Bug Bounty Pwning the portal - from database dump to session hijacking [Post on Bitcrack's blog] This is a responsible disclosure write-up about a series of vulnerabilities that lead to information disclosure, database dump, and account takeover, among others.
CVE Redwood Report2Web XSS and Frame Injection Report2Web v4.3.4.5 and v4.5.3 are vulnerable to XSS. v4.3.4.5 is also vulnerable to frame injection. Both issues are fixed in v4.6.0. Report2Web Login Panel XSS - CVE-2021-26710The value of the urll parameter is getting reflected without any sanitization, allowing a
Bug Bounty Using search engines for fun and bounties Passive reconnaissance plays an important role in the approach of a target. In comparison to active reconnaissance, passive reconnaissance is the silent, stealthy one, where the attacker doesn't interact with the target. Instead, they obtain target information based on external, third-party sources. Such a source is search engines. In the
