Bounty $3000 http request smuggling in twitter.com of
Рет қаралды 21,995
Күн бұрынIf you found this video valuable, give it a like.
If you know someone who needs to see it, share it.
If you have questions ask below in comment section.
Add it to a playlist if you want to watch it later.
___________________________________________________________
Connect with us !
Contact email : ravitbughunter@gmail.com
KZbin Channel: / @hack_the_web
Telegram Channel: t.me/Hack_The_Web
Company Linkdin : Company Linkdin : / hack-the-we-b
Company Instagram: / hack_the_web_
___________________________________________________________
Keyword:
XSS(CRoss-side-scripting )
XXE
Brute Force
captcha Bypass
Poc(proof-of-Concept)
tags:
bug bounty poc
http request smuggling
http request smuggling poc
hackerone bug bounty
poc bug bounty
xss poc
bug bounty for beginners
bug bounty live
idor vulnerability
live bug bounty hunting
bug bounty 2023
ssrf vulnerability
cron job
api pentesting
host header injection poc
dom based xss
idor vulnerability
idor poc
idor
http request smuggling
http request smuggling poc
http smuggling
#bugbounty #bug #bughunter #hackerone #hacking #poc #testing
#XSS #bugbountytips
@dexiios 11 ай бұрын
For those who ask what is the potential impact of this vuln : an attacker can inject a malicious HTTP request into the web server in order to bypass internal security controls. The point is that, most of the time, the web servers do not check for security mesures in a smuggled http request. In addition, some of the ressources available on the web server are often not accessible outsite of the web server itself. So performing a request like this can allow the attacker to gain access to protected ressources such as admin panel etc...
@likingalllol 6 ай бұрын
thanks!
@shba9300 Жыл бұрын
Dear good find Would like to know how would you convince them it's a vulnerability and what is the impact
@joshuavega2193 Жыл бұрын
Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".
@theworldofyuri3083 Жыл бұрын
@@joshuavega2193 nice reminder heheh
@oo7posam581 Жыл бұрын
@@joshuavega2193 He should have gone for Ssrf through this... Server would have accepted the 1st request as original and yet answered the second request as valid.
@abdulx01 Жыл бұрын
Nice catch... 👍
@youssefzero9059 Жыл бұрын
❣❣
@bharathkalyan3961 Жыл бұрын
Great Finding
@electrowizard2658 Жыл бұрын
thier can be no affect on this its just ur forwaring the tweet request with some changes
@umarsjd7205 2 ай бұрын
Actually it has. The person didnt showed this but what he was trying to depict is How vulnerable the security is, The person could insert malicious request To weaken the security which already is.like he can insert JavaScript or injections to ask for Passwords from the system cuz he already infiltrated it
@DreyTheVlogger Жыл бұрын
Hello, what background music did you used ? Thanks!
@AGNIHACKERS Жыл бұрын
Bro please share Reference report
@educationhive Жыл бұрын
Ok I Will share next video
@AGNIHACKERS Жыл бұрын
@@educationhive bro please mention this report link. Same Model vulnerability i find in other website.
@educationhive Жыл бұрын
@@AGNIHACKERS sure
@allandiego1446 Жыл бұрын
Dear good! But which is the really impact of this vulnerability?
@educationhive Жыл бұрын
I will share wait
@allandiego1446 Жыл бұрын
@@educationhive Thanks! I am waiting for this haha 😁
@vmvideos8482 Жыл бұрын
Bro how to install the burp suite version 1.7.35 ?
@educationhive Жыл бұрын
I will send there if I send here yt can strike
@AutomatizaTuTiempo Жыл бұрын
hey that's not a vulnerability
@joshuavega2193 Жыл бұрын
Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".
@AutomatizaTuTiempo Жыл бұрын
@@joshuavega2193 For simple mistakes you don't get rewards, plus the staff ignores it.
@brice2825 Жыл бұрын
The request might be bypassing front-end server
@UCgqz30RWVkz5yowONnFrO4w Жыл бұрын
Bro can you explain, what is the Impact. Because you are tweeting another tweet from the same account. I am new to this vulnerability and many times I found this vuln but not able to show Impact and no-one will accept it wihout any serious impact. Pls explain the impact.
@educationhive Жыл бұрын
I will explain here at night
@the_sandman00 Жыл бұрын
@@educationhiveis it night yet?
@newbiejember9854 Жыл бұрын
@@the_sandman00 xD
@user3549 9 ай бұрын
Lol@@newbiejember9854
@jondo-vh8tx 5 ай бұрын
@@the_sandman00 😂😂😂😂😂😂😂😂😂😂 no dude he will not explain and this is waste of time
@AL-dg3qd Жыл бұрын
what tool do you use to find out if it's xss?
@educationhive Жыл бұрын
Smuggler
@AL-dg3qd Жыл бұрын
@@educationhive Is it safe or does it have a virus?
@educationhive Жыл бұрын
safe
Фани Хани
Рет қаралды 5 МЛН
Fabiosa Best Lifehacks
Рет қаралды 20 МЛН
Bug Bounty Reports Explained
Рет қаралды 8 М.
securityguideme
Рет қаралды 14 М.
Bug Bounty Reports Explained
Рет қаралды 16 М.