1. How to Start Bug Bounty with Zero Knowledge
作者Abhijeet Kumawat从零技术背景开始学习漏洞赏金猎人,在NASA、Sony等机构成功报告漏洞并获得认可。他分享经验并计划在“Bug Bounty from Scratch”系列中深入探讨25+主题,帮助读者入门并取得成功。
Aggregator
1. How to Start Bug Bounty with Zero Knowledge
2 months ago
一位从零开始的网络安全爱好者通过学习成为漏洞赏金猎人,成功向NASA、索尼等公司报告漏洞并获得认可和收益,并计划分享经验帮助他人入门。
From Cookie Consent to Command Execution: A Real-World SQLi + Full PII Leak to RCE on a Careers…
2 months ago
文章描述了一次通过cookie consent参数发现的SQL注入攻击,该漏洞存在于一家大型汽车公司的职业门户网站中。攻击者利用这一漏洞获得了全数据库访问权限,并成功提取了管理员凭证,进而控制了管理面板和实现了远程代码执行。作者强调了对所有用户输入进行验证的重要性,并建议使用参数化查询来防止类似漏洞。
I found a time-based SQLi… but someone beat me to it!!
2 months ago
作者在漏洞赏金狩猎中发现时间盲注SQL注入漏洞,通过测试确认并撰写报告。提交后得知已被他人报告,未获赏金。虽感失望但认为是进步。
“How CVE-2025–4123 Turned Grafana Into a Hacker’s Playground”
2 months ago
Grafana的一个高危漏洞(CVE-2025–4123)因未正确清理用户提供的路径,导致路径遍历、XSS、SSRF和账户接管等连锁攻击,最终实现完全账户控制。
“How CVE-2025–4123 Turned Grafana Into a Hacker’s Playground”
2 months ago
Grafana中的高危漏洞CVE-2025–4123因未正确处理用户输入路径,导致路径遍历、XSS、SSRF及账户接管等连锁攻击,最终引发全面账户控制风险。
Payload in the Haystack: Using Wayback & ParamSpider to Find a Forgotten Upload Endpoint
2 months ago
深夜渗透测试中,利用自动化工具发现隐藏上传端点并成功执行ZIP Slip漏洞获取权限,最终获得赏金资助生活。
Payload in the Haystack: Using Wayback & ParamSpider to Find a Forgotten Upload Endpoint
2 months ago
深夜渗透测试中,通过ParamSpider和Wayback组合工具发现隐藏/upload端点,利用ZIP Slip漏洞成功入侵目标系统并获得赏金。
“From a 404 Page to $5k: How I Chained Forgotten Bugs Into a Critical Exploit”
2 months ago
从看似无用的路径遍历漏洞入手,通过深入分析和创造性思考,成功将其转化为远程代码执行,并获得高额赏金。
“From a 404 Page to $5k: How I Chained Forgotten Bugs Into a Critical Exploit”
2 months ago
从看似无用的漏洞入手,通过参数测试发现本地文件包含(LFI)漏洞,利用特殊路径构造请求,最终实现远程代码执行(RCE),获得高额奖金,展现了耐心和创造力在安全研究中的重要性。
“$ The Art of Smart Recon: How I Found 10+ Vulnerabilities Without Firing a Single Exploit”
2 months ago
文章讲述了作者在漏洞挖掘过程中从依赖自动化工具到掌握侦察技术的转变。通过关注被忽略的攻击面、手动调查和历史数据,作者成功发现大量漏洞,尤其是收购公司遗留系统中的高危问题。
“$ The Art of Smart Recon: How I Found 10+ Vulnerabilities Without Firing a Single Exploit”
2 months ago
作者在漏洞挖掘中认识到侦察的重要性,指出常见错误如忽视隐藏攻击面、依赖自动化工具和忽略历史数据,并通过分析收购公司遗留系统找到大量漏洞。
Tumblr Post+ Creator and Got Paid $100
2 months ago
Tumblr的Post+系统中发现一个低影响但意外的漏洞:用户可订阅已退出Post+的创作者。该漏洞涉及访问控制和支付流程问题,并最终为报告者带来$100奖励。
How Our Team Bypassed YouTube Authorization and Uploaded Videos to ANY Channel — $6,337 Bounty
2 months ago
作者发现YouTube内部工具Video Builder存在严重授权绕过漏洞,攻击者可修改请求中的channelId参数上传视频至任意频道。该漏洞因后端缺乏授权验证导致,Google已修复并奖励$6,337。
I want to brute force my attendance in UNI (SEATS APP)
2 months ago
文章描述了一位学生希望破解学校使用的SEATS考勤系统。该系统使用6位数代码进行签到,手动尝试耗时过长(仅15分钟可输入),因此寻求暴力破解方法以快速获取正确代码。
Popular npm linter packages hijacked via phishing to drop malware
2 months ago
Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. [...]
Ax Sharma
3 дня, 12 компаний, 400 ГБ данных: Akira выжигает бизнес за бизнесом
2 months ago
Компании падают, как домино — без правил, без жалости, без шанса на спасение.
CVE-2025-6771
2 months ago
Currently trending CVE - Hype Score: 29 - OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVE-2025-4428
2 months ago
Currently trending CVE - Hype Score: 29 - Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVE-2025-4427
2 months ago
Currently trending CVE - Hype Score: 29 - An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.