The Hidden Weapon: How I Turn Mass Assignment into Bounties
This article discusses a Mass Assignment vulnerability, where unsanitized user input is assigned to unintended attributes. The flaw in the application was not properly validating or filtering input data during the creation and updating of objects, allowing attackers to manipulate sensitive fields without authentication. By injecting additional parameters into POST requests, the researcher exploited this vulnerability to change passwords, access restricted areas, and escalate privileges. The attack worked due to lax input sanitization, which failed to check for unexpected attributes in user submissions. This issue resulted in unauthorized access and potential data breaches. The researcher received a $10,000 bounty from the program. To prevent such issues, developers should validate user inputs using white lists, sanitize inputs with regular expressions, and employ object-level permission controls. Key lesson: Always validate and filter user inputs to prevent unauthorized data manipulation #BugBounty #Cybersecurity #WebSecurity #MassAssignment

https://medium.com/@0xuserm9/the-hidden-weapon-how-i-turn-mass-assignment-into-bounties-459d7c35a727?source=rss------bug_bounty-5

From a Silent Math Error to Certificate Bypass: Uncovering an Integer Overflow in a TLS Parser
This article details an integer overflow vulnerability within a Transport Layer Security (TLS) parser. The flaw allowed attackers to bypass certificate checks due to improper validation of parsed values. When the server received maliciously crafted client hello messages containing excessively large extensions, it failed to handle the unexpected data size. As a result, an integer overflow occurred, leading to buffer overflows and arbitrary code execution. The researcher exploited this vulnerability by sending a specially crafted TLS handshake request with extended client hello payloads that contained large, incorrectly parsed values. By modifying the length of extension fields, they tricked the parser into interpreting non-existent data as valid, causing unintended execution of malicious code and certificate bypass. The exploit resulted in a high severity vulnerability (CVE-2018-0204) with a CVSS score of 9.8. The researcher was awarded $36,000 for their findings, and the vendor promptly released patches to address this issue. To prevent similar issues, developers should perform rigorous input validation and limit the size of parsed values during TLS handshake processing. Key lesson: Proper input validation is crucial in TLS parsing to avoid buffer overflows and other security vulnerabilities #BugBounty #Cryptography #TLS #IntegerOverflow #BufferOverFlow

https://medium.com/@HackerMD/from-a-silent-math-error-to-certificate-bypass-uncovering-an-integer-overflow-in-a-tls-parser-b73b86696f74?source=rss------bug_bounty-5

How to become a bug bounty hunter

https://negativepid.blog/how-to-become-a-bug-bounty-hunter/

#bugBounty #bugHunter #careers #tech #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

Hey infosec folks 👋

I built RYN27 — a free, open-source CLI recon tool written in Python.
MIT licensed — fork it, contribute, do whatever you want with it.

I’d love feedback from people who actually do this work.

What it does:

🔍 WHOIS · Full DNS enumeration · Subdomain brute-force
🔒 SSL/TLS cert inspection with expiry countdown
⚡ Threaded port scan + banner grabbing (30 workers)
📊 HTTP security header audit with 0–100% scoring
🌍 IP geolocation + proxy/VPN detection
✉️ Email & contact harvester
🛠️ Tech stack fingerprinting
📄 robots.txt reader, metadata crawler, zone transfer

19 modules. One interactive menu. Zero config.

Runs on:
Linux · macOS · Windows · Termux ✓

All dependencies auto-install on first run.

If you try it — I genuinely want to know:

→ What’s missing?
→ What’s broken?
→ What would you do differently?

Open to all feedback, suggestions, PRs, criticism — all of it. 🙏

🔗 https://github.com/ruyynn/RYN27

⭐ A star helps more people find it

#infosec #bugbounty #osint #recon #pentesting #opensource #python

#infosec #cybersecurity #bugbounty

CVE-2026-22557

UniFi Network Application Path Traversal Account "Access Vulnerability"

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

#Introduction

Hello everyone! Just migrated over and looking to connect with folks in a few different spaces.

I’m a Texas-based cyber expert currently diving deep into Python and Cybersecurity (specifically #BugBounty and #Pentesting). When I’m not looking for vulnerabilities, I’m usually analyzing Gold charts and SMC/ICT trading setups. 📈

Also big into health, fitness, . Looking forward to learning from the community here!

#Python #CyberSec #Trading #ICT #Texas #Infosec #TradingCommunity

How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF

https://medium.com/@s3clipt0r/how-i-found-a-csrf-vulnerability-that-could-take-over-student-accounts-on-an-educational-platform-6e65bc70816f?source=rss------bug_bounty-5

When Old Breaches Meet New Code: Why Historical Leaks Still Matter
This vulnerability demonstrates the persistence of historical breaches in current systems due to a lack of code updates or inadequate data sanitization. In this instance, the application used email addresses from an old data breach in its password recovery feature, allowing attackers to obtain user credentials by matching leaked emails to hashed passwords in a rainbow table (a precomputed table of hashed passwords). The attacker was able to bypass rate-limiting and CAPTCHA protections by using a Python script to automate the process. The mechanism relied on a combination of brute force and dictionary attacks, taking advantage of weak password choices by some users. The impact was significant, as attackers could gain unauthorized access to user accounts. No bounty amount was disclosed, but the platform addressed the issue by implementing a more secure password recovery process that no longer relies on leaked email addresses. Key takeaway: Keep your code updated and data secure by regularly sanitizing and rotating credentials from historical breaches. #BugBounty #Cybersecurity #WebSecurity #PasswordRecovery #DataBreach

https://infosecwriteups.com/when-old-breaches-meet-new-code-why-historical-leaks-still-matter-b4e6eb8ac607?source=rss------bug_bounty-5

Exploiting SQL Injection to Bypass Login Authentication | PortSwigger Lab Write-up
This vulnerability was an SQL Injection in the login authentication process, bypassing user validation. The application did not sanitize user inputs, allowing an attacker to inject malicious SQL code ('; --') into the email field during login. By using the Burp Suite Intruder tool with a SQL injection payload, the researcher discovered the vulnerability and exploited it to bypass login authentication by executing a blind SQL injection (extracting the salt value). The attacker then used the salt value and a dictionary attack to crack the password hash. The impact included unauthorized access to user accounts. The researcher received 500 points in the PortSwigger Lab (an online platform for learning web application security). Proper mitigation requires input validation and sanitization to prevent SQL injection attacks. Key lesson: Always validate and sanitize user inputs to prevent SQL injection attacks. #BugBounty #Cybersecurity #WebSecurity #SQLInjection #InputValidation

https://medium.com/@shrmashivam2005/exploiting-sql-injection-to-bypass-login-authentication-portswigger-lab-write-up-3e5329d8689d?source=rss------bug_bounty-5

Found a bypass in Wazuh's UNC path validation for Windows agents.

The existing mitigation (CVE-2025-30201) blocked standard UNC paths like \\server\share, but extended-length UNC paths using the \\?\UNC\ prefix slipped right through. This affects the OSQuery wodle's log_path and config_path fields.

Impact: An attacker who controls the centralized agent config can coerce domain-joined Windows agents into authenticating to an attacker-controlled SMB server, leaking the machine account's NetNTLMv2 hash. From there it's NTLM relay and potentially full Active Directory domain compromise.

Patched in Wazuh 4.14.3. CVSS 7.7 High.

Full writeup with technical details on my blog:
moltenbit.net/posts/wazuh-unc-mitigation-bypass-cve-2025-30201/

#infosec #bugbounty #wazuh #security #cybersecurity #vulnerabilityresearch