file2.md

👨🏻‍💻 Bug Bounty Blogs and Writeups of different vulnerablities - Part 2

📅 11-Nov-2020

Sp1d3R's Security Blog

https://xpoc.pro/

Apple Hack by JWT

https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple

📅 16-Nov-2020

Google cloud shell Account Takeover as Root

https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/

Business Logic Error to ATO

https://protector47.medium.com/bounty-1000-critical-business-logic-flaws-leads-to-account-takeover-product-amount-9b5715a84613

Apache Tomcat RCE

https://medium.com/@romnenko/apache-tomcat-deserialization-of-untrusted-data-rce-cve-2020-9484-afc9a12492c4

PLay with Google, Twitter, Apple and Dell

https://medium.com/@rezaduty/play-with-google-twitter-apple-dell-278c73ebde34

CVE-2020–14882 Weblogic Unauthorized bypass RCE

https://github.com/jas502n/CVE-2020-14882

Facebook Messenger Leaking Access Token in IOS

https://medium.com/@guhanraja/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3

Unique XXE to AWS Keys journey

https://medium.com/@estebancano/unique-xxe-to-aws-keys-journey-afe678989b2b

From blind XXE to root level file read

https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/

📅 18-Nov-2020

Steal All cookies from Firefox Android

https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae

RCE via Server-Side Template Injection

https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae

📅 20-Nov-2020

Tale of 3-vulnerabilities-to-account-takeover

https://medium.com/@logicbomb_1/tale-of-3-vulnerabilities-to-account-takeover-44ba631a0304

XXE in an E-Commerce IOS Application

https://0xgaurang.medium.com/out-of-band-xxe-in-an-e-commerce-ios-app-e22981f7b59b

📅 23-Nov-2020

Exploiting-dynamic-rendering-engines-to-take-control-of-web-apps

https://r2c.dev/blog/2020/exploiting-dynamic-rendering-engines-to-take-control-of-web-apps/

📅 25-Nov-2020

SSL Pinning with FRIDA

https://medium.com/@ved_wayal/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29

📅 30-Nov-2020

HTTP Request Smuggling Twitter

https://hackerone.com/reports/713285

HTTP Request Smuggling Portswigger

https://portswigger.net/web-security/request-smuggling/finding

XSS on Issue Reference in Github - H1 Report

https://hackerone.com/reports/831962

XSS Challenge - H1 Report

https://hackerone.com/reports/1026585

API Security CTF

https://blog.pentesteracademy.com/overview-of-the-dreaded-api-security-ctf-challenge-nov-20-24-830f09122a6

Synk Blog

GraphQL Hack in Shopify Privilege Escalation

https://hackerone.com/reports/1010835

Alex Chapman's Blog

Exlpoiting SpringBoot Actuator - Veracode

https://www.veracode.com/blog/research/exploiting-spring-boot-actuators

IDOR Writeup Blogs

Some Cool Writeups of IDOR Vulnerabilities 😎

• https://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-object-references-375f83e03a87
• https://corneacristian.medium.com/top-25-idor-bug-bounty-reports-ba8cd59ad331
• https://medium.com/bugbountywriteup/all-about-getting-first-bounty-with-idor-849db2828c8
• https://medium.com/bugbountywriteup/a-short-story-of-idor-to-account-takeover-b36f3983ecba
• https://medium.com/@swapmaurya20/a-simple-idor-to-account-takeover-88b8a1d2ec24
• https://mustafakemalcan.com/insecure-direct-object-reference-idor-tips/
• https://medium.com/bugbountywriteup/pii-leakage-via-idor-weak-passwordreset-full-account-takeover-58d159f88d73
• https://medium.com/bugbountywriteup/a-short-story-of-idor-to-account-takeover-b36f3983ecba
• https://xploitprotocol.medium.com/hunt-for-the-idor-automation-using-burp-suit-a09f004a9d9d
• https://medium.com/@abhiunix/idor-on-api-endpoints-e08c740e87a2
• https://medium.com/@cobrabaghdad1/idor-lead-to-personally-identifiable-information-pii-leakage-fb2b1b4be93f
  

Video POC

• https://www.youtube.com/watch?v=e1X2zyAZbcs&ab_channel=AliT%C3%9CT%C3%9CNC%C3%9C

Stored XSS POC

• https://www.youtube.com/watch?v=EjuDr5bLNek&ab_channel=AliT%C3%9CT%C3%9CNC%C3%9C
• https://www.youtube.com/watch?v=FPrNEv9a588&ab_channel=AliT%C3%9CT%C3%9CNC%C3%9C

Security Creators Videos

📅 03-Dec-2020

Host docker binary overwrite from Kata VM - Alex Chapman

https://bugcrowd.com/disclosures/7bf77429-2b94-44ea-b6f9-c1fc59b2fd17/host-docker-binary-overwrite-from-kata-vm

Abusing Docker API

https://dreamlab.net/en/blog/post/abusing-exposed-docker-registry-apis/

Open redirect Bypass H1 - Report

https://hackerone.com/reports/972601