Skip to content

Welcome to Learn365! This repository is about 365 days of Learning .

Notifications You must be signed in to change notification settings

ctflearner/Learn365

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 

Repository files navigation

Learn365

Welcome to Learn365! This repository is about 365 days of Learning . This repository contains all the information shared during my Learn 365 Challenge.365 Days of Learning is a challenge to stay engaged in learning and personal development for a full year by setting a goal to learn something new every day, it can be anything from infosec.Follow me on LinkedIn for Regular Updates Affan Ahmed . Huge thanks to Anubhav Singh and Harsh Bothra, from whoam I got motivated to start this Learn365 challenge.

Date DAY TOPIC
05-01-23 1 Solstice VM Walkthrough
06-01-23 2 Command Injection-By-Harsh-Bothra
07-01-23 3 PG-Play : ICMP BOX Walkthrough by S1Ren
08-01-23 4 Aditya Shende Writeup
09-01-23 5 Subdomain Takeover
10-01-23 6 Beginners Guide to Container Security
11-01-23 7 Json Web Tokens
12-01-23 8 HTB-Seventeen
13-01-23 9 All you need to know about JWT Pt. 2
14-01-23 10 The Ultimate Guide to SQL Injection
15-01-23 11 Infosec Writeup
16-01-23 12 huntr-dev-XSS-Writeup
17-01-23 13 huntr-dev-File-Upload-Writeup
18-01-23 14 huntr-dev-Path-Traversal-Writeup
19-01-23 15 Uploading the Webshell using filename of Content-Disposition Header Story!
20-01-23 16 XSS in Integration URL in linagora/twake
21-01-23 17 Access Control Violation - Sensitive Data Exposure
22-01-23 18 How A Simple IDOR Led Me To Delete Any Account
23-01-23 19
  • Vulnerable-Code-Snippet:1
  • WebSockets Security Explained For Security Enthusiasts
24-01-23 20
  • SecurityExplained S-13: Vulnerable Code Snippet - 2
  • Exploiting Open Redirect – Whitelist Bypass Using Salesforce Environment
25-01-23 21 Weak password policy : Old password can be set as new password in ikus060/rdiffweb
26-01-23 22 Bypassing application logic to set a blank password in ikus060/rdiffweb
27-01-23 23 XSS in RSS Description Link in glpi-project/glpi
28-01-23 24
  • Weaponizing self-xss
  • Discovered Reflected Cross-Site Scripting Vulnerable into Shaadi.com
29-01-23 25 Understanding Server Side Template Injection In Flask Apps
30-01-23 26 Exploring SSTI In Flask/Jinja2
31-01-23 27
  • Find and Exploit NoSQL Injection
  • How to Directory Brute Force Properly
01-02-23 28 Cross-site Scripting (XSS) - Stored in projectsend/projectsend
02-02-23 29
  • parser bypass and make SSRF attack in ionicabizau/parse-url
  • SSRF in feeds in glpi-project/glpi
  • NahamCon2022EU: Till REcollapse: Fuzzing the Web for Mysterious Bugs by @0xacb
03-02-23 30 Ultimate Guide To SQL Injection – Part I
04-02-23 31 What is DOM-based XSS (cross-site scripting)?
05-02-23 32 Research How can Local File Inclusion lead to RCE
06-02-23 33
  • RCE in Wordnet Browser in nltk/nltk
  • Bypass All Captchas in the application in thorsten/phpmyfaq
07-02-23 34
  • What Should You Do After Recon?!
  • Multiple Ways to Crack WordPress login
08-02-23 35
  • HTTP Query String Injection in unjs/unstorage
  • Open Redirect on "returnUrl=" parameter in btcpayserver/btcpayserver
09-02-23 36
  • Subdomain Takeover: Proof Creation for Bug Bounties
  • CTF LFI Challenge December
10-02-23 37 Hacking Web Cache - Deep Dive in Web Cache Poisoning Attacks
11-02-23 38
  • SecurityExplained S-15: Vulnerable Code Snippet - 3
  • SecurityExplained S-16: Vulnerable Code Snippet - 4
  • SecurityExplained S-17: Vulnerable Code Snippet - 5
12-02-23 39
  • SecurityExplained S-18: Vulnerable Code Snippet - 6
  • SecurityExplained S-19: Vulnerable Code Snippet - 7
  • SecurityExplained S-20: Vulnerable Code Snippet - 8
13-02-23 40 2 FA Bypassing Methods & Techniques
14-02-23 41
  • SecurityExplained S-21: Vulnerable Code Snippet - 9
  • SecurityExplained S-22: Vulnerable Code Snippet - 10
  • SecurityExplained S-23: Vulnerable Code Snippet - 11
15-02-23 42
  • SecurityExplained S-24: Vulnerable Code Snippet - 12
  • SecurityExplained S-25: Vulnerable Code Snippet - 13
  • SecurityExplained S-26: Vulnerable Code Snippet - 14
16-02-23 43
  • SecurityExplained S-27: Vulnerable Code Snippet - 15
  • SecurityExplained S-28: Vulnerable Code Snippet - 16
  • SecurityExplained S-29: Vulnerable Code Snippet - 17
17-02-23 44 Spot The Vulnerability XSS Challenge Simplified
18-02-23 45 Basics Of HTTP Request Smuggling
19-02-23 46 HTTP REQUEST SMUGGLING PART-2
20-02-23 47 A GUIDE TO SERVER SIDE REQUEST FORGERY(SSRF)
21-02-23 48 Deep Dive Into Android Security
22-02-23 49 Getting Started Into Android Security Part 2
23-02-23 50 Oauth A Feature To Vulnerability
24-02-23 51 Broken Access Control in francoisjacquet/rosariosis
25-02-23 52 Limited LFI via Path Traversal in salesagility/suitecrm
26-02-23 53 Prevent account takeover with proper cookie configuration
27-02-23 54 Arbitrary txt files deletion (authenticated) in nilsteampassnet/teampass
28-02-23 55 How I hacked into a company with 200,000+ users
01-03-23 56 Networking Pivoting via SSH
02-03-23 57 SecurityExplained S-30: Vulnerable Code Snippet - 18
03-03-23 58 Mobile Application Pentesting: Analyzing Common Vulnerabilities
04-03-23 59 SQL Injection in 'core/ajax/ajax_data.php' in unilogies/bumsys
05-03-23 60 A New Vector For “Dirty” Arbitrary File Write to RCE
06-03-23 61 Cross-Site Request Forgery (CSRF) Explained
07-03-23 62
  • Stored DOM-based Cross-site Scripting in Tags Functionality in answerdev/answer
  • SQL Injection in Custom Fields in phpipam/phpipam
08-03-23 63 XSS via Client Side Template Injection in btcpayserver/btcpayserver
09-03-23 64 How to Write your First Nuclei Template ?
10-03-23 65 Authentication Bypass for users with MD5 password hash in froxlor/froxlor
11-03-23 66 RCE using bad deserialization in builderio/qwik
12-03-23 67 IDOR to delete memo from archives in usememos/memos
13-03-23 68
  • CSRF leading to delete a domain in modoboa/modoboa
  • CSRF leading to delete a user in modoboa/modoboa
14-03-23 69 Idor disclose other user's appointment in openemr/openemr
15-03-23 70 Unauthenticated OS in stamparm/maltrail in stamparm/maltrail
16-03-23 71 XSS in Document Types module in Settings in pimcore/pimcore
17-03-23 72 IDOR in ilsteampassnet/teampass
18-03-23 73 Phar Deserialization of Untrusted Data in knplabs/snappy
19-03-23 74 Active Directory Series: Active Directory Fundamentals
20-03-23 75 SVG Sanitization Bypass - XSS in imgproxy/imgproxy
21-03-23 76 How I Found Business Logic Vulnerability in Google Pay
22-03-23 77 SQLi in API authorization check in nilsteampassnet/teampass
23-03-23 78 SECURING AD WHEN ANONYMOUS USERS MUST HAVE ACCESS
24-03-23 79 Blind LFI in register-model/get?name= in mlflow/mlflow
25-03-23 80 LFI/RFI in MLflow in mlflow/mlflow
26-03-23 81 mitm6 – compromising IPv4 networks via IPv6
27-03-23 82 Unhandled SWF Tags in MP4Box: in GPAC in gpac/gpac
28-03-23 83 how-to-shut-down-a-plant-remotely
29-03-23 84 Autenticated Stored (XSS) in pluck-cms/pluck
30-03-23 85 token forgery in deepset-ai/haystack
31-03-23 86 XSS @ records in thorsten/phpmyfaq
01-04-23 87 RCE by SSTI Injection in microweber/microweber
02-04-23 88 Captcha Bypass in answerdev/answer
03-04-23 89 SIGSEGV libr/bin/p/bin_ radareorg/radare2
04-04-23 90 SecurityBoat Dynamic Challenge SSRF Solution
05-04-23 91 SQLi at /front/report.dynamic.php in glpi-project/glpi
06-04-23 92 BAC in Vote/Friend Function in pbboard/pbboard-3.0.4
07-04-23 93 Guide to Parameter Enumeration
08-04-23 94 IDOR-leads to account takeover in glpi-project/glpi
09-04-23 95 Formula injection via Full Name in chatwoot/chatwoot
10-04-23 96 CSRF & Bypasses
11-04-23 97 Password reset link not expired in answerdev/answer
12-04-23 98 Exploiting Server Side Request Forgery (SSRF) in an API
13-04-23 99 Stored XSS in nilsteampassnet/teampass
14-04-23 100 RCE-File Write in froxlor/froxlor
15-04-23 101 Restriction-Excessive-Authentication
16-04-23 102 password validation. in limesurvey/limesurvey
17-04-23 103 HTTP Parameter Pollution (English)
18-04-23 104 password validation.in limesurvey/limesurvey
19-04-23 105 A detailed guide to OSINT
20-26 106-112 SQL Injection leads to code execution in unilogies/bumsys
27-04-23 113 Cross site scripting on the login page in pimcore/pimcore
28-04-23 114 Path Traversal in code in unilogies/bumsys
29-04-23 115 Weaponizing Reflected XSS to Account Takeover
30-04-23 116 Reflected xss on login.php leads to account takeover
01-05-23 117 EmailAddress Manipulation Vulnerability in thorsten/phpmyfaq
02-05-23 118 Zero-Click Remote Code Execution in appium/appium-desktop
03-05-23 119 Multiple SQL Injections in salesagility/suitecrm
04-05-23 120 AWS_Cognito_Misconfigurations:The_Silent_Killer
05-05-23 121 Broken Rate Limiting in azuracast/azuracast
06-05-23 122 Stored XSS on items in Folder in nilsteampassnet/teampass
07-05-23 123 How I found XSS via SSRF vulnerability -Adesh Kolte
08-05-23 124 API6 - Mass Assignment-crAPI
09-05-23 125 Solved-lab:Blind SQL Injection with Conditional Responses
10-05-23 126 CSV-Injection-in-pimcore/customer-data-framework
11-05-23 127 Escalating SSRF to RCE
12-05-23 128 Lack of brute force protection in linagora/twake
13-05-23 129 Chaining vulnerabilities leads to account takeover
14-05-23 130 Solved:Stocker From HTB
15-05-23 131 XSS leading to session hijacking in pandorafms/pandorafms
16-05-23 132 XSS to RCE found in Trilium in zadam/trilium
17-05-23 133 Possible URL spoofing on wildcard path in unjs/h3
18-05-23 134 Stored xss leads to doctor / admin account takeover
19-05-23 135 Insecure Temporary File in huggingface/transformers
20-05-23 136 Local File Read Bypass in mlflow/mlflow in mlflow/mlflow
21-05-23 137 Bug Bounty Hunter Mindset - Yassine Aboukir
22-05-23 138 Stored XSS and CSP Bypass in KiwiTCMS in kiwitcms/kiwi
23-05-23 139 XML External Entity (XXE) injection in sympy in sympy/sympy
24-05-23 140 Stored HTML injection in nilsteampassnet/teampass
25-05-23 141 IDOR leading to Privilege Escalation!
26-05-23 142 Building a Password Cracker in Rust
27-05-23 143 HTTP Request Smuggling Basics
28-05-23 144 Blind SQLi
29-05-23 145 How a simple Directory Listing leads to PII Data Leakage,RCE
30-05-23 146 Security source code review expert - Shubham Shah
31-05-23 147 Stored XSS bypass in "FAQ" in thorsten/phpmyfaq
01-06-23 148 5 Ways I Bypassed Your Web Application Firewall (WAF)
02-06-23 149 XSS at User-Agent of Headers in mkucej/i-librarian-free
03-06-23 150 Attacker can turn off 2FA of the Admin in tsolucio/corebos
04-06-23 151 Bypass change password policy in tsolucio/corebos
05-06-23 152 BAC On Item via ID in nilsteampassnet/teampass
06-06-23 153 Stored XSS Via SVG Upload in kiwitcms/kiwi
07-06-23 154 Chaining HTML injection to XSS lead to steal Cookie
08-06-23 155 HTML INJECTION LEADS TO OPEN REDIRECT
09-06-23 156 Web Services And Its Attack Types
10-06-23 157 HTML Injection in Folder Name in nilsteampassnet/teampass
11-06-23 158 File Path Traversal Vulnerability in froxlor/froxlor
12-06-23 159 Session Fixation in froxlor/froxlor
13-06-23 160 Bypassing Firewalls: Going Beyond Source Port Manipulation
14-06-23 161 Userscan order Add-Ons Separately in fossbilling/fossbilling
15-06-23 162 westillcanorderthe product even it is disabled in fossbilling/fossbilling
16-06-23 163 SQLI in the "Users" function of Piwigo in piwigo/piwigo
17-06-23 164 DOM XSS and openredirect in saleor/react-storefront
18-06-23 165 IDOR in message deletion in admidio/admidio
19-06-23 166 The user can delete himself in limesurvey/limesurvey
20-06-23 167 Bypassing Okta SSO=> HTTPS/HTTP
21-06-23 168 Formula Injection in CSV export feature in admidio/admidio
22-06-23 169 Stored XSS in module named in salesagility/suitecrm-core
23-06-23 170 Privilege Escalation Vulnerabilityin fossbilling/fossbilling
24-06-23 171 Session Fixation Vulnerability in fossbilling/fossbilling
25-06-23 172 SSTI leads to RCE in fossbilling/fossbilling
26-06-23 173 Arbitrary Code Execution in Apache BRPC in apache/brpc
27-06-23 174 CSRF Leading to reset Boxes in limesurvey/limesurvey
28-06-23 175 URL Restriction Bypass in plantuml/plantuml
29-06-23 176 Leak Secret tokens by changing baseURL nuxt-api-party
30-06-23 177 wecan still send the photo asthe albums is locked in admidio
01-07-23 178 RCE via File upload in fossbilling/fossbilling
02-07-23 179 SQLI in searchArticles function in fossbilling/fossbilling
03-07-23 180 CSV Injection while export users in fossbilling/fossbilling
04-07-23 181 IncorrectAuthorizationleads-delete-userlimesurvey/limesurvey
05-07-23 182 Stored XSS in kiwitcms/kiwi
06-16 183-193
  • SQL injection in some Admin Sort functions
  • Cross site scripting in Admidio 4.2.9 via headline parameter
  • Stored XSS on user "Category report" function
  • Cross-Site Request Forgery lead to lock and unlock Album
  • Stored XSS on user "Edit own profile" function
  • Stored XSS on user "Write private message" function
  • Vulnerable CKEditor used on version 4.2.9
  • Broken Access Control on Private Message Function
  • Exposure version installed on the system
  • Mongoose Prototype Pollution Vulnerability in automattic/mongoose
  • IDOR can make attackers add or close others' unavaiable in alextselegidis/easyappointments
17-07-23 194 BUG BOUNTY: ANDROID APPLICATION PENETRATION TESTING #1 2023
18-07-23 195 Potential-XSS injection in stuff and say attributes in i40west/obfumatic
19-07-23 196 Common mistakes when using permissions in Android
20-07-23 197 Exploiting memory corruption vulnerabilities on Android
21-07-23 198 How i buy a subdomain of Tokopedia’s website
22-07-23 199 SQL injection in Data Objects function in pimcore/pimcore
23-07-23 200 Exploit Writing 101 - Beyond Just Reporting Bugs
24-07-23 201 Confidentialinformation provided to user with no permissions in pimcore/pimcore
25-07-23 202 Account Takeover via Email Confirmation
26-07-23 203 BUG BOUNTY: DEEP RECON INTO THE WEB APPLICATION
27-07-23 204 XSS on Microsoft.com via Angular Js template injection
28-07-23 205 Netflix Party — XSS Vulnerabilities
29-07-23 206 Always escalate! From Self-XSS to Persistent XSS on Login Portal
30-07-23 207 XSS WAF & Character limitation bypass like a boss
31-07-23 208 XSS on Sony subdomain
01-08-23 209 Clickjacking DOM XSS on Google.org
02-08-23 210 My first valid xss(@Hackerone)
03-08-23 211 Instagram/Meta Clickjacking Leads to MakePrivateAccountPublic
04-08-23 212 What I learned from reading 126* Information Disclosure Writeups
05-08-23 213 How did I find information Disclosure on Facebook-Writeup
06-08-23 214 Information Disclosure
07-08-23 215 AEM misconfiguration leads to Information disclosure
08-08-23 216 Misconfigured WordPress takeover to Remote Code Execution
09-08-23 217 Chaining Self XSS with UI Redressing is Leading to Session Hijacking
10-08-23 218 Response manipulation worth 2000$
11-08-23 219 5500$ Bug Story - Ezzy 2FA Bypass
12-08-23 220 Random stuff by yappare
13-08-23 221 From Revealing Emails to Taking Over Accounts (Hacking Telecom)
14-08-23 222 CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover
15-08-23 223 Rate Limit Misconfiguration on tumblr login
16-08-23 224 First Bug Bounty Program found CORS (Cross Origin Resource Sharing ) Misconfiguration
17-08-23 225 Password Reset via OTP BYPASS — response manipulation
18-08-23 226 How to Get Unique Subdomains on Large scope
19-08-23 227 OTP bypass and Account takeover using response manipulation
20-08-23 228 Pivoting Entire Network with Chisel
21-08-23 229 Lateral movement between two domains without abusing Trust Relationships.
22-08-23 230 Bypass Two-Factor Authentication of Facebook Accounts ($25,300)
23-08-23 231 Windows Domains, Pivot & Profit
24-08-23 232 ALL about OSCP Pivoting AD Lateral Movement, ligolo-ng, chisel, sshuttle
25-08-23 233 Enumerating AD users with LDAP
26-08-23 234 Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp
27-08-23 235 Open Directory
28-08-23 236 Found SSRF and LFI in Just 10 minutes of using burp!
29-08-23 237 Uncovering Vulnerabilities: Security Flaws Discovered on the Indian Prime Minister’s Website
30-08-23 238 IDOR in Users Edit screen in omeka/omeka-s
31-08-23 239 SSRF Blind in the image upload module via url in instantsoft/icms2
01-09-23 240 How I found a No Rate Limit bug
02-09-23 241 There is no rate limit for SME REGISTRATION PORTAL
03-09-23 242 Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
04-09-23 243 privilege escalation : Low access user can view Admin PRIVATE POST by using PIN functionality in usememos/memos
05-09-23 244 https://github.com/ctflearner/Learn365/blob/main/Days/Day244.md
06-09-23 245 XSS at file uploading in instantsoft/icms2
07-09-23 246 IDOR Vulnerability Allow Low-Level User change role Everyone Includes Admin in answerdev/answer
08-09-23 247 Leaked Database and SMTP credentials through .env file
09-09-23 248 How I got RXSS from Shodan
10-09-23 249 How I placed into Apple Hall of Fame in 5 Minutes
11-09-23 250 Improver Validation of File Name Causes RCE in tenpi/music-player
12-09-23 251 SQL injection and Authentication bypass in mintplex-labs/anything-llm
13-09-23 252 Account Takeover at https://trello.com
14-09-23 253 SQL Injection Vulnerability in Content Page in instantsoft/icms2
15-09-23 254 HTML Injection in librenms/librenms
16-09-23 255 Exploiting Broken Access Control Vulnerability
17-09-23 256 22.6k+ GitHub Stars Note-Taking App Hit by Critical XSS Vulnerability
18-09-23 257 XSS/CSRF in GetImage Endpoint in usememos/memos
19-09-23 258 How I Got 4 SQLI Vulnerabilities At One Target Manually Using The Repeater Tab
20-09-23 259 Multiple Self-XSS Vulnerabilites in hestiacp/hestiacp
21-09-23 260 Application allows large characters to insert in the input field "Add new table"... in nocodb/nocodb
22-09-23 261 XML injection vulnerability: Examples, cheatsheet and prevention
23-09-23 262 How I Hacked the Exam Portals of 1000+ Indian Institutions Including LPU, IIT Bombay, IIT Kanpur, VIT, SRM, UPES, GITAM, GNA University, and More, Impacting Over 1 Million Students and 65,000+ Teachers.
24-09-23 263 No rate limit lead to otp brute forcing
25-09-23 264 Stored XSS via user's Username in limesurvey/limesurvey
26-09-23 265 How I Mass hunt for Admin Panel Access…
27-09-23 266 Stored XSS in description of theme in limesurvey/limesurvey
28-09-23 267 Basics of API Security – Part 1
29-09-23 268 No rate limiting on creating access token in ikus060/rdiffweb
30-09-23 269 Secret information exfiltration by hard coding twitter API keys in microweber/microweber
01-10-23 270 Store DOM XSS in Edit configuration in thorsten/phpmyfaq
02-10-23 271 Stored XSS at LOGO+USER menu in instantsoft/icms2
03-10-23 272 Insufficient access control in the export functionality for the 'Groups' module exposing user password hashes in salesagility/suitecrm
04-10-23 273 Stored XSS in the Cases functionality in salesagility/suitecrm
05-10-23 274 Open Redirect in mosparo/mosparo
06-10-23 275 XSS Steal Cookies
07-10-23 276 Stored Cross Site Scripting (XSS) in snipe/snipe-it
08-10-23 277 RXSS in onpremises version of structurizr in structurizr/onpremises
09-10-23 278 Account takeover via leaked session cookie
10-10-23 279 Incorrect Authorization in User role in limesurvey/limesurvey
11-10-23 280 CSRF in Send Reminder in snipe/snipe-it
12-10-23 281 Account takeover due to misconfiguration
13-10-23 282 HTML injection Leads to Open redirection in froxlor/froxlor
14-10-23 283 HackTheBox Business CTF 2023 – Crypto
15-10-23 284 No rate limit on sending magic link to sign-in in vriteio/vrite
16-10-23 285 Time-Based Blind SQL injection leads to database extraction in librenms/librenms
17-10-23 286 Don't Trust the Host Header for Sending Password Reset Emails
18-10-23 287 CSRF in Payment Types in pkp/ojs
19-10-23 288 Android Pentesting 101: A Novice’s Handbook to Getting Started
20-10-23 289 leaked all users names from a user without known permissions in wagtail/wagtail
21-10-23 290 DOM Cross Side Scripting in modoboa/modoboa
22-10-23 291 How I saved 2.8 Million PII of Indian citizens from hackers.
23-10-23 292 Cross-site Scripting (XSS) - Stored in janeczku/calibre-web
24-10-23 293 Cross-site scripting (XSS) stored in href bypasses filter using data wrapper in janeczku/calibre-web
25-10-23 294 Blind Sql Injection in https://█████/qsSearch.aspx
26-10-23 295 An agent without permission has the ability to update, add, or delete FAQ items in osticket/osticket
27-10-23 296 Time-base SQL Injection in Search Users
28-10-23 297 Improper input validation leads to arbitrary file deletion in mintplex-labs/anything-llm
29-10-23 298 Password Reset link hijacking via Host Header Poisoning in linkstackorg/linkstack
30-10-23 299 IDOR - Users can change Administrator information (User ID = 1 ) in limesurvey/limesurvey
31-10-23 300 Store DOM XSS in FAQ in thorsten/phpmyfaq
01-11-23 301 Stored XSS in module named "New Submissions" in pkp/pkp-lib
02-11-23 302 Improper Access Control That Leads to Privilege Escalation / Account Takeover in glpi-project/glpi
03-11-23 303 Theft of Arbitrary Files from non-exported FileProvider via improper implementation of setResult in WelcomeScreen.kt in teamamaze/amazefileutilities
04-11-23 304 $7000 Bounty on a Single Web Application
05-11-23 305 CSRF Delete Navigation Menu Items in pkp/pkp-lib
06-11-23 306 SAML 2.0: A Brief Conceptual Overview
07-11-23 307 How I sent multiple payment requests on PhonePe, Paytm, and Google Pay
08-11-23 308 user can still comment the unpublish blog in microweber/microweber
09-11-23 309 User sends email to group member, while not having general user group permissions in limesurvey/limesurvey
10-11-23 310 How I got Access to a Company’s Auth0 Management API !!
11-11-23 311 CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman
12-11-23 312 Disabled accounts still work normally in pkp/pkp-lib
13-11-23 313 How to Upgrade Your XSS Bugs from Medium to Critical
14-11-23 314 CVE-2023-27537: HSTS double-free
15-11-23 315 First step of IOS Pentesting Approaching IOS application for Pentesting (Beginner Edition )
16-11-23 316 Reflected XSS via Upgrade Wizard in salesagility/suitecrm
17-11-23 317 LFI in Ray API in ray-project/ray
18-11-23 318 Relative path traversal in vertaai/modeldb
19-11-23 319 Breaking Barriers: Unmasking the Easy Password Validation Bypass in Security Key Registration How a Dumb Frontend Led to 750 $ Bounty
20-11-23 320 Unauthorized Access and Content Modification in h20-r S3 Bucket which is used in .sh and docker file leads to spread of malicious R package which can lead to remote code execution in h2oai/h2o-3
21-11-23 321 Bug Bounty Target Deep Dive
22-11-23 322 Can use csrf to steal/modify block content, artifact content, variables possibly leading to RCE when the dashboard is running on a developers workstation in prefecthq/prefect
23-11-23 323 Code injection in cpu_profile format parameter in ray-project/ray
24-11-23 324 Pentesting Linux Thick Client Applications
25-11-23 325 CVE-2023-23914: HSTS ignored on multiple requests
26-11-23 326 Easy $500 Vulnerabilities! // How To Bug Bounty
27-11-23 327 [Quora Android] Possible to steal arbitrary files from mobile device
28-11-23 328 Passcode Protection in Android Devices Can be Bypassed.
29-11-23 329 Reverse Engineering APK an Android app
30-11-23 330 2 click Remote Code execution in Evernote Android
01-12-23 331 Vulnerabilities in exported activity WebView
02-12-23 332 Cross Site Scripting (XSS) in Layers of Image in viliusle/minipaint
03-12-23 333 Android App Bug Bounty Secrets
04-12-23 334 [Grab Android/iOS Insecure deeplink leads to sensitive information disclosure
05-12-23 335 CVE-2020-8913
06-12-23 336 PDF Upload Leading to Stored XSS
07-12-23 337 DoS via Password Strength Checker Function
08-12-23 338 Identity Aware Proxy for Securing GCP Applications: Part-01
09-12-23 339 Javascript Analysis to SQL injection
10-12-23 340 New payload to exploit Error-based SQL injection - Oracle database
11-12-23 341 Initial access
12-12-23 342 Leaking error content at upload file in microweber/microweber
13-12-23 343 631-burpsuite-101-going-deep-into-intruder
14-12-23 344 Understanding Directory Traversal Vulnerabilities
15-12-23 345 unveiling-mobile-app-security-a-comprehensive-guide
16-12-23 346 how-i-found-130-sub-domain-takeover-vulnerabilities-using-nuclei
17-12-23 347 Updated Beginners Guide to API Bug Bounty
18-12-23 348 Recon in Cybersecurity #11 - The Never Ending JS Files
19-12-23 349 Recon in Cybersecurity #12 - Digging into The Past with WaybackMachine
20-12-23 350 PostgreSQL SELECT only RCE
21-12-23 351 how-can-i-account-take-over-any-account
22-12-23 352 understanding-edr-vs-xdr-differences-and-the-future-outlook
23-12-23 353 Hacking with The Internet Time Machine
24-12-23 354 The ART of Chaining Vulnerabilities
25-12-23 355 How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain
26-12-23 356 From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR
27-12-23 357 How to Bypass Device Verification for Email & Login Forms? — no cookies required!
28-12-23 358 Recon in Cybersecurity #13 - A Primer on Reporting - Don't Sabotage Yourself
29-12-23 359 Store XSS in Notifications Menu in instantsoft/icms2
30-12-23 360 AWS S3 Enumeration Basics
31-12-23 361 DoS via abusing the Upload Function
01-01-24 362 Possible XSS vulnerability without a content security bypass
02-01-24 363 How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports
03-01-24 364 Path traversal to RCE in Android — Mobile Hacking Lab ‘Document Viewer’ write-up
04-01-24 365 CSP Bypass ”script-src” – Detailed Writeup

About

Welcome to Learn365! This repository is about 365 days of Learning .

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published