正在加载视频...

视频加载失败

返回首页

Integrity flow vulnerability in "microsoft teams" poll 3000$ bounty Sometimes, overlooked isuue can create significant vulnerability. In the "displayname" field, we send the name of the person we want the message to be send. #bugbounty

l4tr0d3ctism's profile picture

Moslem Haghighian

2,552 subscribers

11,998 次观看 • 2 年前 •via X (Twitter)

财经科学技术新闻政治#bugbounty
LIVE

Anya Rossi• Live Now

Private livecam show

10 条评论

#AmaN 🔥 的头像
#AmaN 🔥2 年前

Have you created poll with another user id ?

Moslem Haghighian 的头像
Moslem Haghighian2 年前

Yes that's right

#AmaN 🔥 的头像
#AmaN 🔥2 年前

Because I didn’t understand properly

Damanpreet Singh🇮🇳🐐 的头像
Damanpreet Singh🇮🇳🐐2 年前

@v3d_bug 66897 🌜, congratulations 🎉

🦇 © 的头像
🦇 ©2 年前

So you created a poll on behalf of user

Verneet 的头像
Verneet2 年前

is it fixed?

Moslem Haghighian 的头像
Moslem Haghighian2 年前

Yes, according to the rules, you have to wait until the bug is fixed, that's why I published this vulnerability after a few months of delay.

CoinbasePro 的头像
CoinbasePro2 年前

impact?

CoinbasePro 的头像
CoinbasePro2 年前

bro you just intersept and change the name so where is impact...?

Moslem Haghighian 的头像
Moslem Haghighian2 年前

In this vulnerability, it was possible to change the name to your ID and send messages or polls in the group instead of you. So identity spoofing happens because I poll with another person's ID.

相关视频

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum
0:37

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum

NullSecX

45,540 次观看 • 10 个月前

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!
17:59

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

LiveOverflow 🔴

44,787 次观看 • 2 年前

Ossoff: Atlanta influences everything. Everything. And this fall, the entire nation will be looking to us here in Atlanta and across the State of Georgia once again to see what kind of message we want to send about the kind of country we want to be.
1:12

Ossoff: Atlanta influences everything. Everything. And this fall, the entire nation will be looking to us here in Atlanta and across the State of Georgia once again to see what kind of message we want to send about the kind of country we want to be.

Team Ossoff

16,540 次观看 • 15 天前

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity
1:32

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity

Web Security Academy

26,242 次观看 • 1 年前

3,000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup:
0:22

3,000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup:

Dark Web Informer

23,493 次观看 • 4 个月前

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.
0:53

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

Trend Micro Research

200,099 次观看 • 3 年前

They are going around threatening people. I need the contact of the person threatening you on WhatsApp, so we can send him a message.
3:15

They are going around threatening people. I need the contact of the person threatening you on WhatsApp, so we can send him a message.

Simon Ekpa

50,437 次观看 • 1 年前

The players send a message to the fans ahead of tomorrow's game: "All in red, full energy, we need you"
0:44

The players send a message to the fans ahead of tomorrow's game: "All in red, full energy, we need you"

Bayern & Germany

67,934 次观看 • 1 个月前

Can someone send help?? Poll in the next tweet 👇
6:37

Can someone send help?? Poll in the next tweet 👇

Brent

11,841 次观看 • 2 年前

Watters: When trump says we are going to run the country, what he means is, we have a blockade so we control the cash flow. We know who gets paid. If we don't want them to get paid, we can decide that. Or we can send in more commandos or more missiles
0:23

Watters: When trump says we are going to run the country, what he means is, we have a blockade so we control the cash flow. We know who gets paid. If we don't want them to get paid, we can decide that. Or we can send in more commandos or more missiles

Acyn

33,840 次观看 • 5 个月前

Iran’s soccer team should 100% play in the World Cup here in the US. It’s an important message to send to the Iranian people and the world. We should do everything we can to make this happen:
1:06

Iran’s soccer team should 100% play in the World Cup here in the US. It’s an important message to send to the Iranian people and the world. We should do everything we can to make this happen:

Clay Travis

120,418 次观看 • 3 个月前

As Christian communities around the world prepare to observe the Easter Holiday we send a message of friendship and solidarity as we stand together in the face of persecution.
1:15

As Christian communities around the world prepare to observe the Easter Holiday we send a message of friendship and solidarity as we stand together in the face of persecution.

World Jewish Congress

739,269 次观看 • 3 年前

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: PoC:
0:46

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: PoC:

0x6rss

45,616 次观看 • 1 年前

We can send the trucks to gmmtv if you want us to @ khao
0:30

We can send the trucks to gmmtv if you want us to @ khao

jj⁷

783,937 次观看 • 2 年前

Ken Buck on CNN: "I don't want someone who was involved in the activities of January 6 ... There's no way we win the majority if the message we send to the American people is we believe in the election was stolen, and we believe that January 6 was a tour of the Capitol."
0:54

Ken Buck on CNN: "I don't want someone who was involved in the activities of January 6 ... There's no way we win the majority if the message we send to the American people is we believe in the election was stolen, and we believe that January 6 was a tour of the Capitol."

Aaron Rupar

3,092,268 次观看 • 2 年前

INDIANA RINOS "WE GOT TO SEND THEM PACKING": 7/9 CANDIDATES WIN Noah Formica explains they had dozens of field teams to bring down the establishment RINOs, "we were really scaring the establishment RINOs. MAGA victories across IN...sent SHOCKWAVES." Jack Posobiec
1:54

INDIANA RINOS "WE GOT TO SEND THEM PACKING": 7/9 CANDIDATES WIN Noah Formica explains they had dozens of field teams to bring down the establishment RINOs, "we were really scaring the establishment RINOs. MAGA victories across IN...sent SHOCKWAVES." Jack Posobiec

Real America's Voice (RAV)

23,374 次观看 • 1 个月前

📢 Calling on ARMYs around the world to come together and buy “D-DAY” (the song) on iTunes today.🙏 CHART D-DAY ON ITUNES❗️ We need to send Yoongi a message LOUD & CLEAR— that we stand by his side. "Future's Gonna Be Okay" is the perfect message of reassurance we can send. 😭💜
0:58

📢 Calling on ARMYs around the world to come together and buy “D-DAY” (the song) on iTunes today.🙏 CHART D-DAY ON ITUNES❗️ We need to send Yoongi a message LOUD & CLEAR— that we stand by his side. "Future's Gonna Be Okay" is the perfect message of reassurance we can send. 😭💜

AGUST D CHARTS

27,029 次观看 • 11 个月前

On Israel’s Independence Day 🇮🇱 Here’s a message we’re “not supposed” to send: We don’t want war with the people of Lebanon. We don’t want to be your enemy. But we will defend ourselves. Watch.
0:55

On Israel’s Independence Day 🇮🇱 Here’s a message we’re “not supposed” to send: We don’t want war with the people of Lebanon. We don’t want to be your enemy. But we will defend ourselves. Watch.

Jerusalem Center for Security and Foreign Affairs

1,894,388 次观看 • 1 个月前