Security Breached Blog

Security Breached | Latest Cyber News, Exploits, Tools & Tutorials | Securitybreached.org

    Security Breached Blog

    Security Breached | Latest Cyber News, Exploits, Tools & Tutorials | Securitybreached.org

    November 3, 2018

    P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC

    Hey Guys,   So This blog is a short blog about a P1 issue i found in a site it was a really simple and maybe a common issue, So I got invited to a site and the first thing i mostly do is to check github.com for issues related to that site & also code etc, so i searched […]

    Read More
    Muhammad Khizer Javed BugBounty POC 1
    October 27, 2018

    Privilege Escalation like a Boss

    Hello guys, This is Jay Jani and after a long time, I am back with one of my finding. This one is simple Privilege Escalation on a private program of HackerOne.   PS : This post is for Noobs like me so Leets please ignore the post :/   So I was invited to participate in a private program. I […]

    Read More
    Uncategorized 7
    Subdomain Takeover via Unsecured S3 Bucket Connected to the Website
    September 24, 2018

    Subdomain Takeover via Unsecured S3 Bucket Connected to the Website

    Hey Guys,   So This Blog is Basically About an issue i found in a web where a missing file and an Unsecured S3 Bucket connected to that website gave me a way to takeover that subdomain without a Subdomain Takeover Vulnerability, So Let’s begin   So I was testing a private program when i came across a Subdomain on […]

    Read More
    Muhammad Khizer Javed BugBounty POC 7
    September 16, 2018

    IDOR User Account Takeover By Connecting My Facebook Account with victims Account

    Hey Guys Its Me Khizer again So This Blog is about an IDOR issue i found in a Web where changing the User ID in Facebook auth callback linking request actually connects my Facebook Account to the Victims Site Account so By this i could get complete access to User Account. So Let’s start what happened was i was testing […]

    Read More
    Muhammad Khizer Javed BugBounty POC 0
    September 10, 2018

    Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC

    Hey guys Me again with a Short POC about Login Bypass Using SQL Injection to get Access to AutoTraders Webmail so lets begain the POC will be short. What happened was i was working on AutoTraders Bug Bounty Program and had reported a couple of issues but all were Duplicate so i was checking subdomains when i landed on a […]

    Read More
    Muhammad Khizer Javed BugBounty POC 3
    September 9, 2018

    ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC

    Hey Guys! Me Back with a New Post This One is about an Authentication Bypass Vulnerability in one of the subdomains of https://zol.co.zw/ ZOL Zimbabwe and Then got an XSS following with an SQLi in that Control Panel. So The Main Focus of this Blog Post will be on How i got access to the CP and then How i […]

    Read More
    Muhammad Khizer Javed BugBounty POC 1
    September 8, 2018

    SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC

    Hey Guys,   So Another Concise Report about an SQLi I recently Found One day i was just going through some Twitter posts and saw one of my friend replied to a tweet about a Swag pack   As Some of you guys already know How Attractive such Tweets are so i decided to Test the Site that give him […]

    Read More
    Muhammad Khizer Javed BugBounty POC 3
    September 7, 2018

    RCE Unsecure Jenkins Instance | Bug Bounty POC

    Hi Guys, Honestly i was just getting bored and the blog wasn’t updated ina while so i decided to write this  (Will share some more recent issues in a few days 🙂 )   So i want this Write Up to be concise.. to Let’s Just say I was checking subdomains of a site and  found a subdomain jenkins-thor.dosomething.org so By […]

    Read More
    Muhammad Khizer Javed BugBounty POC 1
    Edmodo official number for custom text messages to any number around the world!
    May 23, 2018

    Edmodo official number for custom text messages to any number around the world!

    Hello 1337s, I hope you all are doing good and hunting websites. Today I’m going to tell you about a very interesting finding which was very simple and I never expected that it could really exist there. I was hunting Edmodo nine months back and after various tests and techniques, I was unable to find any solid bug. Well before […]

    Read More
    BugBounty POC 0
    IOS 11.4 Siri Auth Bypass | CVE-2018-4238
    May 22, 2018

    IOS 11.4 Siri Auth Bypass | CVE-2018-4238

    So this year in March i was just testing different settings of my iPhone that was running the latest IOS that time it was IOS 11.2.6 and i came across a setting under Settings > Siri > WhatsApp>”Use With Siri” I turned it on and locked my iPhone just to see if i can use WhatsApp to send a Message […]

    Read More
    Muhammad Khizer Javed BugBounty POC 0

    Posts navigation

    « Previous 1 2 3 4 Next »

    Categories

    • BugBounty POC
    • News
    • Tutorials
    • Uncategorized

    Blog Stats

    • 168,464 hits

    Security Breached

    Security Breached

    Follow me on Twitter

    My Tweets

    UserOnline

    1 User Online

      Copyright ©2021 Security Breached Blog . All rights reserved. Powered by WordPress & Designed by Cyclone Themes