💻 Challenge yourself in 2024 justCTF online teaser: 2024.justctf.team Sponsored by: HexRays - get 20% off for IDA pro training sessions with exclusive code BBRE20: bbre.dev/hexrays Trail of Bits: cutt.ly/veucZatb OtterSec: cutt.ly/leucL7cz SECFORCE: cutt.ly/5eoKRyNL
@@BugBountyReportsExplained sorry it's stop , in my case program use put method for adding information to account but put method block the cors request .so i tried using __method=get and some other tricks like using in with origin set with src but no luck
💻 Challenge yourself in 2024 justCTF online teaser: 2024.justctf.team
Sponsored by:
HexRays - get 20% off for IDA pro training sessions with exclusive code BBRE20: bbre.dev/hexrays
Trail of Bits: cutt.ly/veucZatb
OtterSec: cutt.ly/leucL7cz
SECFORCE: cutt.ly/5eoKRyNL
Where I can learn more about namespace tokenizor and parser
look for mutation xss. Articles by Michał Bentkowski are great. Also, recently in BBRE Premium I covered a talk about it
Thanks for sharing
is preflight request with strict referer or sop policy before post or put request can thwart the payload ?
thwart?
@@BugBountyReportsExplained sorry it's stop , in my case program use put method for adding information to account but put method block the cors request .so i tried using __method=get and some other tricks like using in with origin set with src but no luck
really cool video. thanks
Amazing channel. Does anyone know any similar channels?
Nahamsec but BBRE is more detailed IMO
No fucking way you have a Mate behind you!! hahaha you are great dude! Good video thanks for sharing!
Mate is now my necessary equipment for work😏
nice!
2nd view × 2nd comment × 2nd liked = 1 subscriber. Fact I already subscribed your channel more than a year.
Thanks for your report and efforts. Unfortunately, the vulnerability has already been reported and thus your report will be marked as duplicate
@@zzzzzzzzZzZZzzzaZzz LOL
1st view + 1st comment
Yeah, bug bounty hunting is shit !