Bug Bounty – Hackademic

Creating your first buffer-overflow in x64 machines

Milind Purswani — Sat, 13 Jul 2019 12:00:26 +0000

If you have no experience of Python, C/C++ or Bash, I recommend you check my previous post. Moreover, you will also learn about some basics of buffer-overflow and understand the attack that we are going to create today. Let’s get started with our 1st overflow. I will try to keep things as simple as possible. The first thing we need to do is disable Address Space Layout Randomisation (ASLR ).

Source

Getting Started with BufferOverflow in x64 machines

Milind Purswani — Mon, 01 Jul 2019 10:39:59 +0000

This is blog post will lay the foundations to buffer-overflow. I recommend you read this blog first before going to the practical session which is followed in another post. A buffer overflow, or buffer overrun, is an anomaly where a program while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations. Buffers are areas of memory set aside…

Source

How a classical XSS can lead to persistent ATO Vulnerability?

Milind Purswani — Wed, 19 Jun 2019 17:42:36 +0000

Hello Hunters, XSS (Cross Site Scripting) is really one of the most common bugs that we have found atleast once somewhere The thing that is not common is how we report it? Most of the Bug Bounty Programs asses the severity of an issue by considering the worst case impact that a particular POC can demonstrate. For instance, an e-commerce site will not consider a CSRF vulnerability…

Source

How I could have hijacked a victim’s YouTube notifications! (Google VRP Writeup)

Yash — Tue, 26 Mar 2019 15:21:10 +0000

Hi, So this is my first writeup, I hope you enjoy it! I was just searching around on YouTube if I could find anything but I was really tired and it was 12:30 in the night. I was poking around and I turned on my notifications on YouTube. This was the request that was going: You might guess where I am going with this! At first glance, seeing all those parameters like auth_key…

Source