Bounty $3000 http request smuggling in twitter.com of

Поделиться
HTML-код
  • Опубликовано: 24 дек 2024

Комментарии • 37

  • @dexiios
    @dexiios Год назад +38

    For those who ask what is the potential impact of this vuln : an attacker can inject a malicious HTTP request into the web server in order to bypass internal security controls. The point is that, most of the time, the web servers do not check for security mesures in a smuggled http request. In addition, some of the ressources available on the web server are often not accessible outsite of the web server itself. So performing a request like this can allow the attacker to gain access to protected ressources such as admin panel etc...

    • @likingalllol
      @likingalllol 10 месяцев назад

      thanks!

    • @TaxHeavenH1
      @TaxHeavenH1 Месяц назад

      And they only pay 3000$ for that? 😂 We all better use it to make money, selling data on darkweb and laundering the money

  • @abdulx01
    @abdulx01 2 года назад +4

    Nice catch... 👍

  • @shba9300
    @shba9300 Год назад +4

    Dear good find
    Would like to know how would you convince them it's a vulnerability and what is the impact

    • @joshuavega2193
      @joshuavega2193 Год назад +6

      Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".

    • @YuriFsilva20
      @YuriFsilva20 Год назад

      @@joshuavega2193 nice reminder heheh

    • @oo7posam581
      @oo7posam581 Год назад +2

      ​@@joshuavega2193 He should have gone for Ssrf through this... Server would have accepted the 1st request as original and yet answered the second request as valid.

  • @bharathkalyan3961
    @bharathkalyan3961 Год назад

    Great Finding

  • @electrowizard2658
    @electrowizard2658 Год назад +2

    thier can be no affect on this its just ur forwaring the tweet request with some changes

    • @umarsjd7205
      @umarsjd7205 5 месяцев назад

      Actually it has. The person didnt showed this but what he was trying to depict is How vulnerable the security is, The person could insert malicious request To weaken the security which already is.like he can insert JavaScript or injections to ask for Passwords from the system cuz he already infiltrated it

  • @cx3622
    @cx3622 2 месяца назад +2

    No idea why they awarded you 3k for this lol. The 2nd request would still be posted successfully even without the first one.

  • @DreyTheVlogger
    @DreyTheVlogger Год назад

    Hello, what background music did you used ?
    Thanks!

  • @AL-dg3qd
    @AL-dg3qd Год назад +2

    what tool do you use to find out if it's xss?

  • @vmvideos8482
    @vmvideos8482 Год назад +3

    Bro how to install the burp suite version 1.7.35 ?

    • @educationhive
      @educationhive  Год назад +1

      I will send there if I send here yt can strike

  • @youssefzero9059
    @youssefzero9059 2 года назад +4

    ❣❣

  • @UCgqz30RWVkz5yowONnFrO4w
    @UCgqz30RWVkz5yowONnFrO4w Год назад +3

    Bro can you explain, what is the Impact. Because you are tweeting another tweet from the same account. I am new to this vulnerability and many times I found this vuln but not able to show Impact and no-one will accept it wihout any serious impact. Pls explain the impact.

    • @educationhive
      @educationhive  Год назад +1

      I will explain here at night

    • @the_sandman00
      @the_sandman00 Год назад +8

      @@educationhiveis it night yet?

    • @newbiejember9854
      @newbiejember9854 Год назад +2

      @@the_sandman00 xD

    • @user3549
      @user3549 Год назад

      Lol​@@newbiejember9854

    • @jondo-vh8tx
      @jondo-vh8tx 8 месяцев назад +1

      @@the_sandman00 😂😂😂😂😂😂😂😂😂😂 no dude he will not explain and this is waste of time

  • @AutomatizaTuTiempo
    @AutomatizaTuTiempo Год назад +4

    hey that's not a vulnerability

    • @joshuavega2193
      @joshuavega2193 Год назад +1

      Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".

    • @AutomatizaTuTiempo
      @AutomatizaTuTiempo Год назад +1

      @@joshuavega2193 For simple mistakes you don't get rewards, plus the staff ignores it.

    • @brice2825
      @brice2825 Год назад +2

      The request might be bypassing front-end server

  • @AGNIHACKERS
    @AGNIHACKERS Год назад +3

    Bro please share Reference report

    • @educationhive
      @educationhive  Год назад +1

      Ok I Will share next video

    • @AGNIHACKERS
      @AGNIHACKERS Год назад +2

      @@educationhive bro please mention this report link. Same Model vulnerability i find in other website.

    • @educationhive
      @educationhive  Год назад +1

      @@AGNIHACKERS sure

  • @allandiego1446
    @allandiego1446 Год назад

    Dear good!
    But which is the really impact of this vulnerability?