REDACTED: $20,000 OAuth Bounty (FT. Nagli)

Показать описание

💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:

JOIN DISCORD:

🆓 🆓 🆓 $200 DigitalOcean Credit:

💬 Social Media

#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp

NahamSec

Рекомендации по теме

Комментарии

Amazing content, learnt quite a bit and I don't even grasp the fundamental concepts too much, please keep doing the series Naham!

NicolasCramer-zt

Thanks for the amazing video! I really hope you continue this series.

danielregassa

Nice! Thanks for the content, Nahamsec!

MarkFoudy

Thank you for inviting this incredible man❤

prasadleo

clearly a master at work. please @NahamSec be doing this frequently.

im_wander

WTF!!! It was a CTF, it is a basic oauth open redirect case 😂... That's why old bug hunter earn money, they are all in private program with easy bug like this for $20k... They gave him $6k for testing their patch lol

trustedsecurity

i have concern about training what we are getting we do practice in dvwa and some other labs we successfully bypass but when we go to the real live testing nothing is working what we learned in training online courses ?

AbhaySingh-jpe

Interesting, looks like a scenario of oauth implicit grant type. Thanks for the CTF and the video both.

Zip

what is 5wp how do I sign up for that ? where to look ? could anyone help me ?

wbyhsmw

This is definitely something new im going to be looking for. I am wondering if you could go over prototype pollution, i found one in a vdp but its not really able to execute anything too im not sure if its worth reporting

eyezikandexploits

but in this case you got the code for the specific application that you've created (client_id=6) when you will take the acceess token and use it in the other app (client_id=1 ) the oauth service should not allow you

neadlead

We love such content, ,, thanks Ben & Nagli

bughunter

Can someone explain me why is it critical and not high ? Its auth bypass that require user interaction right ?

khneo

This is more of an open redirect, than an account take over. You would need to exchange the code for a token (know the secret) in order to get an access token for the resourse of a user.

But hey 20k is 20k

nuttygold

So VDP don't really pay? I was invited and I submitted bugs, but they always close it saying it doesn't qualify, first it's not out of scope i show them the impact by using document.cookie to return sessions, they said no, it's within an email sandbox there it doesn't qualify, i bye pass the sandbox and they still close it without any further explanation. Do VDP really behave like that??

bakeery

In this example we are creating a new client and then getting the victim's code for that client. The code generated for one client shouldn't work for another. So I feel like account takeover wouldn't work in this case.

KarahannAe

Can someone translate into English 😖 I can barely understand every other word this guy is saying... Maybe it's time to learn French or something

greeneyedguy

probably he hacked this site using his apple vison pro😅

sudoer

REDACTED: $20,000 OAuth Bounty (FT. Nagli)

REDACTED: $20,000 OAuth Bounty (FT. Nagli)

Top-Tier Bug Bounty Hunter Mindset - Yassine Aboukir KEYNOTE at BSides Ahmedabad 2022

Demystifying Bug Bounties: Insights from a Decade of Experience - Yassine Aboukir

BSidesBUD2022: Bug Bounty Recon The Right Way