bugbounty
-
[Bugbounty Study] #Time-Based Blind SQL InjectionStudy/Bugbounty Study 2021. 1. 9. 18:58
# Time Based Blind SQL Injection _ \$3500 marxchryz.medium.com/my-bug-bounty-journey-and-my-first-critical-bug-time-based-blind-sql-injection-aa91d8276e41 My Bug Bounty Journey and My First Critical Bug — Time Based Blind SQL Injection Hello everyone, I am Marx Chryz and I am new to bug bounty hunting even though I do web penetration testing for more than a year. marxchryz.medium.com 원작자는 처음에 XS..
-
[Bugbounty Study] #FacebookStudy/Bugbounty Study 2020. 12. 17. 22:41
해당 취약점은 얼마의 바운티를 받은지 알 수 없었다. medium.com/@amineaboud/story-of-a-weird-vulnerability-i-found-on-facebook-fc0875eb5125 Story of a weird vulnerability I found on Facebook Bug Bounty: Leak of internal Facebook documents medium.com 몇몇 서브도메인을 보는 중, "legal need" 에 사용된 흥미로운 서브도메인을 발견하였다. ("legal need" 에 사용된 서버는 일반적으로 중요한 데이터를 포함한다.) https://legal.tapprd.thefacebook.com/ 따라서, 구글링을 통해 해당 url을 포함한 엔드포인트를 찾..
-
[Bugbounty Study] #Twitter _ Open Redirect to XSSStudy/Bugbounty Study 2020. 12. 3. 23:21
# dev.twitter.com Open Redirect to XSS_ $1,120 hackerone.com/reports/330008 Twitter disclosed on HackerOne: [dev.twitter.com] XSS and Open... Description: Hi after I finish reading the report https://hackerone.com/reports/260744.i start to test this subdomain.i fount an interesting url [https://dev.twitter.com/web/sign-inhttps://dev.twitter.com/basics/adding-international-support-to-your-apps].t..
-
[Bugbounty Study] #Dropbox _ SSRFStudy/Bugbounty Study 2020. 11. 25. 16:10
# SSRF (Server Side Request Forgery) _ \$4,913 medium.com/techfenix/ssrf-server-side-request-forgery-worth-4913-my-highest-bounty-ever-7d733bb368cb SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever ! Bug Bounty Write-Up medium.com SSRF란? Server-Side Request Forgery의 약자로 Server Side에서 이루어지는 요청을 변조해 공격자의 의도대로 요청 자체를 변경할 수 있는 공격 정상적인 흐름 : A 사이트에 이미지가 출력될 때, 해당 이미지는 B 사이트에서 응답..
-
[Bugbounty Study] #Bugcrowd _ CSRFStudy/Bugbounty Study 2020. 4. 13. 23:57
# CSRF / Account Takeover https://ladysecspeare.wordpress.com/2020/04/05/how-a-simple-csrf-attack-turned-into-a-p1-level-bug/ How a Simple CSRF Attack Turned into a P1 Level Bug Cross-site Request Forgery is easy to lookout for. However, if there are security measures in place to prevent CSRF attacks, they can be exciting (yet nerve-wracking) to bypass. For those who don… ladysecspeare.wordpre..