heart Posts from the community...
Story
@tutorialboy24 shared a post, 1 year, 5 months ago
tut

Turning cookie based XSS into account takeover

EpilogueI reported the exploitation scenario and was rewarded €500, as the impact was high. Be patient, don’t give up, and think out of the box. In this case, I used the company’s service to exploit the bug.Source :- https://tutorialboy24.blogspot.com/2022/09/turning-cookie-based-xss-into-account.ht..

xss.png
 Activity
@tutorialboy24 added new tool InfoSec Writeups , 1 year, 5 months ago.
Story
@tutorialboy24 shared a post, 1 year, 5 months ago
tut

Exploiting Amazon Simple Notification Service Improper Validation of SigningCertUrl

IntroductionCountless applications rely on Amazon Web Services’ Simple Notification Service for application-to-application communication such as webhooks and callbacks. To verify the authenticity of these messages, these projects use certificate-based signature validation based on the SigningCertURL..

v (1).png