Exploiting a Logic Bug in Discount Codes Generation
InfoSec Write-ups » Bug Bounty
by Eslam Omar
6d ago
In online shopping, we will find a wonderful feature most sites offer: discount codes, which provide great discounts on some products. So, what happens when hackers find a loophole that allows them to create thousands of discount codes? We have a target let’s call “xyz.com”. Usually, I start testing on a main domain and here I want to say that many researchers say that you will not find any bug in the main domain and this is a mistake. You should search and then move to the subdomains. First, I start using the web application like any other user to understand the website and all its funct ..read more
Visit website
What is Bug Bounty
InfoSec Write-ups » Bug Bounty
by Abhinav Pathak
6d ago
Bug Tracking (Part of Bug Bounty)What is a bug? Security bug or vulnerability is “a weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, OR availability. What is Bug Bounty? A bug bounty or bug bounty program is IT jargon for a reward or bounty program given for finding and reporting a bug in a particular software product. Many IT companies offer bug bounties to drive product improvement and get more interaction from end users or clients. Companies that oper ..read more
Visit website
Subdomain Takeovers for Beginners
InfoSec Write-ups » Bug Bounty
by Hicham Almakroudi
6d ago
How to find and exploit subdomain takeovers Photo by Jennifer Uppendahl on UnsplashTable of contents In this short article the following will be covered Subdomain takeovers explained How to find and Exploit them A challenge Subdomain takeovers explained Subdomain takeover is when an attacker can host (malicious) content on a subdomain of someone else. This usually happens because a person/company uses a service for example Github Pages. After a while they stop using the service, delete the repository that was used to serve the content of the subdomain. BUT they forgot to ..read more
Visit website
Top 20 Must-Have Hacking Gadgets for Cybersecurity Professionals
InfoSec Write-ups » Bug Bounty
by Ajay Naik
6d ago
1. Raspberry Pi Use: A low-cost, highly customizable mini-computer used for various purposes such as network penetration testing, programming, and automating attacks. It can be configured for offensive cybersecurity projects. 2. WiFi Pineapple Use: A wireless network auditing tool designed for network penetration testing. It is used for creating rogue access points, man-in-the-middle attacks, and network reconnaissance. 3. USB Rubber Ducky Use: Disguised as a normal USB drive, this gadget delivers pre-configured keystrokes quickly when plugged into a machine, executing payloads like ..read more
Visit website
Vulnerability: Multiple Vulnerabilities in Linux CUPS (CVSS 9.9)
InfoSec Write-ups » Bug Bounty
by Ajay Naik
6d ago
Multiple Vulnerabilities in Linux CUPS (CVSS 9.9) Multiple CUPS Vulnerabilities — RCE in Linux CUPS (CVE-2024–47076 / CVE-2024–47175 / CVE-2024–47176 / CVE-2024–47177) Descriptions: Several newly disclosed vulnerabilities in the Common UNIX Printing System (CUPS) pose a critical threat to Linux systems. These flaws allow remote attackers to exploit weaknesses in CUPS, potentially leading to unauthorized code execution without user interaction. The flaws affect default configurations, making millions of systems vulnerable if left unpatched. Odin Dork: services.modules.http.headers.server ..read more
Visit website
Master the subdomain hunting Part 2
InfoSec Write-ups » Bug Bounty
by ʏᴀꜱʜʜ
6d ago
Hii Guys, My last writeup got lots of love. if you have not read that blog then you can Check out this blog “Master Subdomain HUNTING | Art of finding hidden assets” so i have continued the 2nd part so you can check Out the following blog post. The blog contain following thigs Overview Common subdomain enumeration tools Overiew Installation commands “Master subdomain HUNTING Part 2” Master subdomain HUNTING Part 2 This blog contain the full information about the subdomain enumeration passive and active ways with most common tools 2fa Bypass all possible methods You can check o ..read more
Visit website
Going Crazy with Farming VDPs: Extplorer Admin Panel Bypass & Remote Code Execution (RCE) | by YoungVanda
InfoSec Write-ups » Bug Bounty
by YoungVanda
6d ago
Hi Kings & Queens, I’m YoungVanda and in this write-up, I’ll talk about a very simple CVE which led to over +20 high—critical vulnerabilities in a couple of hours and over +500 reputation. Yeah buddy, lightweight baby. In the Name of the One Who Gives Glory If you only want to read the technical part, please start reading from the Technical Part Header. Some Hunting Vibes Since I was a little boy, I always wanted to be a Gangster. Sorry, I meant a farmer. ??‍???‍???‍???‍? ??? https://medium.com/media/85ec3cbda79f15d8a4c394a581147f8e/href Like World War II soldiers’ dreams, l ..read more
Visit website
From GitHub Recon to Hotstar Admin Access: A Deep Dive into Security Flaws
InfoSec Write-ups » Bug Bounty
by Vishal Vishwakarma
1w ago
Explore how a basic GitHub search revealed significant security issues in Hotstar’s admin panel. This write-up outlines the flaws discovered and offers guidance on how to address and prevent similar vulnerabilities. Hello Everyone I am Vishal Vishwakarma [@rootxvishal] I hope you enjoy it and learn something new from it. Introduction Hotstar, one of India’s leading streaming platforms, has gained immense popularity for its extensive library of movies, TV shows, and live sports. As with many large-scale online services, securing sensitive areas such as admin panels is critical. Recently, I ..read more
Visit website
Open-Source Intelligence (OSINT): A Powerful Tool for Information Gathering 2024–2025
InfoSec Write-ups » Bug Bounty
by Ajay Naik
1w ago
Open-source intelligence (OSINT) is an essential tool for cyber security professionals. It involves gathering information from publicly available sources to identify potential threats, vulnerabilities, and targets. This article provides a comprehensive guide on how to conduct OSINT investigations effectively. Why We Use OSINT Tools: OSINT tools are essential because they help automate the process of collecting, organizing, and analyzing vast amounts of publicly available information. Key Reasons to Use OSINT Tools: 1.Efficient Information Gathering OSINT tools automate the search for ..read more
Visit website
How To Do Malware Analysis
InfoSec Write-ups » Bug Bounty
by Paritosh
1w ago
How To Do Malware Analysis ? Malware analysis involves examining malicious software to understand its functionality, origin, and potential impact. Here’s a general outline of steps involved in malware analysis 1. Obtain the Malware Sample: Obtain a copy of the malware to be analyzed. This could be from various sources such as online repositories, honeypots, or directly from infected systems (using proper precautions to contain it). 2. Initial Assessment: Gather basic information about the malware, such as its file size, hash values (MD5, SHA1, SHA256), file type, and any initial ..read more
Visit website

Follow InfoSec Write-ups » Bug Bounty on FeedSpot

Continue with Google
Continue with Apple
OR