: SSRF via a Misconfigured Sentry TunnelSecretsSSRFFree Article Link: Click for free!
2026-01-29 2026How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs) 🤖🔍Bug BountyBurpIDORThe content titled "How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs)" likely discusses utilizing the Burp Suite tool to automate the discovery of Insecure Direct Object Reference (IDOR) vulnerabilities, leading to the identification of over 20 bugs. The author shares their experience and strategies for leveraging Burp Suite effectively in bug hunting. The content may provide insights into the process of using automation tools for security testing and the successful outcomes achieved through this approach.
2026-01-22 2026Recon to Master: The Complete Bug Bounty ChecklistBug BountyRecon“” is published by 𝙇𝙤𝙨𝙩𝙨𝙚𝙘 in InfoSec Write-ups.
2026-01-22 2026My 5-Minute Workflow to Find Bugs on Any WebsiteBug BountyReconMy 5-Minute Workflow to Find Bugs on Any Website A step-by-step guide to my most effective, shortcut methods for bug bounty hunting. Introduction Hi everyone, welcome back! Today, I’m going to show …
2025-08-14 2025HTTP-HOST HEADER ATTACKS. Hi! My name is Hashar Mujahid and today… | by HasBug BountyThe content discusses HTTP-Host header attacks and is authored by Hashar Mujahid. It seems to provide information or insights related to this type of cyber attack.
2025-08-14 2025How to discover up to 10,000 subdomains with your own tool | by _Y000_ | InBug BountyThe content discusses a method to uncover up to 10,000 subdomains using a self-created tool by _Y000_. It likely provides insights or instructions on how to utilize this tool effectively for discovering subdomains efficiently. The focus is on empowering individuals to explore a large number of subdomains using a personalized tool.
2025-08-14 2025Mastering the Realm of GraphQL ExploitationGraphQLThe content is titled "Mastering the Realm of GraphQL Exploitation" and appears to focus on the topic of exploiting GraphQL. It suggests a deep dive into understanding and potentially exploiting GraphQL, a query language for APIs. The title implies that the content may cover advanced techniques or strategies for manipulating GraphQL queries to gain unauthorized access or extract sensitive information.
2025-08-14 2025How I Found Multiple XSS Vulnerabilities Using Unknown TechniquesXSSThe content discusses the discovery of multiple XSS vulnerabilities through the use of undisclosed techniques. It implies that the author has found a method to identify and exploit these vulnerabilities, potentially showcasing a unique approach to uncovering security flaws. The focus is on the process of discovering XSS vulnerabilities rather than detailing specific techniques or findings.
2025-08-14 2025Mastering XSS: A Comprehensive Guide for Bug Bounty Hunters | by Security LXSSThe content titled "Mastering XSS: A Comprehensive Guide for Bug Bounty Hunters" by Security L provides detailed information and guidance on mastering Cross-Site Scripting (XSS) for individuals participating in bug bounty programs. It aims to help bug bounty hunters understand and effectively exploit XSS vulnerabilities to enhance their skills in identifying and reporting security issues. The guide likely covers various aspects of XSS attacks, techniques, prevention methods, and practical examples to equip readers with the knowledge needed to excel in finding and addressing XSS vulnerabilities in web applications.
2025-08-14 2025https://infosecwriteups.com/bypassing-character-limit-xss-using-spanned-payload-7301ffac226eXSSThe content discusses a technique to bypass character limits in Cross-Site Scripting (XSS) attacks using a spanned payload. By breaking the payload into smaller parts and using HTML span tags, attackers can evade character restrictions imposed by input fields, allowing them to execute malicious scripts on vulnerable websites. This method enables the injection of longer payloads while avoiding detection, making it a valuable tool for attackers seeking to exploit XSS vulnerabilities.
2025-08-14 2025Exploiting Non-Cloud SSRF for More Fun & Profit | by Basavaraj Banakar | InSSRFThe content appears to focus on exploiting Non-Cloud Server-Side Request Forgery (SSRF) for increased enjoyment and financial gain. It is likely a technical article or presentation by Basavaraj Banakar that delves into the methods and implications of leveraging SSRF vulnerabilities outside of cloud environments. The content may provide insights into how SSRF can be used for malicious purposes or for ethical hacking to uncover security weaknesses. It seems to aim at educating readers on the potential risks and rewards associated with exploiting SSRF vulnerabilities in non-cloud settings.
2025-08-14 2025Breaking Down SSRF on PDF Generation: A Pentesting GuideSSRFThe content is titled "Breaking Down SSRF on PDF Generation: A Pentesting Guide." It likely discusses the topic of Server-Side Request Forgery (SSRF) in the context of PDF generation and provides a guide for penetration testing related to this issue. The focus is on understanding and potentially exploiting SSRF vulnerabilities in PDF generation processes for security testing purposes.
2025-08-14 2025https://infosecwriteups.com/walkthrough-weather-app-hack-the-box-web-challenge-34b0c930dfcaSSRFThe content is a walkthrough of a web challenge called "Weather App" from the platform Hack The Box. It provides a step-by-step guide on how to solve the challenge, including identifying vulnerabilities, exploiting them, and gaining access to the target system. The walkthrough covers topics such as reconnaissance, enumeration, exploitation, and privilege escalation. It aims to help readers understand the process of hacking a web application and improving their cybersecurity skills.
2025-08-14 2025https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41cSSRFThe content discusses a technique using multiple HTTP redirects to bypass Server-Side Request Forgery (SSRF) protections. By chaining together several HTTP redirects, an attacker can manipulate the server to access internal resources or perform unauthorized actions. This method can be used to exploit vulnerabilities in web applications that are susceptible to SSRF attacks. The article provides insights into how attackers can leverage this technique and offers recommendations for organizations to strengthen their defenses against SSRF vulnerabilities.
2025-08-14 2025Beginner Guide To Exploit Server Side Request Forgery (SSRF) VulnerabilitySSRFThe content is a beginner's guide to exploiting Server Side Request Forgery (SSRF) vulnerability. It likely covers the basics of identifying and exploiting SSRF vulnerabilities, which involve manipulating a server to make unauthorized requests on behalf of the attacker. The guide may provide insights into how SSRF vulnerabilities can be leveraged for malicious purposes and the potential risks associated with such exploits. It serves as an introductory resource for individuals looking to understand and potentially exploit SSRF vulnerabilities.
2025-04-11 2025Nmap for Beginners: Easy Tips to Scan Networks Like a ProReconSo, Think this :::: one night when you are trying to sleep , suddenly you imagine what’s happening on your network .. what devices are connected? What services are they running? {JUST 2 AM THOUGHTS…
2025-04-10 2025Best Browser Extensions for Bug Hunting and CybersecurityBug BountyBurpIf you are getting into bug hunting or cybersecurity the right tools can make a huge difference. Browser extensions help automate tasks, find hidden vulnerabilities and protect your privacy. Here is…
2025-04-09 2025Controlling XSS Using A Secure WebSocket CLI - InfoSec Write-upsXSSWhen experimenting with Cross-Site Scripting (XSS), what’s the quickest way to test multiple payloads efficiently? Not long ago, I set up an XSS server that serves remote payloads, which can easily…
2025-01-30 2025Advanced DNS Attacks: Poisoning and ExploitationReconUnderstanding DNS Vulnerabilities and Practical Techniques for Exploitation and Defense
2024-10-17 2024Let’s Understand SSRF vulnerabilitySSRFThe content provides an introduction to understanding SSRF (Server-Side Request Forgery) vulnerability. SSRF is a type of security vulnerability that allows an attacker to manipulate the server into making unauthorized requests on their behalf. This can lead to data breaches, unauthorized access, and other security risks. Understanding SSRF is crucial for developers and security professionals to prevent and mitigate such vulnerabilities in web applications.
2024-10-17 2024👩‍💻Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much…GraphQLSSRFThe content discusses a talk focusing on cybersecurity in 2022, covering topics such as SSRF, IDOR in GraphQL, GCP Pentesting, and more. The talk highlights the significant value, over $25 billion, that is at risk due to practical attacks on bridges. It emphasizes the importance of understanding and addressing vulnerabilities in cybersecurity to protect valuable assets.
2024-10-17 2024👩‍💻 $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS…Bug BountySSRFA $600K bounty was awarded due to a business logic flaw in smart contracts.
2024-10-17 2024Exploiting: SSRF For Admin AccessSSRFThe content is about exploiting Server-Side Request Forgery (SSRF) vulnerabilities to gain admin access. SSRF allows attackers to make requests on behalf of the server, potentially accessing internal systems or performing unauthorized actions. By manipulating URLs, attackers can trick the server into fetching sensitive data or executing commands. This can lead to unauthorized access to admin interfaces, compromising the system's security. The article likely discusses the risks of SSRF vulnerabilities, the impact on system security, and potential mitigation strategies to prevent such attacks.
2024-10-17 2024Server-Side Request Forgery — SSRF: Exploitation TechniqueSSRFServer-side request forgery (SSRF) is a vulnerability where an attacker can manipulate a server to make unauthorized HTTP requests. This exploitation technique can lead to sensitive data exposure, unauthorized access, and potential server compromise. Preventing SSRF involves input validation, using whitelists, and restricting server access to prevent attackers from exploiting this vulnerability.
2024-10-17 2024Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear TextBug BountySSRFThe content discusses a successful bug bounty story where the author and a friend earned approximately $2500 from Cafebazaar by exploiting a Server-Side Request Forgery (SSRF) vulnerability on Zimbra, leading to the exposure of all credentials in clear text.
2024-10-17 2024My First Bug: Blind SSRF Through Profile Picture UploadBug BountySSRFThe content is a writeup detailing the discovery of the author's first bug, which involves a blind Server-Side Request Forgery (SSRF) vulnerability through profile picture upload. The author likely shares their experience, the steps taken to identify the bug, and the impact of the vulnerability. This bug could potentially allow an attacker to manipulate the server into making requests on their behalf, leading to unauthorized access or data leakage. The writeup may also include insights on responsible disclosure and the importance of thorough security testing in web applications.
2024-10-17 2024Server Side Request Forgery — SSRFSSRFServer Side Request Forgery (SSRF) is a web vulnerability that enables attackers to manipulate a server to make unauthorized requests. This issue can lead to data leaks, unauthorized access, and potential server exploitation. Preventing SSRF involves input validation, restricting access to sensitive resources, and using secure coding practices. It is crucial for developers and organizations to be aware of SSRF risks and implement robust security measures to mitigate this threat effectively.
2024-10-17 2024Vimeo SSRF with code execution potential.RCESSRFThe content discusses the discovery of a semi-responded SSRF vulnerability on Vimeo that potentially allows for code execution. The author shares their process of finding and exploiting this vulnerability in a blog post.
2024-10-17 2024Server Side Request Forgery (SSRF) TestingSSRFThe content discusses Server Side Request Forgery (SSRF) testing for fun rather than for a bounty. The author discovered a website vulnerable to SSRF but did not exploit it. The focus is on testing and identifying SSRF vulnerabilities in web applications.
2024-09-21 2024XXE : From Zero to HeroXXEHello fellow hackers, I hope you all are doing good and learning something new :) . As i said in my RECON blog I will be writing about…
2024-09-14 2024Unlocking OAuth SecurityAPI SecAuthNIn this blog, we will uncover the different oauth security implications on both the client applications and the oauth server.
2021-06-05 2021Automating Burp Suite -4 | Understanding And Customising Custom Header FromBurpThe content discusses the creation of a Burp Extension using Jython to automate Burp Suite tasks. Specifically, it focuses on adding custom headers to requests. This is the fourth tutorial in the series, emphasizing understanding and customizing custom headers. The tutorial likely provides step-by-step instructions on how to implement this feature within Burp Suite for automated testing and customization purposes.
2021-05-17 2021How to discover up to 10,000 subdomains with your own tool | by _Y000_ | InBug BountyThe content discusses creating a tool using bash to discover up to 10,000 subdomains. The tool's development involves programming tasks in bash and breaking them down into parts for better understanding and implementation.
2021-04-15 2021Story of a really cool SSRF bug.. Hello all! My name is Vedant, also… | bySSRFVedant, also known as Vegeta on Twitter, is a cybersecurity enthusiast and bug bounty hunter. He shares a story about discovering a significant Server-Side Request Forgery (SSRF) bug. This bug showcases his skills in identifying vulnerabilities and his passion for cybersecurity.
2021-04-10 2021Intro to Bug Bounty Automation (pt.2): Port Scanning with Slack | InfoSec WBug BountyThe content discusses using Slack as a communication channel for delegating tasks like port scanning, even though Slack itself cannot perform port scans. It highlights the importance of utilizing automation tools and platforms like Slack to streamline bug bounty processes and improve efficiency in cybersecurity tasks.