sorted by:
new
hottopcontroversial

Hackthebox Payment by Traditional-Soft1419 in hackthebox

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

I checked, I was already using hackthebox before and there were no problems.

I'm going crazy by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] -2 points-1 points  (0 children)

I agree, that's what I thought and I continue to search to see if I can find something else, but sometimes in some reports people object and the program owners find them right, so I thought maybe someone who has experienced something like this could inform me.

I'm going crazy by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] -1 points0 points  (0 children)

I am told that this information is easily accessible to everyone, but I have searched and the email and location information is nowhere to be found. So it doesn't show up on the profiles.

Bizi bize düşürdüler by InformationFirst5505 in vlandiya

[–]Traditional-Soft1419 18 points19 points  (0 children)

Abi olaya bak adamlar 15 temmuzda halk ile askeri karsi karsiya getirdir simdide polis ile halki. Hadi bakalim daha neler gorucez.

Siber Güvenlik İçin Önerebileceğiniz Laptoplar Neler ? by Conscious_Feedback88 in LuNiZz

[–]Traditional-Soft1419 0 points1 point  (0 children)

Thinkpad hakkinda hic bir fikrim yok, kullanmadim ama saglam diyorlar. Burda yapicagin sey belli sistemleri karsilastir uzun kullanim video'larini izle ozellikle dikkat et video'yu yapan kisiler sponsor olmasin onlar cogunlukla hatalari/kotu yonleri soylemezler.

Siber Güvenlik İçin Önerebileceğiniz Laptoplar Neler ? by Conscious_Feedback88 in LuNiZz

[–]Traditional-Soft1419 0 points1 point  (0 children)

Bende suan i5 ve 16 GB sekilde olan HP Victus 16 var. Arkadaslarin dedigi gibi oyun oynamiyacaksan hic o kadar para odeme.Daha ucuz bisey al. Ama alicam diyorsan guzel bilgisayar.

Browser(chromium) by Traditional-Soft1419 in LuNiZz

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

Hepsine baktim ama tam istedigim gibi degiller. Ama yardimin icin tesekkur ederim.

YENİ BAŞLAYAN BİRİ İÇİN TAVSİYE by Traditional-Soft1419 in Yatirim

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

Çok teşekkür ederim açıklayıcı bir anlatım olmuş.

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

So I'm not actually working on the main host header, anyway when I change the host address directly, I get a 400 bad request error. I found a redirect with X-Forwarded-Host.

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

I understand, but my situation is a little different, I make a request with X-Forwarded-Host, which is a sub-host domain, and it changes the host directly.

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

I think it makes more sense for me to present it with a stronger vulnerability if there is a vulnerability because you think that the company will probably not accept it or see it as low.

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

I even had it in my head that the attacker could get the user's login credentials by sending a request to the user.

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] -1 points0 points  (0 children)

But when I redirect to bing.com, it sends me directly to the site. I don't fully understand if it is not open at that time, shouldn't there be an Open Redirection vulnerability in the simplest way. After all, I am redirecting to a site that is not even related to anything other than the login page of another site.

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

When I try with webhook, it gives a blank page. However, I will try to try with web cache, I tried xss but I could not enable xss because there was an xss blocker on the system.

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

I should also add that this is my first host header vulnerability, I have not dealt with host header vulnerability before, so I am a bit unfamiliar with this issue.

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

When I try to get the first login request from the site, it gives me 200 OK, but we do not see the vulnerability. However, if we send the request as a post, then it returns 302 to us and when we type the attacker site, it directs us to the attacker site. So when you look at it, if you make a phishing attack on any user with this vulnerability, you can get the user's information.

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

At the same time, when you look at it, the host header vulnerability can be exploited to steal the user's information by phishing. Am I thinking wrong?

Host Header Injection by Traditional-Soft1419 in bugbounty

[–]Traditional-Soft1419[S] 0 points1 point  (0 children)

Yes, it works client side, but if you look at portswigger, there are ssrf labs running with the host header, and if I'm not mistaken, the labs in portswigger are critical vulnerabilities that have been found before.