March 2023

Discover the most impressive bug bounty writeups from skilled cybersecurity researchers who have identified and disclosed vulnerabilities in diverse applications and systems. Explore their innovative techniques, strategies, and insights to improve your own cybersecurity skills and knowledge. Unlock the secrets of website reconnaissance with our comprehensive course for just $1.20 / Rs. 99 ! Unleash …

Bugs Exposed: The Most Impressive Bug Bounty Writeups Read More »

1. Tips For Finding Open Redirect Open redirect is probably one of the most common vulnerabilities in modern websites. Here, we are going to some some tips and tricks to find open redirect. https://example.com/dir -> [ 200 ] Here in the above example you can see that it is normal http request with status code …

Bounty Hunters’ Tips and Tricks: Expert Advice on Tracking Down Fugitives Read More »

Mastering OAuth 2.0 Vulnerability: Essential Resources for Securing Your Applications OAuth 2.0 Resources :👇 https://owasp.org/www-pdf-archive/20151215-Top_X_OAuth_2_Hacks-asanso.pdf https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0-access-token-3af51f89f5b0 https://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1 https://gauravnarwani.com/misconfigured-oauth-to-account-takeover/ https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56 https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567 https://hackerone.com/reports/49759 https://hackerone.com/reports/131202 https://hackerone.com/reports/6017 https://hackerone.com/reports/7900 https://hackerone.com/reports/244958 https://hackerone.com/reports/405100 https://ysamm.com/?p=379 https://amolbaikar.com/facebook-oauth-framework-vulnerability/ https://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9 https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295 https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74 http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html https://veracode.com/blog/research/spring-social-core-vulnerability-disclosure https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5 https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893 Thanks You For Reading this 🙏 Hope You’ll like 👍 it

HTTP methods When a client sends a request to the server, it should also inform the server what action is to be performed on the desired resource. For example, if a user only wants to view the contents of a web page, it will invoke the GET method, which informs the servers to send the …

Understanding HTTP Methods: A Beginner’s Guide Read More »