This Overlooked Vulnerability Can Cause Massive Damage (Live Demonstration) | Bug Bounty | 2024
Рет қаралды 3,001
Күн бұрын
@BibleOSINT Күн бұрын
As I'm a beginner in bug bounty, you have explained this excellent!
@BePracticalTech Күн бұрын
@@BibleOSINT Really happy that you liked it
@BibleOSINT Күн бұрын
@BePracticalTech would you recommend me as beginner in bounty to look for those vulnerabities?
@BePracticalTech 6 сағат бұрын
@@BibleOSINT Definitely!
@BibleOSINT 6 сағат бұрын
@@BePracticalTech Thank you! ❤️
@Offsec-n4n Күн бұрын
what is the impact of creating multiple dashboards and how it effects to organizations and why they will pay $**** digits of bounty for this ??
@BePracticalTech Күн бұрын
In this example, The local users were only supposed to create 3 dashboards and if they want to create more dashboard they either need to get the premium account or login as admin user. However, we were successfully able to bypass this restriction and able to create more than 3 dashboards so it is an access control issue. Now in real world, If an attacker is able to access premium feature without the need to get the subscription, it will be a financial loss for the organization. Hope you understand!
@victorgomesgomes Күн бұрын
@@BePracticalTech You can also test under Current user limit: 5/5 to do a bypass with this current application: 6/5
@Muby_Ajiwa Күн бұрын
I really like the way you teaching. Thanks you so much keep up the good work
@BePracticalTech Күн бұрын
@@Muby_Ajiwa Thank you for the humble words!
@sonamohan6194 Күн бұрын
awesome! Really well-explained as well!!
@BePracticalTech Күн бұрын
Thank you kindly!
@the_sandman00 Күн бұрын
Great explanation!
@BePracticalTech Күн бұрын
Thank you!
@морс-ф3д Күн бұрын
Brilliant!!!!!!!!!!! Thank you for sharing your great knowledge!!!!!!!
@BePracticalTech 16 сағат бұрын
Glad you enjoyed it!
@shivakumarmv4249 Күн бұрын
Excellent...Thanks for sharing
@BePracticalTech Күн бұрын
@@shivakumarmv4249 I am really glad you liked it!
@Unknown_feed Күн бұрын
Love from Nepal ❤❤
@BePracticalTech Күн бұрын
@@Unknown_feed Love from 🇮🇳
@Ch4ndan_das Күн бұрын
thank u so much sir for giving this use full video
@BePracticalTech Күн бұрын
I am really glad that you found this video helpful!
@vijay_sawant Күн бұрын
I have been watching you for a long time, and you are really a great teacher
@BePracticalTech Күн бұрын
Glad to hear that!
@i_am_your_king Күн бұрын
Thank you for the video I tried to enter the page to try the method, but it gives an error message. Error code 522 Connection timed out
@BePracticalTech Күн бұрын
@@i_am_your_king Try again please
@starlox0 Күн бұрын
Awesome Video😀Understood clearly
@BePracticalTech Күн бұрын
Glad it helped
@swagat5468 16 сағат бұрын
Thanks bhai 🙂❤️
@BePracticalTech 6 сағат бұрын
You're welcome!
@a.c.5985 21 сағат бұрын
Is it possible to see a real example?
@BePracticalTech 6 сағат бұрын
Sure! Here you go: corneacristian.medium.com/top-25-race-condition-bug-bounty-reports-84f9073bf9e5
@l00pzwastaken Күн бұрын
Kya hal hai nice video :) good research and explanation bhai
@BePracticalTech Күн бұрын
Thanks a lot :)
@Knownsense_world_ Күн бұрын
Thanks ❤
@BePracticalTech Күн бұрын
Glad you liked it!
@HadkerX Күн бұрын
Thanks
@BePracticalTech Күн бұрын
No worries! Glad you liked it
@z3r0X0r Күн бұрын
Thanks for give us this type really good challenge
@BePracticalTech Күн бұрын
My pleasure 😊
@vulncrax Күн бұрын
Keep it up 🎉
@BePracticalTech Күн бұрын
Always
@Yash.Lonewolf 12 сағат бұрын
amazing
@BePracticalTech 6 сағат бұрын
Glad you liked it!
@harshthakar2207 Күн бұрын
Really sir this was the best video till now on race condition plz share me your linkedin❤
@BePracticalTech 6 сағат бұрын
I am really glad you liked it! Here's my linkedin: www.linkedin.com/in/faiyaz-ahmad-64457520b/
@newuser2474 Күн бұрын
Bro but what will be mitigation for this issue 😮
@BePracticalTech 6 сағат бұрын
To fix this issue, we need to focus on handling concurrent request as well instead of handling everything synchronously
@Baban051 9 сағат бұрын
Please explain in practical webpage
@BePracticalTech 6 сағат бұрын
This lab here replicates the same vulnerability that i found on a pentest. Unfortunately, it is now very difficult to show vulnerabilities on real production website as it is against KZbin Guidelines.
@MubashshirShaikh-hs8oy Күн бұрын
make a video on burp suite full potentail
@한국어의이름이라면강 Күн бұрын
i wanna see this app source code
@BePracticalTech 6 сағат бұрын
Here's the source code: github.com/faiyazahmad07/rcondition_bepractical_lab/
@한국어의이름이라면강 6 сағат бұрын
@ thx alot
@MianHizb Күн бұрын
Bro can you kindly just mention Race conditions in the title...thanks
@mohammadrezafarahani9287 Күн бұрын
Please share that code
@BePracticalTech 6 сағат бұрын
@@mohammadrezafarahani9287 Sure, Here you go: github.com/faiyazahmad07/rcondition_bepractical_lab/
@mohammadrezafarahani9287 58 минут бұрын
Bro in this file just have one file so where is the home.ejs and login.ejs ?@@BePracticalTech
@mohammadrezafarahani9287 53 минут бұрын
@@BePracticalTechdo you share login.ejs and home.ejs ?
@ekkofed Күн бұрын
Alright
@iq_rasco Күн бұрын
race condtion
@SecureByBhavesh Күн бұрын
First
Александр Шумский
Рет қаралды 647 М.
BePractical
Рет қаралды 5 М.
GhostStrats
Рет қаралды 532 М.
BePractical
Рет қаралды 2,8 М.