Friend Link for those without a Medium Paid subscription: https://medium.com/@tdpdev/febf5b7ea745?source=friends_link&sk=7994ed9c8ead5b580054463f37cca804
Hi y'all guys, I haven’t been writing for a long time as I focused more on bounties. Wanted to share with you one of the many bugs I found on one public program in H1. However, they don’t have public disclosure so I’ll redact the target.
Also, this gives an important takeaway, which we’ll see later.
So, approaching the target. Every time I logged in to the app, a call was made to a backup endpoint. Returning a user’s backup data. No cookies were used, only a token in the…
Over the last few weeks, I’ve been working on my new website. I wanted to give it a touch of dynamism. After giving it some thought, I decided to use CSS and JS — and I’m pretty satisfied with the final results.
This article isn’t about building or designing a webpage. Today, I’ll show you some code snippets (with explanations) to breathe life into the website you’re building right now.
The first trick is a wonderful three-dimensional effect in JS.
Hi everyone, I’ve not been writing on Medium for a while(busy months here), however today I wanted to share with you how Response manipulation got me a Low severity bug, going hand in hand with a quickly earned bounty. When targeting a Website/Web App(or Both :D), you usually spend a while on it and search mainly for medium/high severity bugs(sometimes also critical ones). However, there are some “easy” Bugs out there which can sometimes get you from 50$ to 200$.
Seems good enough to continue reading?
Hello guys, in my previous write-up I talked about how I was able to bypass CSRF protection on a web app using session fixation, today I will bring you a more “theoric” article, how to boost up your Dorking productivity using webpaste tool from TomNomNom.
Dorking is wonderful, it is plenty of bugs you can find by using Dorking out there. What is there is a tool that can take this to the next level? It has nothing to do with automated tools, it is just your Dorking experience and knowledge mixed with productivity. …
I hope you are doing well these times. I decided to write some interesting bug bounty write-ups to help newbies find their first bug.
Today I would like to talk about a Bug I found in a private bug bounty program. It consists of bypassing the entire csrf protection system of the company’s Web app.
As it is a private bug bounty program, let’s assume that our target is https://redacted.com.
Now, when editing my account’s settings, I always look for CSRF. When saving my account’s settings, I get a request like this:
POST /User/Edit?status=success HTTP/1.1 Host: redacted.com User-Agent…
For the ones who didn’t know yet, a Trojan Horse Attack consists of embedding en exploit in an innocent-looking Application, or even in a document. As you might have guessed today we will embed a backdoor into a Kivy-made GUI. This attack is quite simple, the only thing you need to know is just some python and networking basics. Let us get started!
How to build?
Among the many things we can embed in a Trojan Horse, I choose to embed a Backdoor. We will be using the one I talked about in this article:
Basically, you can embed everything…
Vim is a highly configurable text editor built that makes creating and editing any kind of text more efficient. I don’t have enough space here to describe all the advantages and features of Vim, but the main reason I use this editor is that you can hack it to do anything you want: use common configurations, create custom commands, custom configs, etc.
Perhaps you’ve heard that Vim is difficult to use and configure — well, it’s true. That’s why today I’m going to show you how I set up Vim for Python programming. I have built the perfect Python development…
Are you bored? Want to build something interesting using ML? Well, here there are some Machine Learning fun and exciting project ideas that you can start to build right now.
Completing one of these projects will surely help you improve your practical skills in Machine Learning. In fact, I hope you make all these projects. Although they may seem trivial to some of you, learning to do things multiple times is another essential skill of a Senior Data Scientist. I also still have a lot to learn!
Today, we will Hunt Down Social Media Accounts across social networks by using a great tool: Sherlock. This tool allows us to search for Social Media accounts by their usernames.
The first thing we’ll do is installing Sherlock, then we are going to learn how to use it. Finally, we’ll discover on what Social Media platforms Sherlock operates. Let’s get started!
Sherlock is a tool made in Python, so if you don’t have Python3 installed Sherlock won’t work. To install python3 you can follow this guide.
After having installed Python3, we’re ready to install Sherlock from Github:
Text to speech (TTS) is the use of software to create an audio output in the form of a spoken voice. The program that is used by programs to change the text on the page to an audio output of the spoken voice is normally a text to speech engine. TTS engines are needed for an audio output of machine translation results.
TTS Softwares are widely used by important companies such as Google, Apple, Microsoft, Amazon, and others. Google developed the Google Assistant, Apple developed Siri, Microsoft developed Cortana, and Amazon developed Alexa. …