heartPosts from the community...
Story
@tutorialboy24 shared a post, 2 years, 8 months ago
tut

Turning cookie based XSS into account takeover

Amazon Web Services Blogger Bugcrowd Firebase JavaScript Infovis Toolkit

EpilogueI reported the exploitation scenario and was rewarded €500, as the impact was high. Be patient, don’t give up, and think out of the box. In this case, I used the company’s service to exploit the bug.Source :- https://tutorialboy24.blogspot.com/2022/09/turning-cookie-based-xss-into-account.ht..

xss.png
 Activity
@tutorialboy24 added new tool InfoSec Writeups , 2 years, 8 months ago.
Story
@tutorialboy24 shared a post, 2 years, 8 months ago
tut

Exploiting Amazon Simple Notification Service Improper Validation of SigningCertUrl

Amazon Associates Amazon EC2 Amazon Web Services Blogger Amazon CloudWatch

IntroductionCountless applications rely on Amazon Web Services’ Simple Notification Service for application-to-application communication such as webhooks and callbacks. To verify the authenticity of these messages, these projects use certificate-based signature validation based on the SigningCertURL..

v (1).png
loading...