Aplikasi memperbolehkan mendaftar akun dengan password yang mudah ditebak hu🙂
@vallerioalvaren
13 күн бұрын
@@rifaelsitorus5211 ada kemungkinan buat di bruteforce ga?
@rifaelsitorus5211
13 күн бұрын
@@vallerioalvaren iya impactnya akan semakin besar kalau bisa di bruteforce,
@BistecaChihuahua
14 күн бұрын
Root?
@rifaelsitorus5211
13 күн бұрын
Yah required root device
@itsm3dud39
16 күн бұрын
nice finding man
@ManishJangra1811
17 күн бұрын
How much experience you have in web hunting field (Berapa banyak pengalaman yang Anda miliki di bidang berburu web) Love from India💕
@RHYru9.
18 күн бұрын
Wah medan bang🎉
@erroreboy19mask20
20 күн бұрын
nice, but how u know ,how u think , that after the error u need to login then try it again? And how it could happen only by writting administrator, then the error bypassed ? And why u wrote Administrator instead somthing else? Doese it work on every programms???
@rifaelsitorus5211
19 күн бұрын
I don't know what actually happened on the backend, but when I logged in with the username 'administrator' and a random password, I could access that last endpoint It doesn't work to another program
@erroreboy19mask20
19 күн бұрын
@@rifaelsitorus5211 nice , ilike to know how u think it could success, iam interested to know this iq haha
@user-ci2np2ue9g
21 күн бұрын
Bro i want to learn bug bounty can you help
@rifaelsitorus5211
17 күн бұрын
Just watching every bug bounty poc videos or write up on internet
@user-ci2np2ue9g
17 күн бұрын
@@rifaelsitorus5211 I watched many pocs and did various things but still after 1 year I did not find any valid bug
@whetfaartz6685
9 күн бұрын
@@rifaelsitorus5211 BRO LITERALLY THIS LMAO
@monKeman495
23 күн бұрын
wht a fkin lair i reported much bigger vuln to this program and confident to say that mondelez don't care about this garbage it's not pentest program it's bbp ,,medium severitty : my ass
@rifaelsitorus5211
21 күн бұрын
However, this is what actually happened, they set the severity as medium.
@zakiseller
23 күн бұрын
Ini mas nya yang di LinkedIn rifael eurico sitorus kah
@dheikudeden7933
26 күн бұрын
Kalo ga di encode gabisa kah bang?
@rifaelsitorus5211
26 күн бұрын
@@dheikudeden7933 ga bisa bg, ada WAF nya
@imamuddinalmustaqim8138
28 күн бұрын
btw ini di platform hackerone kah?
@imamuddinalmustaqim8138
28 күн бұрын
Proses bypass dg otentikasinya, pdhl itu kyknya juga masuk bug broken authentication
@rifaelsitorus5211
28 күн бұрын
@@imamuddinalmustaqim8138 itu juga udah saya report bg, yah cuman ga ada impactnya bg soalnya saya ga bisa gunain fitur dashboardnya
@NoName-b5e
28 күн бұрын
keren bgg, punya tele ga?
@kenjikakashi
29 күн бұрын
Can I ask how you managed to find or know endpoints on websites?
@martindinchev5363
28 күн бұрын
Dir bruteforce, burp scan, sometimes there is in js files, source code , documentation, etc.
@cryptocoin8460
29 күн бұрын
bg buat grub dong
@arkhaarh
Ай бұрын
bro kalau mau jadi bug hunter harus belajar backend kah?
@rifaelsitorus5211
Ай бұрын
Kalau belajar nggak sih bg, yang penting paham dikit aja bg, kayak apa yang terjadi di be jika kita submit form dll
@rifaelsitorus5211
Ай бұрын
The attacker is still able to claim the coding scholarship without completing the mission If you have a question, please type it in the comment section.
@cumego
Ай бұрын
I don't get it, how did you got access to the endpoin? Did you try to login twice with incorrect creds and that allowed you somehow to pass thru?😮
@rifaelsitorus5211
Ай бұрын
I don't know what actually happened on the backend, but when I logged in with the username 'administrator' and a random password, I could access that last endpoint
@rifaelsitorus5211
Ай бұрын
The first try to logged in, it just incorrect re captcha code, so it didn't work
@headshot_gamingg
Ай бұрын
nice bro, whats your twitter handle?
@Hackerone1444
Ай бұрын
No waf on that site ?
@rifaelsitorus5211
Ай бұрын
there's Cloudflare on that site I bypassed with payload 2x encoding
@mistDexploit
Ай бұрын
keep going I like your Channel it's great
@rifaelsitorus5211
Ай бұрын
Thanks!
@firzainsanudzaky3763
3 ай бұрын
itu bukannya bisa ambil cookies admin? tapi hadiahnya kok cuma $150 padahal udah sampe takeover
@rifaelsitorus5211
2 ай бұрын
Mungkin kemarin saya jelasinnya kurang jelas kali yah
@zakiseller
3 ай бұрын
Itu dapat /Visionrecorn/content/Notacces.aspx?msg=test dimana mas, view source atau di burpsuite?
@rifaelsitorus5211
2 ай бұрын
Nyoba nyoba kemarin bg,
@rifaelsitorus5211
2 ай бұрын
Bug bounty mah faktor keberuntungan juga ada😂
@zakiseller
2 ай бұрын
@@rifaelsitorus5211 nyari parameter nya dimana mas, view source kah atau dmn
Пікірлер