Bug Bytes #212 – XSS Payloads, IDOR prediction and Cloud Security

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from September 18th to September 24th

CLICK HERE TO SUBSCRIBE

Intigriti News

• It’s CHALLENGE O’CLOCK!

• XXE! Automate or search for it manually

• Exploiting SQL Injection vulnerabilities!

From my notebook

1. Hacker Tweets Explained

2. Tokyo Hacking & Interview with 0xLupin (Ep. 37)

3. IDOR – how to predict an identifier? Bug bounty case study

4. 22.6k+ GitHub Stars Note-Taking App Hit by XSS Vulnerability

5. Build It Before Breaking It !!

• India hacks Pakistani websites post-terrorist attack

• How is cloud pentesting different to config review? (shorts)

• How to Look For Virtual Hosts // How To Bug Bounty

• Data Security RoadMap in 2023

• Application Security vs Cloud Security (shorts)

• Michael Taggart’s Journey in Education and Information Security

• GCP Service Account explained! (shorts)

• Authentication Vulnerabilities – Lab #10 Offline password cracking | Short Version

• I Explored Ransomware Cybercrime on the Dark Web

• How to Stop an Army of 14 Million Zombie Computers🎙Darknet Diaries Ep. 94: Mariposa Botnet

• Hacking a vice presidential Yahoo account (shorts)

• Which Visual Studio Code Extensions Can Be Hacked?

• Cloud Pentesting: AWS vs GCP (shorts)

• Run ANY Linux Program In Memory

• Automated Password Hacking (for the lazy hacker)

• Directory Traversal / File Read Into Zip with Python [HackTheBox Snoopy]

• HackTheBox – Snoopy

• How “Mimikatz” works (shorts)

• Tesla insiders leaked tons of data! #shorts #cybersecurity #infosec (shorts)

• UK changing laws to stop security patches to software to make spying easier! #cybersecurity #privacy(shorts)

• Start doing cloud pentesting in GCP? (shorts)

• Do not forget about this attack scenario #bugbounty #bugbountytips #bugbountyhunter (shorts)

• Sherrod DeGrippo on Why She Loves Cyber Crime

• Risky Business #722 — Microsoft embraces Zero Trust… Authentication?

• SN 940: When Hashes Collide – Secure-wipe best practices, browser identity segregation, bye bye Twitter (X)

• Episode 393 – Can you secure something you don’t own?

• Beginner

  • Unmasking Directory Traversal: Navigating Vulnerabilities in Web Applications

  • Guarding the Cosmos: The Dark Secrets of Your WordPress `wp-config.php` File

  • Bruteforcing Files and Directories is Easy… Right?

  • Extracting Sensitive Data from HTML and JS Files.

  • [CORS] Easy peasy lemon squeezy

  • Race Condition Vulnerabilities: A Hands-On Primer — Part 1

• Intermediate

  • Injecting Danger: Understanding Server-Side Template Exploits

  • The Introduction to AXIOM

  • The Ultimate SQLmap Tutorial: Master SQL Injection and Vulnerability Assessment!

  • Automating Reconnaissance with Sling Shot R3con — powered by project Discovery tools

  • Mastering Reconnaissance with Project Discovery

  • Cloud Security: Protecting Your Digital Oasis in the Cloud

  • Behind the Hack: The Mechanics of SQL Injection Attacks

• Advanced

  • How a Simple Spreadsheet Can Hack Your Computer | CSV Injection

  • How to use Burp Suite Like a PRO?

  • Ethical Hacker’s Passive Reconnaissance Toolkit

  • Find Bugs While Sleeping ? Get Phone Notifications When A Bug Is Found

  • Understanding CVE-2023–24329 -Python urlparse Function

  • New ways to inject system CA certificates in Android 14

• Security Research

  • Exploit Analysis: Request-Baskets v1.2.1 Server-side Request Forgery (SSRF)

  • CVE-2023–39612: CSP bypasss + XSS to achieve Admin Account Takeover + Remote Command Execution

  • Defeating Visual Studio Code embedded reverse shell

  • Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records

  • The WebP 0day

  • Multiple Memory Corruption Vulnerabilities

  • LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

  • The indomitable maintainer spirit versus the indifferent cruelty of JavaScript

  • Writing API exploits using Postman Flows

  • Wind River VxWorks tarExtract directory traversal vulnerability

  • Fileless Remote Code Execution on Juniper Firewalls – Blog

  • Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation

  • I hacked macOS! (CVE-2022-32947)

• Bugs

  • Reverse Search IDOR approach to Exposure of all Organizational Sensitive Information.

  • $1,250 worth of Host Header Injection

  • Csrf with content type change.

  • Discovering 7 Open Redirect Bypasses and 3 XSS Bypasses Within a Single Program

  • Cross-site Scripting (XSS) On Small Crm Portal CVE-2023–43331

  • Subdomain Takeover

  • How I Earned My Place Among Ferrari’s Elite-16 in the Hall of Fame

  • Broken access control (username or email enumeration)

  • Uncovering a Critical Vulnerability in Samsung Mobile Security: A Bug Bounty Journey

  • My debut with a Critical Bug: How I found my first bug (API misconfiguration)

  • My $1000 Bounty Bug: How I Stopped Companies from Losing Money with an IDOR Flaw

  • Stored XSS in Admin Panel

  • How 2 Cute Bugs offered me a reward of 650€

  • Discovering PII with Google Dorking: My Journey of Finding Vulnerabilities in Government Website

  • Tricky 2FA Bypass Leads to 4 digit Bounty $$$$

  • Unlocking Premium CV Features: My Journey to Downloading CVs for Free

  • How I Got 4 SQLI Vulnerabilities At One Target Manually Using The Repeater Tab

  • OTP Bypass leads to Account Creation

  • Weird LFI and escalating the impact from High to Critical

  • One click Account Takeover & IDOR leaks all user information

  • API Information Disclosure Leading to Admin Account Takeover

  • OTP Bypass via Source Page Inspection

  • How i found an Stored XSS on Google Books

  • No Rate Limit for Forgot Password

  • Privilege Escalation: How I Earned $500 by Discovering the Ability to Delete Documents as a Student

  • Bypassing ML based phishing and spam detection using evasion

  • Webinar Pro or Not: The $500 Access Control Bug

  • Hacking into gRPC-Web

• CTF challenges

  • PatriotCTF 2023-My phone! (Crypto+OSINT)

  • PatriotCTF 2023-Capybara (Forensics) & what is Morse Code?

  • HTB: Snoopy

  • OnlyForYou HTB | LFR | RCE | Cypher Injection (Neo4j) graph database | pip3 download code execution

• Haylxon: Take screenshots of urls/websites from terminal new release 🦊

• Automating Reconnaissance with Sling Shot R3con — powered by project Discovery tools

• MFMokbel/Crawlector: Crawlector is a threat hunting framework designed for scanning websites for malicious objects.

• HTMLSmuggler – HTML Smuggling Generator And Obfuscator For Your Red Team Operations

• SMShell – Send Commands And Receive Responses Over SMS From Mobile Broadband Capable Computers

• Surf – Escalate Your SSRF Vulnerabilities On Modern Cloud Environments

• Mastering BTL1: Journey, Tips, and Insights for Cyber Defenders

• that was very quick and amazing LFI

• Good morning! I’ve been using this payload for over a year to discover XSS via open redirect

• DB credentials are stored in the file