For those who ask what is the potential impact of this vuln : an attacker can inject a malicious HTTP request into the web server in order to bypass internal security controls. The point is that, most of the time, the web servers do not check for security mesures in a smuggled http request. In addition, some of the ressources available on the web server are often not accessible outsite of the web server itself. So performing a request like this can allow the attacker to gain access to protected ressources such as admin panel etc...
@likingalllol
7 ай бұрын
thanks!
@abdulx01
Жыл бұрын
Nice catch... 👍
@shba9300
Жыл бұрын
Dear good find Would like to know how would you convince them it's a vulnerability and what is the impact
@joshuavega2193
Жыл бұрын
Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".
@theworldofyuri3083
Жыл бұрын
@@joshuavega2193 nice reminder heheh
@oo7posam581
Жыл бұрын
@@joshuavega2193 He should have gone for Ssrf through this... Server would have accepted the 1st request as original and yet answered the second request as valid.
@youssefzero9059
Жыл бұрын
❣❣
@DreyTheVlogger
Жыл бұрын
Hello, what background music did you used ? Thanks!
@electrowizard2658
Жыл бұрын
thier can be no affect on this its just ur forwaring the tweet request with some changes
@umarsjd7205
2 ай бұрын
Actually it has. The person didnt showed this but what he was trying to depict is How vulnerable the security is, The person could insert malicious request To weaken the security which already is.like he can insert JavaScript or injections to ask for Passwords from the system cuz he already infiltrated it
@vmvideos8482
Жыл бұрын
Bro how to install the burp suite version 1.7.35 ?
@educationhive
Жыл бұрын
I will send there if I send here yt can strike
@AGNIHACKERS
Жыл бұрын
Bro please share Reference report
@educationhive
Жыл бұрын
Ok I Will share next video
@AGNIHACKERS
Жыл бұрын
@@educationhive bro please mention this report link. Same Model vulnerability i find in other website.
@educationhive
Жыл бұрын
@@AGNIHACKERS sure
@AutomatizaTuTiempo
Жыл бұрын
hey that's not a vulnerability
@joshuavega2193
Жыл бұрын
Since the tweet is not made in another account, I guess that´s why the bug got only 3k. If it had been a tweet in a different account, it would've gotten a higher bounty. Remember that this is not directly for vulnerabilities, but for bugs too. I guess that's why it's called "Bug Bounty" and not "Vulnerability Hunting".
@AutomatizaTuTiempo
Жыл бұрын
@@joshuavega2193 For simple mistakes you don't get rewards, plus the staff ignores it.
@brice2825
Жыл бұрын
The request might be bypassing front-end server
@UCgqz30RWVkz5yowONnFrO4w
Жыл бұрын
Bro can you explain, what is the Impact. Because you are tweeting another tweet from the same account. I am new to this vulnerability and many times I found this vuln but not able to show Impact and no-one will accept it wihout any serious impact. Pls explain the impact.
@educationhive
Жыл бұрын
I will explain here at night
@the_sandman00
Жыл бұрын
@@educationhiveis it night yet?
@newbiejember9854
Жыл бұрын
@@the_sandman00 xD
@user3549
9 ай бұрын
Lol@@newbiejember9854
@jondo-vh8tx
5 ай бұрын
@@the_sandman00 😂😂😂😂😂😂😂😂😂😂 no dude he will not explain and this is waste of time
@AL-dg3qd
Жыл бұрын
what tool do you use to find out if it's xss?
@educationhive
Жыл бұрын
Smuggler
@AL-dg3qd
Жыл бұрын
@@educationhive Is it safe or does it have a virus?
@educationhive
Жыл бұрын
safe
@allandiego1446
Жыл бұрын
Dear good! But which is the really impact of this vulnerability?
@educationhive
Жыл бұрын
I will share wait
@allandiego1446
Жыл бұрын
@@educationhive Thanks! I am waiting for this haha 😁
Пікірлер: 35