Good shit, y'all. Give it a download.
github.com/bebiksior/Ca...
27.11.2024 15:01
π 15
π 1
π¬ 0
π 0
Good shit, y'all. Give it a download.
github.com/bebiksior/Ca...
Incoming $1m hacker
I talk about this on the pod all the time, but CSRF is dead simple. You just need to know the conditions.
I'm not gonna recite them again here, but today a new condition came up:
No Content-Type header -> no CSRF restrictions
Same-site: None
POST
= CSRF
The research:
Got a CSRF attack being blocked by Content-Type validation? You might be able to bypass it with this quality technique.
Coding without a package manager in 2024 is like building a house by mining limestones first and making cement and mortal with that
As a #Bugbounty hunter , I was so mad when my workplace paid $30k for a pentest and only got horrible reports (ssl cert , httponly , rate limit ) . Mean while our bug bounty program had mediums and high reports
Moving forward I think every pentest company should have at least 2 bug bounty hunters
Trying to make a list of programs that have hosted a live event on hackerone
-epic games
-tiktok
-zoom
-salesforce
-uber
-PayPal
-DoD
-shopify
-airbnb
-yahoo
-Starbucks
-Amazon
Which did I miss #Bugbounty
Myself
#Bugbounty
I remember this picture spooking me out when I first saw the write up π
Bro , βsmoking tookahβ literally wonβt leave my lips for days