Security Breached | Latest Cyber News, Exploits, Tools & Tutorials | Securitybreached.org
Hey Everyone, I hope you all are fine and doing well. Today I wanna share something related JSON Web Tokens (JWT). In this writeup, I’ll tell you how I was able to confirm emails without confirmation tokens, reset password as well as taking over company emails. So let’s start. What is JSON Web Token? JSON Web Token (JWT) is […]
Hey guys so this blog post is about RCE issue reported to Microsoft bug bounty program, Remote Code execution issue existed in microsoft.com subdomain running Apache Solr. I’ll try to be as simple as possible. Participated in Microsoft Bug Bounty Program first time.. About the RCE: While doing some recon on microsoft.com website i found a subdomain http://tide90.microsoft.com/ doing […]
Hey Everyone, My name is M.Qasim Munir and this is my first blog article that I’m writing about getting started in android apps pen-testing. I hope this article will help you with learning something new. Getting Started in Android apps Pen-testing (PART-1): Amazing development and growth in mobile apps have carried a bunch of vulnerabilities that attackers are ready […]
Hey guys so this blog post is about doing static analysis of an Android App, And due to insecure storage of SMS API credentials I was able to Takeover the SMS API here’s a Short POC of the issue.
Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a Short POC tutorial of the issue. A few days ago i was doing static analysis of an Android app on a bug bounty target, as normally i decompiled my targeted […]
Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here’s a Short POC of the issue. HackerOne Report: #420420 A Subdomain on Snapchat’s website https://whatis.snapchat.com/ Gives the basic information about Snapchat, what it does and how it […]
Hey guys so this blog post is about a User Account Takeover issue that i discover. the bug was an Account Takeover issue that was found in Signup & Switch Accounts feature so here’s the a Short POC of the issue. While testing i saw that there is a “Switch Accounts” Option in Application Menu and mine […]
Hello Masters and Learner I hope you are doing well and always put your efforts to secure the world so that no can get benefits unethically. the main reason why i am writing this article is that sometime when we lose hope that time we just need to think outside of the box xD . While testing h1 private site […]
Hey, So First of all before i start writing about this issue i want you guys to read the blog about Ticket Trick it was written by Inti De Ceukelaire (Thanks to him for sharing this and help us work on it to secure more companies ). This blog is just about my experience with this issue and how i use this issue […]
Hey Guys, So This blog is a short blog about a P1 issue i found in a site it was a really simple and maybe a common issue, So I got invited to a site and the first thing i mostly do is to check github.com for issues related to that site & also code etc, so i searched […]