heart Posts from the community...
Story
tutorialboy24
@tutorialboy24 shared a post, 2 years, 8 months ago
tut

Turning cookie based XSS into account takeover

#Infosec   #cyberse...   #Securit...   #DevSecO...   #informa...  
Amazon Web Services Blogger Bugcrowd Firebase JavaScript Infovis Toolkit

EpilogueI reported the exploitation scenario and was rewarded €500, as the impact was high. Be patient, don’t give up, and think out of the box. In this case, I used the company’s service to exploit the bug.Source :- https://tutorialboy24.blogspot.com/2022/09/turning-cookie-based-xss-into-account.ht..

xss.png
2k views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
 Activity
tutorialboy24
@tutorialboy24 added new tool InfoSec Writeups , 2 years, 8 months ago.
Story
tutorialboy24
@tutorialboy24 shared a post, 2 years, 8 months ago
tut

Exploiting Amazon Simple Notification Service Improper Validation of SigningCertUrl

#cyberse...   #aws   #DevSecO...   #Securit...  
Amazon Associates Amazon EC2 Amazon Web Services Blogger Amazon CloudWatch

IntroductionCountless applications rely on Amazon Web Services’ Simple Notification Service for application-to-application communication such as webhooks and callbacks. To verify the authenticity of these messages, these projects use certificate-based signature validation based on the SigningCertURL..

v (1).png
2k views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
loading...