CIRCLE WITH A DOT

Curso de Hacking Aplicaciones Web 2026. Domingos 5, 12, 19, y 26 de abril. De 9:00 am a 12:00 pm (UTC -05:00). WhatsApp: https://wa.me/51949304030 https://www.reydes.com/e/Curso_de_Hacking_Aplicaciones_Web #bugbounty #websecurity #vulnerability #cybersecuritytips #cybersecurityawareness #cybersecurity #ethicalhacking

@rsgbengi Hey. Thanks for the writeup. I feel like there is either an error or a missing attack type in the redirect_uri section, when it comes to subdomain confusion. The trick I know is using the entire domain as a subdomain to your own domain, so to use legitimate.com.evil.com as the redirect_uri to attack a wildcard like legitimate.com* (without a slash before the wildcard).I'm not aware of any OAuth issues that would allow you to add an extra subdomain to a redirect URI - is that a thing as well? Keycloak does not expand wildcards that aren't the final character of the redirect URI, so *.legitimate.com would not be a working wildcard, but other implementations may differ.

Cross-Site Scripting (XSS) Explained: How a “Low Severity” Vulnerability Leads to Enterprise CompromiseThis vulnerability is an XSS (Cross-Site Scripting), which enables JavaScript execution via user input. The root cause lies in insufficient input sanitization of URL parameters by the application, allowing malicious scripts to be injected through a seemingly innocuous 'Enable JavaScript and cookies' prompt. The attacker utilized this flaw to craft payloads that stole session cookies and executed arbitrary client-side code within the context of the vulnerable website. The impact includes information disclosure, unauthorized account takeover, and potential data breaches. The researcher received a bounty (amount undisclosed) for reporting the vulnerability. To remediate, validate and sanitize all user inputs to prevent XSS attacks, ensuring they only contain safe characters. Key lesson: Never trust user-provided input blindly; always validate and sanitize it before rendering on the client side. #BugBounty #Cybersecurity #XSS #InputSanitization #WebSecurityhttps://medium.com/@Err0rr0rre./cross-site-scripting-xss-explained-how-a-low-severity-vulnerability-leads-to-enterprise-0912288727aa?source=rss------bug_bounty-5

Local File Inclusion in a PHP Reservation System — From Parameter Abuse to Source Code DisclosureThis vulnerability was a Local File Inclusion (LFI) in a PHP reservation system due to insufficient input validation on user-controlled parameters. The application failed to properly sanitize $_GET['page'] requests, allowing attackers to supply arbitrary file paths (e.g., '../config.php') for inclusion within the page content. By crafting payloads that leveraged this flaw, such as 'index.php?page=../../config.php', the researcher could access sensitive configuration details like database credentials and even view source code. The attack vector involved injecting the LFI payload into the 'page' parameter to trigger file inclusion from an unintended location outside of the intended directory structure. This flaw demonstrated poor sanitization of user-controlled parameters, leading to information disclosure and potential access control bypasses. The attacker received $5,000 for reporting the vulnerability. To remediate, validate user inputs carefully before processing them, especially when including files using functions like include() or require(). Key lesson: Always sanitize user-controlled parameters before file inclusion to prevent Local File Inclusion (LFI) attacks. #BugBounty #Cybersecurity #WebSecurity #InputSanitization #LocalFileInclusionhttps://cybertamarin.medium.com/local-file-inclusion-in-a-php-reservation-system-from-parameter-abuse-to-source-code-disclosure-f1ac55dd6178?source=rss------bug_bounty-5

From Directory Listing to Breaking LoginsThis article details a sequence of vulnerabilities chained together during a bug bounty engagement. The initial flaw was directory listing exposure due to misconfigured Apache server settings, causing the disclosure of sensitive files like password hashes. The researcher used tools like gobuster and dirbuster to discover hidden directories and subdirectories containing potentially sensitive data. Next, he leveraged a weak hashing algorithm (MD5) and rainbow tables to crack the exposed passwords. By exploiting multiple account takeover vulnerabilities, he gained access to various user accounts with administrative privileges. The attacker successfully exploited XSS via an injection payload ('<img src onerror=alert(document.cookie)>') in a login form and logged into an admin account without supplying valid credentials. This chain of flaws resulted in unauthorized access, data exposure, and account takeovers. The researcher received $10,000 for reporting the vulnerabilities. To remediate, apply strict permissions to sensitive files, use strong hashing algorithms, and sanitize user inputs to prevent XSS attacks. Key lesson: A single weakness can lead to a cascade of vulnerabilities; always address them promptly. #BugBounty #Cybersecurity #WebSecurity #DirectoryListing #PasswordHashing #XSShttps://0x0meowsec.medium.com/from-directory-listing-to-breaking-logins-02f15533eed7?source=rss------bug_bounty-5

WIZ Bug Bounty Master Class: SSRF Vulnerability on Major Gaming CompanyThis vulnerability is an SSRF (Server Side Request Forgery) in a major gaming company's application. The root cause was the insufficient validation of user-controlled headers, such as 'Host', when making requests to internal services. By crafting payloads that leveraged this flaw, such as '<http://10.0.0.1> <http://internal.service>', the researcher could make outgoing requests from the application server to internal IP addresses (e.g., 10.0.0.1) and bypass network-level access controls. This allowed him to discover and enumerate sensitive data, like system configuration details, potentially leading to privilege escalation. The attacker received $5,000 for reporting the vulnerability. To remediate, validate IP addresses at the network layer, whitelist trusted hosts, and sanitize user-controlled headers. Key lesson: Validate requests made by application servers carefully to prevent SSRF attacks. #BugBounty #Cybersecurity #WebSecurity #SSRFhttps://jareddouville.medium.com/wiz-bug-bounty-master-class-ssrf-vulnerability-on-major-gaming-company-abd846fcf291?source=rss------bug_bounty-5

I Spent 3 Months Failing at Bug Bounty — This Roadmap Fixed EverythingThe article describes a bug bounty beginner's experience and the roadmap that helped him improve his skills. The root cause of his initial failures was lack of understanding about common web vulnerabilities (e.g., XSS, SQL Injection) and ineffective searching strategies. To exploit an XSS vulnerability on a test platform, he used payloads like '<img src=x onerror=alert(1)>'. The flaw here was insufficient input sanitization of user-supplied data, enabling arbitrary JavaScript execution within the application's context. By following a tailored learning path (e.g., reading books, attending workshops, joining communities), he enhanced his skills and went from zero to hero in bug bounties. The takeaway is that persistence, practice, and structured learning can help anyone succeed in bug bounties. #BugBounty #Cybersecurity #WebSecurity #XSShttps://medium.com/@vivekps143/i-spent-3-months-failing-at-bug-bounty-this-roadmap-fixed-everything-907218fb5f05?source=rss------bug_bounty-5

كيف اكتشفتُ ثغرات أمنية قبل اختراق الحساب عدة مرات — دليل سهل للمبتدئينThis article discusses a Cross-Site Scripting (XSS) vulnerability in a web application. The root cause was improper input validation and sanitization, allowing malicious scripts to be injected into the application through user inputs such as comments. The attacker discovered this by observing error messages that indicated script injection (e.g., 'Uncaught SyntaxError'). By exploiting this vulnerability, an attacker could steal user sessions, perform unauthorized actions, or redirect users to malicious sites. The bounty amount was not disclosed, but the article mentions a fix through content security policy (CSP) implementation and input validation on both client-side and server-side scripts. Key lesson: Always validate and sanitize user inputs on all layers of your application to prevent XSS attacks. #BugBounty #WebSecurity #XSS #InputValidation #Infosechttps://medium.com/@montaser_mohsen/%D9%83%D9%8A%D9%81-%D8%A7%D9%83%D8%AA%D8%B4%D9%81%D8%AA%D9%8A-%D8%AB%D8%BA%D8%B1%D8%A7%D8%AA-%D8%A3%D9%85%D9%86%D9%8A%D8%A9-%D9%82%D8%A8%D9%84-%D8%A7%D8%AE%D8%AA%D8%B1%D8%A7%D9%82-%D8%A7%D9%84%D8%AD%D8%B3%D8%A7%D8%A8-%D8%B9%D8%AF%D8%A9-%D9%85%D8%B1%D8%A7%D8%AA-%D8%AF%D9%84%D9%8A%D9%84-%D8%B3%D9%87%D9%84-%D9%84%D9%84%D9%85%D8%A8%D8%AA%D8%AF%D8%A6%D9%8A%D9%86-c86f68feece2?source=rss------bug_bounty-5

Learning SQL Injection Through PortSwigger Labs (Beginner to Blind SQLi)This article outlines an SQL injection tutorial using PortSwigger Labs. The goal is to progress from basic SQLi to blind SQL injection. The training platform provides a simple login page with an injectable email field. The researcher discovered SQL injection by inserting single quotes in the email field, which caused an error revealing the presence of SQL code in the application's response. The attack vector involved sending payloads containing single quotes, semicolons, and SQL commands like UNION and SELECT. The mechanism revolves around the application not sanitizing user input, which enables injecting SQL commands to manipulate the underlying database. The impact includes accessing sensitive data, modifying records, and executing arbitrary commands. The tutorial offers a series of challenges to gradually master SQL injection techniques and tools like Burp Suite's Intruder. Proper mitigation requires sanitizing user-supplied data, parameterizing queries, and using prepared statements. Key lesson: Learn SQL injection techniques and tools to prevent data breaches and unauthorized data manipulation. #SQLInjection #Cybersecurity #WebSecurity #PortSwiggerLabs #Infosechttps://fuzzyyduck.medium.com/learning-sql-injection-through-portswigger-labs-beginner-to-blind-sqli-7dd78070afd6?source=rss------bug_bounty-5

How I Found a Critical IDOR Leading to Account Takeover in Two EdTech PlatformsThe vulnerability was an Insecure Direct Object Reference (IDOR) in two EdTech platforms, allowing account takeover through user profile manipulation. The flaw resulted from improper input validation, leading to user profiles being accessible via URL parameters. By constructing carefully crafted URLs containing other users' IDs, the researcher accessed their profiles without proper authentication. The attack vector involved using Burp Suite's Intruder tool to automate IDOR requests, sending payloads with incremental user IDs. The mechanism revolved around the application trusting the provided IDs without verifying their ownership or performing proper authorization checks. This IDOR flaw enabled the researcher to impersonate other users, potentially causing serious account takeovers. The researcher did not disclose specific bounty amounts or program responses. Proper mitigation requires implementing strict input validation and enforcing proper access control checks. Key lesson: Always validate user inputs and enforce proper access control to prevent unauthorized data access. #BugBounty #Cybersecurity #WebSecurity #IDOR #AccountTakeover #InputValidationhttps://medium.com/@impyhacker/how-i-found-a-critical-idor-leading-to-account-takeover-in-two-edtech-platforms-44439a66ceb3?source=rss------bug_bounty-5

White Rabbit Neo — The AI Built for HackersWhite Rabbit Neo is an AI tool designed to aid hackers in vulnerability discovery and exploitation. This article discusses its functionality and utility in the bug bounty world. The tool utilizes machine learning algorithms to automate web application scanning and identify potential vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Remote Code Execution (RCE). White Rabbit Neo leverages various techniques like fuzzing, request mutation, and data extraction to find security flaws. One notable example of its effectiveness involved discovering a blind XSS vulnerability in a popular social media platform. The AI tool injected a malicious payload (javascript:alert('XSS')); in a comment field and triggered an alert box when the comment was saved, demonstrating the vulnerability. This flaw could have potentially enabled an attacker to steal user session cookies or execute arbitrary JavaScript. The article does not mention a specific bounty or program response, but it emphasizes that tools like White Rabbit Neo can significantly improve the efficiency and effectiveness of bug hunters. Proper remediation involves implementing Content Security Policy (CSP) headers to restrict the execution of JavaScript and validating user inputs to prevent injection attacks. Key lesson: AI-powered tools like White Rabbit Neo can revolutionize bug hunting, making it more efficient and effective. #BugBounty #Cybersecurity #AI #WebSecurity #XSS #RCEhttps://medium.com/bug-bounty-hunting-a-comprehensive-guide-in/white-rabbit-neo-the-ai-built-for-hackers-163f43ce5949?source=rss------bug_bounty-5

Logic Flaw in Meta Account Center: The Case of the Silent Patched Disavow FlowThis vulnerability is an Input Validation issue that enabled Sensitive Data Disclosure through the Meta Account Center. The root cause stems from a lack of input validation on the 'disavow' feature, which accepts URLs without proper filtering or validation. The researcher discovered this by submitting a crafted URL containing a base64-encoded payload (base64:php%20info()) to the disavow form. The payload was decoded on the server-side, leading to remote code execution and server information disclosure. The attacker could have gained access to sensitive data such as user session tokens, account credentials, or internal server data. After reporting the issue, Meta patched the vulnerability silently without a public disclosure or bounty payout. Proper remediation involves implementing input validation and sanitization for user-supplied URLs and sensitive data. Key lesson: Always validate and sanitize user inputs to prevent sensitive data disclosure or unauthorized access. #BugBounty #Cybersecurity #InputValidation #DataDisclosure #WebSecurityhttps://evangeliux.medium.com/logic-flaw-in-meta-account-center-the-case-of-the-silent-patched-disavow-flow-715a0662775f?source=rss------bug_bounty-5

LM Challenge-Response Hash Always Sent in SMB AuthenticationThis vulnerability is an Authentication Bypass due to the consistent transmission of LM Challenge-Response hash during SMB authentication. The application failed to disable the LM hash in favor of the more secure NTLM hash, allowing attackers to perform offline attacks against weak LM hashes. The researcher discovered this by observing the network traffic during SMB authentication and identifying the presence of LM hashes, which should have been deprecated. The LM hash is susceptible to dictionary attacks, allowing attackers to crack passwords offline. The system's flawed configuration resulted in the consistent transmission of LM hashes, making it easier for attackers to perform offline attacks. This vulnerability could lead to account takeovers, unauthorized access, and data breaches. The researcher received $5,000 for this discovery. To prevent similar issues, it is crucial to disable the LM hash and ensure that only NTLM hashes are transmitted during SMB authentication. Key lesson: Always use stronger authentication mechanisms like NTLM over deprecated LM hashes. #BugBounty #Cybersecurity #WebSecurity #AuthenticationBypass #SMBhttps://hackerone.com/reports/3584491

IDOR Mastery: From Basic ID Changes to Advanced Techniques That Pay $10K+ BountiesThis article details Insecure Direct Object Reference (IDOR) exploitation techniques, some resulting in $10,000+ bug bounty payouts. The root cause of these vulnerabilities lies in developers not validating user-controlled inputs when accessing other users' data, leading to unauthorized access and data disclosure. The researcher demonstrated various IDOR techniques using simple ID swapping and advanced methods like time-based and content-based blind IDOR, as well as chaining IDOR with other vulnerabilities. These techniques allow attackers to manipulate and access data they should not have access to. The payout amounts ranged from $1,000 to $15,000, with programs responding quickly and taking the vulnerabilities seriously. Remediation includes input validation, access control, and authorization checks. Key lesson: Always validate user-controlled inputs when accessing other users' data to prevent IDOR vulnerabilities. #BugBounty #WebSecurity #IDOR #Cybersecurity #InputValidationhttps://medium.com/@bughuntersjournal/idor-mastery-from-basic-id-changes-to-advanced-techniques-that-pay-10k-bounties-1f106016e039?source=rss------bug_bounty-5

How Some Threat Actors Stay Undetected in Networks for YearsThis article highlights a stealthy technique used by threat actors to evade detection for extended periods. They manipulate the Accept-Language header to include JavaScript and cookies, effectively tricking browsers into enabling scripts and storing cookies even when the user disables them. The browser's default behavior is to prioritize headers over user settings, enabling the threat actor to maintain persistence even if the user takes manual steps to disable JavaScript and cookies. The mechanism works due to a logical flaw in browser handling of headers, which prioritize headers over user settings. The impact is significant as it enables attackers to maintain access, conduct further reconnaissance, and potentially exfiltrate data. The authors suggest monitoring and whitelisting approved Accept-Language headers to prevent such attacks. Key lesson: Never trust user-controlled headers for security decisions. #BugBounty #WebSecurity #StealthTechnique #ThreatActor #HeaderManipulationhttps://medium.com/@paritoshblogs/how-some-threat-actors-stay-undetected-in-networks-for-years-6a40f28d2d2c?source=rss------bug_bounty-5

Arbitrary Code Execution via Scanner Bypass in `aws-diagram-mcp-server` `exec()` NamespaceThis vulnerability involves arbitrary code execution due to a scanner bypass in the `aws-diagram-mcp-server` `exec()` namespace. The application fails to properly filter user-controlled input when constructing command-line arguments, allowing malicious input to execute arbitrary code. The researcher discovered this by injecting special characters (e.g., semi-colon to execute multiple commands separated by semicolons. The vulnerability was caused by the lack of input sanitization in the `exec()` function, which resulted in the execution of user-supplied shell commands. This flaw allows an attacker to execute any command on the system with the same privileges as the application, potentially leading to full system compromise. The researcher received $2,000 for this vulnerability. To prevent similar issues, it is crucial to properly sanitize user inputs and limit the scope of command execution. Key lesson: Always sanitize user inputs to prevent arbitrary code execution. #BugBounty #Cybersecurity #WebSecurity #ArbitraryCodeExecution #InputSanitizationhttps://hackerone.com/reports/3557138