vict0ni.me
  • Home
  • About
  • Achievements
Subscribe
Tagged

Bug Bounty

A collection of 3 posts

Pwning the portal - from database dump to session hijacking
Bug Bounty

Pwning the portal - from database dump to session hijacking

[Post on Bitcrack's blog] This is a responsible disclosure write-up about a series of vulnerabilities that lead to information disclosure, database dump, and account takeover, among others.

  • vict0ni
vict0ni Jan 12, 2022 • 1 min read
Redwood Report2Web XSS and Frame Injection
CVE

Redwood Report2Web XSS and Frame Injection

Report2Web v4.3.4.5 and v4.5.3 are vulnerable to XSS. v4.3.4.5 is also vulnerable to frame injection. Both issues are fixed in v4.6.0. Report2Web Login Panel XSS - CVE-2021-26710The value of the urll parameter is getting reflected without any sanitization, allowing a

  • vict0ni
vict0ni Feb 4, 2021 • 2 min read
Using search engines for fun and bounties
Bug Bounty

Using search engines for fun and bounties

Passive reconnaissance plays an important role in the approach of a target. In comparison to active reconnaissance, passive reconnaissance is the silent, stealthy one, where the attacker doesn't interact with the target. Instead, they obtain target information based on external, third-party sources. Such a source is search engines. In the

  • vict0ni
vict0ni Nov 9, 2020 • 9 min read
vict0ni.me © 2022
Powered by Ghost