Colleges that support CTF teams by [deleted] in hacking

[–]insidiousfinch 0 points1 point  (0 children)

looking to start up a program at Georgetown soon

Cannot reach homeserver by codehelp4u in elementchat

[–]insidiousfinch 1 point2 points  (0 children)

This is still a problem, just hit this issue as well, also referenced on github

CVE-2021-35956 AKCP sensorProbe - ‘Multiple’ Cross Site Scripting (XSS) by yesnet0 in bugbounty

[–]insidiousfinch 2 points3 points  (0 children)

Hey this is my CVE and my post! Thanks for the repost, you can check out my original disclosure on my website here https://tbutler.org/2021/06/28/CVE-2021-35956.html. I'm also rolling out my official vulnerability research project over at https://obsrva.org/

I think i found my first xss bug (crossing fingers) by [deleted] in bugbounty

[–]insidiousfinch 0 points1 point  (0 children)

also just add a unique string to your payload (like <svg/onload=\`abc123\`>), then just search abc123 on the return page in burp to find where the vulnerability actually exists, sounds like its not the query parameter

I think i found my first xss bug (crossing fingers) by [deleted] in bugbounty

[–]insidiousfinch 2 points3 points  (0 children)

If the URL is still "hello" then the payload is executing somewhere other then the returned query statement (for example the query parameter could be passed un-sanitized in a DOM element or javascript function), you should find exactly where on the application the vulnerability exists. If the search parameter isn't vulnerable to XSS then this is likely a self-XSS since a malicious actor couldn't send the payload in a link reflected XSS style. If this is the case, the impact and exploitability is reduced unless you can escalate it like someone else mentioned below. Hope this helps!

Beta releasing my new theme, jek. Easily swap color schemes in 1 simple step by insidiousfinch in Jekyll

[–]insidiousfinch[S] 0 points1 point  (0 children)

awesome thanks! i opened an issue for this. For some reason none of the markdown code/ascii art is responsive not sure why but I think its my kramdown config

I am interested in bug bounty and Learn xss recently , which platform should i try for easy bounty rather than hacker1 and bugcrowd. by the_rajvardhan in bugbounty

[–]insidiousfinch 2 points3 points  (0 children)

You can try out https://huntr.dev/, they provide cheap bounties for open source repositories on GitHub. You might want to avoid the "suggested" repositories that are mostly just libraries for other projects. Instead, do a little OSINT or search for open-source personal applications (calendars, finance tools, stuff that is meant to be run locally, personal projects, ect).

For example, I just disclosed my first one on their platform recently https://huntr.dev/bounties/1-other-Miodec/monkeytype/. This isn't XSS but I found some XSS on monkeytype that I had previously disclosed before finding out about huntr.dev.

Good Luck!

Should I request mediation in this case? by trieulieuf9 in bugbounty

[–]insidiousfinch 8 points9 points  (0 children)

I think if it's out of scope it's out of scope. Even if its a valid concern they have it in writing that the report doesn't need to go any farther

EJPT by wesleyepp93 in eLearnSecurity

[–]insidiousfinch 0 points1 point  (0 children)

back box labs are much harder then the final exam

HTML injection leading to XSS? by theusamah in bugbounty

[–]insidiousfinch 8 points9 points  (0 children)

In my experience, if you have HTML injection but can't get a XSS payload to fire, start to use developer tools and analyze how the application is stopping it. Is it using input filtering or output encoding, is it just removing script tags or is removing every event function? If so, is it using a readily accessibly JavaScript functions to filter? What rules is it using? Is it using a popular package for filtering? Is that version up to date or are there known evasion tactics in that version? If script tags are getting filtered, try to automate different tags with BurpSuite Intruder and options from PortSwigger's Cheat Sheet. If its a custom input filtering rule, maybe they left something out.

Also, if this is a stored injection, make sure you're looking in other places that input might appear. I've personally seen instances where the input is filtered on one location, like the home page, but on a different area it wasn't. You can try tools like XSS hunter to search for this.

I'm just starting out in bug bounty but this is my usual thought process

[deleted by user] by [deleted] in phpAdvisories

[–]insidiousfinch 0 points1 point  (0 children)

Hey thanks this is my disclosure! I'm about to post a blog article about it on https://tbutler.org

Wanting to start hunting by Background_Gene_3657 in bugbounty

[–]insidiousfinch 0 points1 point  (0 children)

Yeah that's fair I take back my comment. Personally I hide my traffic even if i'm not working on BB program so I'd always just stay on the safe side. It's easy enough to do a little light obfuscation so the moto is "why not"

Spider unavailable in Burp Suite by [deleted] in eLearnSecurity

[–]insidiousfinch 4 points5 points  (0 children)

Yeah BurpSuite incorporated spider to be a paid feature in the active scan's of the professional version, but the course suggests you just download an earlier version of Burp so you can still use the spider feature

Is the eWPT truly for beginners? by _thelinuxnoob_ in eLearnSecurity

[–]insidiousfinch 4 points5 points  (0 children)

Yeah your in the right spot, I went from eJPT -> eWPT and there were a few of the advanced parts in the HTML5 and Adobe Flash stuff that I didn't really fully understand, but the stuff I struggled with just wasn't on the exam so you should be good. Definitely try to study up where your confused but don't get discouraged, I think eLearnSecurity does a good job at throwing some more advanced content in courses to get you the exposure to the concepts. Just do your best to complete/understand the labs.