Video yükleniyor...

Video Yüklenemedi

Bu video yüklenirken bir sorun oluştu. Bu geçici bir ağ sorunundan kaynaklanıyor olabilir veya video kullanılamıyor olabilir.

Ana Sayfaya Dön

How did I test the IDOR vulnerability that leads to all user Data leakage? 1:Change the /me endpoint to /users. 2.Change the GET method to the POST method. 3.Add the Content-Type: application/json header. 4.Add this payload to the HTTP request body. {"ids":["1"]} #bugbountytips

Aydin Naserifard

1,744 subscribers

41,410 görüntüleme • 3 yıl önce •via X (Twitter)

Bilim & Teknoloji Eğitim #bugbountytips

Anya Rossi• Live Now

Private livecam show

8 Yorum

st0x_r0 profil fotoğrafı

st0x_r03 yıl önce

Hey bro, how did you find out about this loophole?🤔🤔

Aydin Naserifard profil fotoğrafı

Aydin Naserifard3 yıl önce

the rest, you know. Just for point number 4, there was no ids parameter, which should have been seen in the response with the /users or /me endpoints. I tried the hit-and-trial method.

ashu (logic-cracker) profil fotoğrafı

ashu (logic-cracker)1 yıl önce

reallly nice thank you bro really appreaciated .........

0xm1racle profil fotoğrafı

0xm1racle3 yıl önce

Im curious how this vulnerability occured

Aydin Naserifard profil fotoğrafı

Aydin Naserifard3 yıl önce

the rest, you know. Just for point number 4, there was no ids parameter, which should have been seen in the response with the /users endpoint. I tried the hit-and-trial method.

Md. Amin Ullah Sheikh profil fotoğrafı

Md. Amin Ullah Sheikh3 yıl önce

Great bro

huntk1ng profil fotoğrafı

huntk1ng3 yıl önce

@SaveToNotion #tweets #idor

tjmald profil fotoğrafı

tjmald3 yıl önce

@SaveToNotion #Tweet #idor

Benzer Videolar

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity

Web Security Academy

26,242 görüntüleme • 1 yıl önce

SAMSUNG USER I FOUND A WAY TO EMBED VIDEO 😭😭😭 1. click post video 2. change the ' to twitter 3. post

SAMSUNG USER I FOUND A WAY TO EMBED VIDEO 😭😭😭 1. click post video 2. change the ' to twitter 3. post

red 🍿

1,128,916 görüntüleme • 15 gün önce

The method is simple: 1 Start with simple ingredients. 2 Build a brand people trust over decades. 3 Sell company to a financial party that maximizes profit over all. 4 Slowly over time add ingredients that hyper-palliative, addictive and injurious to health. Taste test:

Brian Roemmele

110,920 görüntüleme • 1 yıl önce

The http package is a great way to fetch data from the internet in Flutter 🌐 Add it to your project by running "flutter pub add http".

The http package is a great way to fetch data from the internet in Flutter 🌐 Add it to your project by running "flutter pub add http".

Flutter

18,209 görüntüleme • 1 yıl önce

You can turn on the "Agent mode" of Gemini Code Assist to make it 10x better This enables Gemini to use tools and even MCPs: 1. Press Ctrl/Cmd+Shift+P 2. Type "Open User Settings (JSON)" and select it 3. Add this line to the file: "geminicodeassist.updateChannel": "Insiders" 4. Save and click on the reload button That's it!

You can turn on the "Agent mode" of Gemini Code Assist to make it 10x better This enables Gemini to use tools and even MCPs: 1. Press Ctrl/Cmd+Shift+P 2. Type "Open User Settings (JSON)" and select it 3. Add this line to the file: "geminicodeassist.updateChannel": "Insiders" 4. Save and click on the reload button That's it!

Paul Couvert

143,760 görüntüleme • 11 ay önce

Did you know that you can change an image by asking Grok imagine ? In the example, I made two changes: 1. I asked to change the background. 2. I asked to change the eye color.

Did you know that you can change an image by asking Grok imagine ? In the example, I made two changes: 1. I asked to change the background. 2. I asked to change the eye color.

Déborah

1,657,758 görüntüleme • 10 ay önce

An easy method to add a laser beam to the Guardsmen, and a quick method to paint the fabric. The rest of the armor is just a couple of reflections, and it's done. #warhammer40k #warhammer #gamesworkshop #paintingwarhammer

An easy method to add a laser beam to the Guardsmen, and a quick method to paint the fabric. The rest of the armor is just a couple of reflections, and it's done. #warhammer40k #warhammer #gamesworkshop #paintingwarhammer

Juan Sanz Elminiaturista

18,087 görüntüleme • 7 ay önce

In 1986, Brian Tracy reveals the method that allows you to bend reality itself: “If you want to change your life, change your. . .”

In 1986, Brian Tracy reveals the method that allows you to bend reality itself: “If you want to change your life, change your. . .”

GrindBuddy

86,673 görüntüleme • 1 yıl önce

Over $1M in prizes, and only 14 days to participate Here are 7 ways to earn while playing Cambria Season 2: The Paymasters P.S. use code: gorilla 0:00 Intro 0:32 What is Cambria 0:55 Earning in Cambria 1:18 Method 1) Prize pool 1:52 How to play for free 2:18 How to earn silver 3:14 Method 2) Bribes 3:57 How to maximize earnings 4:47 Method 3) Trading 5:24 Method 4) Ronin Taskboard 5:49 Method 5) Abstract XP 6:13 Method 6) Content and Bugs 6:30 Method 7) Guilds & Communities 7:48 Have fun and earn 8:14 Use code gorilla

Over $1M in prizes, and only 14 days to participate Here are 7 ways to earn while playing Cambria Season 2: The Paymasters P.S. use code: gorilla 0:00 Intro 0:32 What is Cambria 0:55 Earning in Cambria 1:18 Method 1) Prize pool 1:52 How to play for free 2:18 How to earn silver 3:14 Method 2) Bribes 3:57 How to maximize earnings 4:47 Method 3) Trading 5:24 Method 4) Ronin Taskboard 5:49 Method 5) Abstract XP 6:13 Method 6) Content and Bugs 6:30 Method 7) Guilds & Communities 7:48 Have fun and earn 8:14 Use code gorilla

Gorilla

19,349 görüntüleme • 1 yıl önce

A new toolbox loading method will be added to etaHEN 2.1B, this method should be 20x more stable than the current method and will only take up to 10 secs to re-add the toolbox WITH kstuff active, down from 2 mins. here's a preview on 4.03

A new toolbox loading method will be added to etaHEN 2.1B, this method should be 20x more stable than the current method and will only take up to 10 secs to re-add the toolbox WITH kstuff active, down from 2 mins. here's a preview on 4.03

LM

21,186 görüntüleme • 1 yıl önce

Use mpp dot dev guides upgrade-x402.md as reference. Add mppx to my existing x402 server. Use the Tempo payment method with USDC. Keep the same pricing and route structure. Add mppx.charge to each paid endpoint. Point out areas where I could benefit from adding sessions.

Use mpp dot dev guides upgrade-x402.md as reference. Add mppx to my existing x402 server. Use the Tempo payment method with USDC. Keep the same pricing and route structure. Add mppx.charge to each paid endpoint. Point out areas where I could benefit from adding sessions.

Georgios Konstantopoulos

16,319 görüntüleme • 2 ay önce

What is HTTP Downgrading, why use it, and how does it work? HTTP/2 is default for most web apps these days, however, it's not uncommon for backend servers to still use HTTP/1.1 causing parsing mismatches between frontend and backend. And that's where HTTP downgrading comes in! But what is it? HTTP downgrading is the process of forcing a request to be processed under HTTP/1.1 instead of HTTP/2. This allows you to manipulate how the frontend and backend servers interpret requests and exploit vulnerabilities unique to HTTP/1.1 parsing such as Content-Length Transfer-Encoding (CL.TE) attacks. How to downgrade HTTP/2 to HTTP/1.1 using Burp Suite 1️⃣ Open Burp Suite and Navigate to Proxy → HTTP History 2️⃣ Locate the request that is currently using HTTP/2. 3️⃣ Send the Request to Repeater 4️⃣ In the Repeater tab, open the "Inspector" panel → Request Attributes → Protocol 5️⃣ Change HTTP Version to HTTP/1.1 6️⃣ Click "Send" in Repeater. If successful, you should receive a valid response, confirming the server accepts HTTP/1.1. And that's it! You've just downgraded the HTTP protocol and confirmed that the frontend server accepts HTTP/1.1! 🥳 You are now ready to smuggle requests! If you want to learn how to exploit this, we've got a Web Academy Lab you need to check out: Thanks for reading! #requestsmuggling #cybersecurity #BurpSuite #hacking #infosec

What is HTTP Downgrading, why use it, and how does it work? HTTP/2 is default for most web apps these days, however, it's not uncommon for backend servers to still use HTTP/1.1 causing parsing mismatches between frontend and backend. And that's where HTTP downgrading comes in! But what is it? HTTP downgrading is the process of forcing a request to be processed under HTTP/1.1 instead of HTTP/2. This allows you to manipulate how the frontend and backend servers interpret requests and exploit vulnerabilities unique to HTTP/1.1 parsing such as Content-Length Transfer-Encoding (CL.TE) attacks. How to downgrade HTTP/2 to HTTP/1.1 using Burp Suite 1️⃣ Open Burp Suite and Navigate to Proxy → HTTP History 2️⃣ Locate the request that is currently using HTTP/2. 3️⃣ Send the Request to Repeater 4️⃣ In the Repeater tab, open the "Inspector" panel → Request Attributes → Protocol 5️⃣ Change HTTP Version to HTTP/1.1 6️⃣ Click "Send" in Repeater. If successful, you should receive a valid response, confirming the server accepts HTTP/1.1. And that's it! You've just downgraded the HTTP protocol and confirmed that the frontend server accepts HTTP/1.1! 🥳 You are now ready to smuggle requests! If you want to learn how to exploit this, we've got a Web Academy Lab you need to check out: Thanks for reading! #requestsmuggling #cybersecurity #BurpSuite #hacking #infosec

Web Security Academy

62,622 görüntüleme • 1 yıl önce

Reporter: The US company could change the algorithm to push different content? Vance: The US company will have control on how the algorithm pushes content to users.

Reporter: The US company could change the algorithm to push different content? Vance: The US company will have control on how the algorithm pushes content to users.

Acyn

46,703 görüntüleme • 9 ay önce

How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: Content-Length: 6 Transfer-Encoding: chunked 0 G 5️⃣ Send request twice. If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability! Try this out for yourself in our CL.TE lab:

How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: Content-Length: 6 Transfer-Encoding: chunked 0 G 5️⃣ Send request twice. If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability! Try this out for yourself in our CL.TE lab:

Web Security Academy

27,902 görüntüleme • 10 ay önce

This is the fastest way to edit any pictures using English. This is the first app I've seen supporting voice-controlled AI editing. I'm using the Genspark mobile app here, with their newly released Photo Genius feature. You can see how fast this works in the video below. Here is what I did: 1. I asked the agent to change my outfit to a suit 2. I asked it to make me wear a baseball hat 3. I asked it to make me smile 4. I asked it to change the background 5. I asked to show an old lady walking by

This is the fastest way to edit any pictures using English. This is the first app I've seen supporting voice-controlled AI editing. I'm using the Genspark mobile app here, with their newly released Photo Genius feature. You can see how fast this works in the video below. Here is what I did: 1. I asked the agent to change my outfit to a suit 2. I asked it to make me wear a baseball hat 3. I asked it to make me smile 4. I asked it to change the background 5. I asked to show an old lady walking by

Santiago

90,760 görüntüleme • 8 ay önce

This is the basic practice method that helped me get to a plus handicap

This is the basic practice method that helped me get to a plus handicap

Jon Sherman

70,765 görüntüleme • 1 yıl önce

Why did the Auschwitz death toll change from 4 million to 1 million?

Why did the Auschwitz death toll change from 4 million to 1 million?

Noah’s Ark 🚢

22,285 görüntüleme • 2 ay önce

this is the EASIEST method to build a viral app on your first try. 1. search for existing apps on t:)ktok 2. look at viral vids 3. build the viral feature 4. add your own twist after i’ve seen the SAME viral feature in 3 different couple apps today. are you doing this?

this is the EASIEST method to build a viral app on your first try. 1. search for existing apps on t:)ktok 2. look at viral vids 3. build the viral feature 4. add your own twist after i’ve seen the SAME viral feature in 3 different couple apps today. are you doing this?

Simone Canc

76,066 görüntüleme • 6 ay önce

"That's the No. 1 rule I would change." Matthew thinks the NHL should switch to the 3-2-1-0 standings points system 👀

"That's the No. 1 rule I would change." Matthew thinks the NHL should switch to the 3-2-1-0 standings points system 👀

Wingmen with Matthew and Brady Tkachuk

263,691 görüntüleme • 7 ay önce