Collaborate Disseminate
Sometimes all my remembered accounts on Google Chrome are logged out. Including Gmail, Twitter, Facebook, Reddit. Why is it? should I concern about it?
Continue reading Sometimes all my accounts are logged out on Google Chrome, why is it?
While doing bug bounty. There is a website with a feature like follow
GET example.com/lookup?users=["username1", "username2"], then it return users data as JSON.
The users parameter looks really fishy. Its behaviors are… Continue reading Does anyone know what programming language/web framework parse parameter like this?
A website takes user input and pass into img src. What is the possible impact that I can do with it?
<img src="https://website.com/static/{user-input}">
I did think of some options:
Testing for XSS
Logout CSRF: website.com… Continue reading What is the possible impact of inserting user input into image src?
I am black-box testing a video streaming website. They have 2 kind of IDs for videos. internal_id and external_id.
I need to find a way to enumerate internal_id but cannot guess what kind of ID this website is using.
Example:
video 1: inte… Continue reading GRZXW5EDY – Does anyone recognize what kind of hash/id is this? [duplicate]
I found a Instagram Basic Display API access token leaked in a website. This token belongs to a Instagram marketing account of this website. Using my leet investigating skill, below are the information i have.
This token has 3 months vali… Continue reading Does API access token that only have access to public information need to be kept secret?
I am reading on https://tryhackme.com/room/introtonetworking, it is talking about OSI model.
It said that Data Link layer trailer can increase security as the data can’t be intercepted and tampered. How can it do it?. If it is because of t… Continue reading How Data Link layer trailer prevents data from being intercepted and tampers
SVG image can be used in DOS user browser with billion laugh attack. Can we do the same with other image types? especially GIF?
Thanks everyone.
Continue reading Can display a GIF in <img> tag causing Client-side DOS
I am testing a website (bug bounty website) and found an endpoint like replycomment?cmt_id[]=1. When open on browser, this endpoint let me reply to comment with id 1 by fetching this comment into a textarea and format it for me.
So i can d… Continue reading Making website queries and return a large amount of data, can it be exploited for DOS attack?
I am testing a bug bounty website, and found an endpoint like www.example.com/infinite. When open it, it keep doing 302 redirect to itself until browser stops it for redirecting too many times.
For example:
www.example.com/infinite ==>… Continue reading Does an url that redirecting infinitely have any impact to website?
If my site let user to provide any link to GIF file then display it in image tag like follow. <img src="user_provided_url.gif" alt="some_alt" title="some_title">.
Assume that my site correctly filters ou… Continue reading Is GIF safe to display inside HTML <img> tag? [duplicate]