CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

B

كيف اكتشفتُ ثغرات أمنية قبل اختراق الحساب عدة مرات — دليل سهل للمبتدئينThis article discusses a Cross-Site Scripting (XSS) vulnerability in a web application.
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized bugbounty websecurity xss inputvalidation infosec
1

0 Votes

1 Posts

0 Views

B

كيف اكتشفتُ ثغرات أمنية قبل اختراق الحساب عدة مرات — دليل سهل للمبتدئينThis article discusses a Cross-Site Scripting (XSS) vulnerability in a web application. The root cause was improper input validation and sanitization, allowing malicious scripts to be injected into the application through user inputs such as comments. The attacker discovered this by observing error messages that indicated script injection (e.g., 'Uncaught SyntaxError'). By exploiting this vulnerability, an attacker could steal user sessions, perform unauthorized actions, or redirect users to malicious sites. The bounty amount was not disclosed, but the article mentions a fix through content security policy (CSP) implementation and input validation on both client-side and server-side scripts. Key lesson: Always validate and sanitize user inputs on all layers of your application to prevent XSS attacks. #BugBounty #WebSecurity #XSS #InputValidation #Infosechttps://medium.com/@montaser_mohsen/%D9%83%D9%8A%D9%81-%D8%A7%D9%83%D8%AA%D8%B4%D9%81%D8%AA%D9%8A-%D8%AB%D8%BA%D8%B1%D8%A7%D8%AA-%D8%A3%D9%85%D9%86%D9%8A%D8%A9-%D9%82%D8%A8%D9%84-%D8%A7%D8%AE%D8%AA%D8%B1%D8%A7%D9%82-%D8%A7%D9%84%D8%AD%D8%B3%D8%A7%D8%A8-%D8%B9%D8%AF%D8%A9-%D9%85%D8%B1%D8%A7%D8%AA-%D8%AF%D9%84%D9%8A%D9%84-%D8%B3%D9%87%D9%84-%D9%84%D9%84%D9%85%D8%A8%D8%AA%D8%AF%D8%A6%D9%8A%D9%86-c86f68feece2?source=rss------bug_bounty-5
H

Webmailer Roundcube: Kritische Lücken erlauben Dateimanipulation und mehr
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized xss security sicherheitsluck news
1

0 Votes

1 Posts

0 Views

H

Webmailer Roundcube: Kritische Lücken erlauben Dateimanipulation und mehrAngreifer hätten beliebige Dateien auf den Webserver schreiben, Skriptcode einschleusen und Inhaltsfilter umgehen können.https://www.heise.de/news/Webmailer-Roundcube-Kritische-Luecken-erlauben-Dateimanipulation-und-mehr-11217824.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#XSS #IT #Security #Sicherheitslücken #news
B

White Rabbit Neo — The AI Built for HackersWhite Rabbit Neo is an AI tool designed to aid hackers in vulnerability discovery and exploitation.
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized bugbounty cybersecurity websecurity xss
1

0 Votes

1 Posts

4 Views

B

White Rabbit Neo — The AI Built for HackersWhite Rabbit Neo is an AI tool designed to aid hackers in vulnerability discovery and exploitation. This article discusses its functionality and utility in the bug bounty world. The tool utilizes machine learning algorithms to automate web application scanning and identify potential vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Remote Code Execution (RCE). White Rabbit Neo leverages various techniques like fuzzing, request mutation, and data extraction to find security flaws. One notable example of its effectiveness involved discovering a blind XSS vulnerability in a popular social media platform. The AI tool injected a malicious payload (javascript:alert('XSS')); in a comment field and triggered an alert box when the comment was saved, demonstrating the vulnerability. This flaw could have potentially enabled an attacker to steal user session cookies or execute arbitrary JavaScript. The article does not mention a specific bounty or program response, but it emphasizes that tools like White Rabbit Neo can significantly improve the efficiency and effectiveness of bug hunters. Proper remediation involves implementing Content Security Policy (CSP) headers to restrict the execution of JavaScript and validating user inputs to prevent injection attacks. Key lesson: AI-powered tools like White Rabbit Neo can revolutionize bug hunting, making it more efficient and effective. #BugBounty #Cybersecurity #AI #WebSecurity #XSS #RCEhttps://medium.com/bug-bounty-hunting-a-comprehensive-guide-in/white-rabbit-neo-the-ai-built-for-hackers-163f43ce5949?source=rss------bug_bounty-5
G

ZAST Agent has identified 14 vulnerabilities in pybbs (tomoya92/pybbs, 2.9k+ GitHub Stars).
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized appsec zast vulnerabilityre java xss
1

0 Votes

1 Posts

1 Views

G

ZAST Agent has identified 14 vulnerabilities in pybbs (tomoya92/pybbs, 2.9k+ GitHub Stars).The attack surface includes 8 XSS vectors, CSRF on admin endpoints, and CAPTCHA reuse. Traditional SAST, which focuses on pattern matching, does not analyze logic flaws like email bypass or multi-stage flows (Stored XSS via /api/settings).Our engine verified every attack path—from payload persistence to triggering admin-level execution—via executable PoCs. This minimizes the triage effort required for these validated findings.Repo: https://github.com/tomoya92/pybbs Full Technical Details: https://blog.zast.ai/security%20research/Security-Advisory-7-Unpatched-Vulnerabilities-in-Prime-(CMS)-GraphQL-Implementation/#AppSec #ZAST #VulnerabilityResearch #Java #XSS

CIRCLE WITH A DOT

كيف اكتشفتُ ثغرات أمنية قبل اختراق الحساب عدة مرات — دليل سهل للمبتدئينThis article discusses a Cross-Site Scripting (XSS) vulnerability in a web application.

Webmailer Roundcube: Kritische Lücken erlauben Dateimanipulation und mehr

White Rabbit Neo — The AI Built for HackersWhite Rabbit Neo is an AI tool designed to aid hackers in vulnerability discovery and exploitation.

ZAST Agent has identified 14 vulnerabilities in pybbs (tomoya92/pybbs, 2.9k+ GitHub Stars).