IT-Securityguard Blog

nach Patrik
6 Kommentare

[BugBounty] Decoding a $ūüėĪ,000.00 htpasswd bounty

tldr; A Private Bug Bounty Program had a globally readable .htpasswd file. I cracked the DES hash, got access to development and staging environments and was rewarded a shitload of$. [Tools used] dirbuster¬† John¬† [\Tools used] Today I want to … Weiterlesen

nach Patrik
2 Kommentare

[BugBounty] Reflected Cross Site Scripting BillMeLater

Dear followers, i recently found a reflected Cross Site Scripting issue on a Subdomain of BillMeLater (Paypal acquisition) it was possible to break the style attribute and add malicious Javascript Code into the Application.

When ending the previous style … Weiterlesen