[Bugbounty Study] #Account TakeoverStudy/Bugbounty Study 2021. 3. 6. 02:12
# Account Takeover Due to Response Manipulation _ \$4100 avanishpathak46.medium.com/an-account-takeover-vulnerability-due-to-response-manipulation-e23fe629bd1 An Account Takeover Vulnerability Due to Response Manipulation. - No doesn’t necessarily mean no.! Responses can always be manipulated avanishpathak46.medium.com 원작자는 해당 타겟 사이트에서 이전에도 Account Takeover 취약점을 발견한 이력이 있다. 우선, 이전 글을 살펴보자. Accou..
[Bugbounty Study] #OTP Bypass Account TakeoverStudy/Bugbounty Study 2021. 2. 8. 19:49
# Otp Bypass Account Takeover logicbomb-1.medium.com/otp-bypass-account-takeover-to-admin-panel-ft-header-injection-16f2982a0136 OTP Bypass Account Takeover to Admin Panel — Ft. Header Injection It looks like this year has great promises at least the starting is good. Already 3 bug bounty in the pipeline(just showing off:P) and… logicbomb-1.medium.com 타겟은 정확하게 밝히지 않았고, OTP 인증이 구현되어 있는 온라인 교육 플랫폼..
[Bugbounty Study] #GitHub _ Account TakeoverStudy/Bugbounty Study 2021. 1. 20. 04:50
# GitHub Account Takeover _ \$5,000 abss.me/posts/github-org-takeover/ Github Organization Takeover By Claiming Owner Invitation TL;DR courtesy - https://bounty.github.com/researchers/Abss0x7tbh.html A malicious user could leverage 3 things to takeover a Github Organization : An invitation to owner from the organization. abss.me 해당 취약점은 2017. 11. 17에 제보한 것이다. [TL;DR] 요약하자면, GitHub에서 그룹의 팀원을 이메일로..
[Bugbounty Study] #Bugcrowd _ CSRFStudy/Bugbounty Study 2020. 4. 13. 23:57
# CSRF / Account Takeover https://ladysecspeare.wordpress.com/2020/04/05/how-a-simple-csrf-attack-turned-into-a-p1-level-bug/ How a Simple CSRF Attack Turned into a P1 Level Bug Cross-site Request Forgery is easy to lookout for. However, if there are security measures in place to prevent CSRF attacks, they can be exciting (yet nerve-wracking) to bypass. For those who don… ladysecspeare.wordpre..
[Bugbounty Study] #Facebook _ CSRFStudy/Bugbounty Study 2020. 4. 13. 23:48
# Facebook CSRF (Instagram Partial Account Takeover) _ $12,500 https://ysamm.com/?p=379 Facebook CSRF bug which lead to Instagram Partial account takeover. – Bug bounty write-ups Description This bug could allow an attacker to link victim’s Instagram account to his Facebook page and then have full control of The Instagram account by just making the victim visit a malicious website and without th..