Study/Bugbounty Study
-
[Bugbounty Study] #Cross Domain Referrer LeakageStudy/Bugbounty Study 2021. 1. 13. 17:10
# Cross Domain Referrer Leakage _ \$300 mohsinalibukc.medium.com/cross-domain-referrer-leakage-7873ada102ad Cross Domain Referrer Leakage It is my first writeup so please ignore the mistakes. mohsinalibukc.medium.com 해당 취약점이 발생한 타겟 서버는 공개하지 않았다. Cross Domain Referrer Leakage*를 재현하기 위한 방법은 아래와 같다. [ 취약점 재현 방법 ] 1. 비밀번호 재설정(비밀번호 찾기) 링크를 이메일 주소로 전송한다. 2. 비밀번호 재설정 링크를 Burp-suite가 설정된 브라우저에 입력한다. 3. ..
-
[Bugbounty Study] #Time-Based Blind SQL InjectionStudy/Bugbounty Study 2021. 1. 9. 18:58
# Time Based Blind SQL Injection _ \$3500 marxchryz.medium.com/my-bug-bounty-journey-and-my-first-critical-bug-time-based-blind-sql-injection-aa91d8276e41 My Bug Bounty Journey and My First Critical Bug — Time Based Blind SQL Injection Hello everyone, I am Marx Chryz and I am new to bug bounty hunting even though I do web penetration testing for more than a year. marxchryz.medium.com 원작자는 처음에 XS..
-
[Bugbounty Study] #Amazon S3 _ Sensitive Data ExposureStudy/Bugbounty Study 2020. 12. 29. 02:08
# Sensitive Data Exposure _ $400 virdoexhunter.medium.com/misconfigured-s3-bucket-leads-to-sensitive-data-exposure-no-super-controls-f47e26b586c6 Misconfigured s3 bucket leads to Sensitive Data exposure(No super controls ) Amazon S3 (Simple Storage Service) is one of the popular and widely used storage services. Many companies are using S3 buckets to store… virdoexhunter.medium.com 해당 글은 잘못된 S3 ..
-
[Bugbounty Study] #FacebookStudy/Bugbounty Study 2020. 12. 17. 22:41
해당 취약점은 얼마의 바운티를 받은지 알 수 없었다. medium.com/@amineaboud/story-of-a-weird-vulnerability-i-found-on-facebook-fc0875eb5125 Story of a weird vulnerability I found on Facebook Bug Bounty: Leak of internal Facebook documents medium.com 몇몇 서브도메인을 보는 중, "legal need" 에 사용된 흥미로운 서브도메인을 발견하였다. ("legal need" 에 사용된 서버는 일반적으로 중요한 데이터를 포함한다.) https://legal.tapprd.thefacebook.com/ 따라서, 구글링을 통해 해당 url을 포함한 엔드포인트를 찾..
-
[Bugbounty Study] #Twitter _ Open Redirect to XSSStudy/Bugbounty Study 2020. 12. 3. 23:21
# dev.twitter.com Open Redirect to XSS_ $1,120 hackerone.com/reports/330008 Twitter disclosed on HackerOne: [dev.twitter.com] XSS and Open... Description: Hi after I finish reading the report https://hackerone.com/reports/260744.i start to test this subdomain.i fount an interesting url [https://dev.twitter.com/web/sign-inhttps://dev.twitter.com/basics/adding-international-support-to-your-apps].t..