Загрузка видео...

Не удалось загрузить видео

Возникла проблема при загрузке этого видео. Это может быть связано с временными проблемами сети или видео может быть недоступно.

На главную

Integrity flow vulnerability in "microsoft teams" poll 3000$ bounty Sometimes, overlooked isuue can create significant vulnerability. In the "displayname" field, we send the name of the person we want the message to be send. #bugbounty

Moslem Haghighian

2,552 subscribers

11,998 просмотров • 2 лет назад •via X (Twitter)

Финансы Наука и технологии Новости и политика #bugbounty

Anya Rossi• Live Now

Private livecam show

Комментарии: 10

Фото профиля #AmaN 🔥

#AmaN 🔥2 лет назад

Have you created poll with another user id ?

Фото профиля Moslem Haghighian

Moslem Haghighian2 лет назад

Yes that's right

Фото профиля #AmaN 🔥

#AmaN 🔥2 лет назад

Because I didn’t understand properly

Фото профиля Damanpreet Singh🇮🇳🐐

Damanpreet Singh🇮🇳🐐2 лет назад

@v3d_bug 66897 🌜, congratulations 🎉

Фото профиля 🦇 ©

🦇 ©2 лет назад

So you created a poll on behalf of user

Фото профиля Verneet

Verneet2 лет назад

is it fixed?

Фото профиля Moslem Haghighian

Moslem Haghighian2 лет назад

Yes, according to the rules, you have to wait until the bug is fixed, that's why I published this vulnerability after a few months of delay.

Фото профиля CoinbasePro

CoinbasePro2 лет назад

impact?

Фото профиля CoinbasePro

CoinbasePro2 лет назад

bro you just intersept and change the name so where is impact...?

Фото профиля Moslem Haghighian

Moslem Haghighian2 лет назад

In this vulnerability, it was possible to change the name to your ID and send messages or polls in the group instead of you. So identity spoofing happens because I poll with another person's ID.

Похожие видео

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum

NullSecX

45,540 просмотров • 10 месяцев назад

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

LiveOverflow 🔴

44,787 просмотров • 2 лет назад

Ossoff: Atlanta influences everything. Everything. And this fall, the entire nation will be looking to us here in Atlanta and across the State of Georgia once again to see what kind of message we want to send about the kind of country we want to be.

Ossoff: Atlanta influences everything. Everything. And this fall, the entire nation will be looking to us here in Atlanta and across the State of Georgia once again to see what kind of message we want to send about the kind of country we want to be.

Team Ossoff

16,540 просмотров • 15 дней назад

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity

Web Security Academy

26,242 просмотров • 1 год назад

3,000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup:

3,000$ Bug Bounty Reward from Microsoft Forms: Reflected XSS Vulnerability Writeup:

Dark Web Informer

23,493 просмотров • 4 месяцев назад

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

Trend Micro Research

200,099 просмотров • 3 лет назад

They are going around threatening people. I need the contact of the person threatening you on WhatsApp, so we can send him a message.

They are going around threatening people. I need the contact of the person threatening you on WhatsApp, so we can send him a message.

Simon Ekpa

50,437 просмотров • 1 год назад

The players send a message to the fans ahead of tomorrow's game: "All in red, full energy, we need you"

The players send a message to the fans ahead of tomorrow's game: "All in red, full energy, we need you"

Bayern & Germany

67,934 просмотров • 1 месяц назад

Can someone send help?? Poll in the next tweet 👇

Can someone send help?? Poll in the next tweet 👇

Brent

11,841 просмотров • 2 лет назад

Watters: When trump says we are going to run the country, what he means is, we have a blockade so we control the cash flow. We know who gets paid. If we don't want them to get paid, we can decide that. Or we can send in more commandos or more missiles

Watters: When trump says we are going to run the country, what he means is, we have a blockade so we control the cash flow. We know who gets paid. If we don't want them to get paid, we can decide that. Or we can send in more commandos or more missiles

Acyn

33,840 просмотров • 5 месяцев назад

Iran’s soccer team should 100% play in the World Cup here in the US. It’s an important message to send to the Iranian people and the world. We should do everything we can to make this happen:

Iran’s soccer team should 100% play in the World Cup here in the US. It’s an important message to send to the Iranian people and the world. We should do everything we can to make this happen:

Clay Travis

120,418 просмотров • 3 месяцев назад

As Christian communities around the world prepare to observe the Easter Holiday we send a message of friendship and solidarity as we stand together in the face of persecution.

As Christian communities around the world prepare to observe the Easter Holiday we send a message of friendship and solidarity as we stand together in the face of persecution.

World Jewish Congress

739,269 просмотров • 3 лет назад

We can send the trucks to gmmtv if you want us to @ khao

We can send the trucks to gmmtv if you want us to @ khao

jj⁷

783,937 просмотров • 2 лет назад

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: PoC:

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: PoC:

0x6rss

45,616 просмотров • 1 год назад

Ken Buck on CNN: "I don't want someone who was involved in the activities of January 6 ... There's no way we win the majority if the message we send to the American people is we believe in the election was stolen, and we believe that January 6 was a tour of the Capitol."

Ken Buck on CNN: "I don't want someone who was involved in the activities of January 6 ... There's no way we win the majority if the message we send to the American people is we believe in the election was stolen, and we believe that January 6 was a tour of the Capitol."

Aaron Rupar

3,092,268 просмотров • 2 лет назад

INDIANA RINOS "WE GOT TO SEND THEM PACKING": 7/9 CANDIDATES WIN Noah Formica explains they had dozens of field teams to bring down the establishment RINOs, "we were really scaring the establishment RINOs. MAGA victories across IN...sent SHOCKWAVES." Jack Posobiec

INDIANA RINOS "WE GOT TO SEND THEM PACKING": 7/9 CANDIDATES WIN Noah Formica explains they had dozens of field teams to bring down the establishment RINOs, "we were really scaring the establishment RINOs. MAGA victories across IN...sent SHOCKWAVES." Jack Posobiec

Real America's Voice (RAV)

23,374 просмотров • 1 месяц назад

📢 Calling on ARMYs around the world to come together and buy “D-DAY” (the song) on iTunes today.🙏 CHART D-DAY ON ITUNES❗️ We need to send Yoongi a message LOUD & CLEAR— that we stand by his side. "Future's Gonna Be Okay" is the perfect message of reassurance we can send. 😭💜

📢 Calling on ARMYs around the world to come together and buy “D-DAY” (the song) on iTunes today.🙏 CHART D-DAY ON ITUNES❗️ We need to send Yoongi a message LOUD & CLEAR— that we stand by his side. "Future's Gonna Be Okay" is the perfect message of reassurance we can send. 😭💜

AGUST D CHARTS

27,029 просмотров • 11 месяцев назад

On Israel’s Independence Day 🇮🇱 Here’s a message we’re “not supposed” to send: We don’t want war with the people of Lebanon. We don’t want to be your enemy. But we will defend ourselves. Watch.

On Israel’s Independence Day 🇮🇱 Here’s a message we’re “not supposed” to send: We don’t want war with the people of Lebanon. We don’t want to be your enemy. But we will defend ourselves. Watch.

Jerusalem Center for Security and Foreign Affairs

1,894,388 просмотров • 1 месяц назад