Bug Bounty ShortsHow I Found a P1 Bug in a Bug Bounty Program (Step-by-Step Guide)
This article details the discovery of an XSS vulnerability due to insufficient input validation and lack of Content Security Policy (CSP). The application accepted user input for a query parameter without proper sanitization, allowing script injection through the 'query' field. By injecting a JavaScript payload containing document.cookie manipulation code, the researcher was able to set and persist a PHPSESSID cookie on the victim's device. This payload was executed by the browser, creating a persistent session cookie that allowed an attacker to maintain unauthorized sessions and gain access to other users' accounts without needing their login credentials. The vulnerability paid out $1,000, and the organization addressed it by implementing strong input validation and setting appropriate CSP headers—never trust user-controlled data for security decisions. Key lesson: Validate inputs and enforce strict Content Security Policies to prevent XSS attacks. #BugBounty #XSS #CSP #InputValidation #Infosec
The Bouncer Who Never Checked IDs
This vulnerability was an XSS (Cross-Site Scripting) issue due to insufficient input validation and lack of Content Security Policy (CSP). The application accepted user input for a query parameter without proper sanitization, allowing script injection through the 'query' field. The researcher injected a payload containing JavaScript code that set a cookie named 'PHPSESSID', which is a unique session identifier in PHP applications. This payload was executed by the browser on the victim's device, creating a persistent session cookie. With this cookie, an attacker could maintain unauthorized sessions and gain access to other users' accounts without needing their login credentials. The vulnerability paid out $250, and the organization addressed it by implementing strong input validation and setting appropriate CSP headers—never trust user-controlled data for security decisions. Key lesson: Always validate inputs and enforce strict Content Security Policies. #BugBounty #XSS #CSP #InputValidation #Infosec
Wen@Kerplunk By way of comparison, Robin Milner, a great mathematician and computer scientist who died recently. He never completed his phud. The story he s#told me and many others is that in hols his manuscript blew into the water and he could not be arsed to do a rewrite
Th3Geo🔄19.12.2022🔄
Old comms for cyberren @ Telegram ! Thanks~
#repost #comms #commission #drawing #digital #art #illustration #cellshading #fullbody #furry #fursona #anthro #oc #originalcharacter #cat #feline #saberthooth #nsfw #spicy #notsafeforwork #nude #naked #hot #fap #tits #bust #chest #pussy #vagina #ass #asshole #butt #butthole #sensual #mature #adult #csp #clipstudiopaint #female #girl #woman
Void Queen θΔHey it's Alphys from Undertale! And also Alphys from Deltarune!
She got voted for in my January Patreon Poll!
https://patreon.pixiecatsupreme.com/posts/february-poll-151255091: https://patreon.pixiecatsupreme.com/posts/february-poll-151255091
#digital_art #furry #anthro #art #csp #undertale #deltarune #alphys #lizard #scalie #fan_art
Sarah McKenzieA little concept animation explaining the Reaper's weapon design.
#Art #DigitalArt #ConceptArt #WeaponDesign #ClipStudio #ClipStudioPaint #CSP #MastoArt #WeaponConceptArt
T I Z E N#Manga | Catboy Diarys
Da ich so schlau war beim #CSP Abo *nicht* nachzuschauen welche Version ich brauch, gibt es erstmal das was ich aufrufen kann - während ich mich mit dem Kundensupport prügeln werde. wuh
Ebenfalls werde ich den Monat, neben #DiDay und anderen kleinkram wie Arbeit, voll an die Basic Studys schmeißen.
⚠️ | Just be aware. Du supportest hier jemanden auf dem Bereich "Beginner"/"Anfänger" und damit meine ich nich die Internet Hi-Class variante davon.
Um den #DiDay treu zu bleiben.
Als Alternative zu #CSP könnt ihr zum Beispiel @kde #Krita nutzen (in ausnahme der @fdroidorg App, da der letzte Build dafür Jahre alt ist).
Und wenn ihr die Bilder archivieren wollt @nextcloud oder #Immich
