Категории

Common Scoping Mistakes

Опубликовано: 07 Март 2024
на канале: Intigriti
983
45

🧠 TCM x Intigriti: Learn about some common scoping mistakes in bug bounty!

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by   / _cryptocat   ( ‪@_CryptoCat‬ ) &   / intigriti  

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com

Overview:
0:00 Introduction
0:22 Scoping Mistakes
3:15 Commonly OOS
8:58 Reporting Leaked Credentials
10:32 Case study: Redbull
21:25 Case study: InnoGames
23:37 Conclusion

play_arrow
2,516
30

00:00:00

Dlja chego tebe nuzhno...

Dlja chego tebe nuzhno...
play_arrow
235
5

04 November 2023

04 November 2023
play_arrow
98
2

"Казачий дворъ", Отчетный концерт 2015г.
play_arrow
151
5

«Казачий дворъ» - «Зимушка-зима»

«Казачий дворъ» - «Зимушка-зима»
play_arrow
141,981
11 тыс

this is why EXO don't do group livestreams

this is why EXO don't do group livestreams
play_arrow
13
1

What Dr. Wade Did For Me...

What Dr. Wade Did For Me...
play_arrow
227,826
2.8 тыс

Haruhime has gotten boing boing ever since she joined Hestia Familia | Danmachi | Danmachi season 4

Haruhime has gotten boing boing ever since she joined Hestia Familia | Danmachi | Danmachi season 4
play_arrow
58,534
242

Let's Feed the Dolphins 🐬

Let's Feed the Dolphins 🐬

Похожие видео
play_arrow
Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]

Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]
play_arrow
XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)

XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)
play_arrow
Intigriti Kick off 2024

Intigriti Kick off 2024
play_arrow
Exploiting Insecure Output Handling in LLMs

Exploiting Insecure Output Handling in LLMs
play_arrow
Indirect Prompt Injection

Indirect Prompt Injection
play_arrow
Exploiting Vulnerabilities in LLM APIs

Exploiting Vulnerabilities in LLM APIs
play_arrow
Exploiting LLM APIs with Excessive Agency

Exploiting LLM APIs with Excessive Agency
play_arrow
Intigriti Customer Story: Personio

Intigriti Customer Story: Personio
play_arrow
Performing CSRF Exploits Over GraphQL

Performing CSRF Exploits Over GraphQL
play_arrow
Misconfig Mapper - Hacker Tools

Misconfig Mapper - Hacker Tools
play_arrow
Bypassing GraphQL Brute Force Protections

Bypassing GraphQL Brute Force Protections
play_arrow
Finding a Hidden GraphQL Endpoint

Finding a Hidden GraphQL Endpoint
play_arrow
Accidental Exposure of Private GraphQL Fields

Accidental Exposure of Private GraphQL Fields
play_arrow
Accessing Private GraphQL Posts

Accessing Private GraphQL Posts
play_arrow
Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge

Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge
play_arrow
Introduction to GraphQL Attacks

Introduction to GraphQL Attacks
play_arrow
Aggressive Scanning in Bug Bounty (and how to avoid it)

Aggressive Scanning in Bug Bounty (and how to avoid it)
play_arrow
Exploiting Server-side Parameter Pollution in a REST URL

Exploiting Server-side Parameter Pollution in a REST URL
play_arrow
Common Scoping Mistakes

Common Scoping Mistakes
play_arrow
Exploiting Server-side Parameter Pollution in a Query String

Exploiting Server-side Parameter Pollution in a Query String
play_arrow
Understanding Scope, Ethics and Code of Conduct (CoC)

Understanding Scope, Ethics and Code of Conduct (CoC)
play_arrow
Exploiting a Mass Assignment Vulnerability

Exploiting a Mass Assignment Vulnerability
play_arrow
Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge

Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge
play_arrow
Finding and Exploiting an Unused API Endpoint

Finding and Exploiting an Unused API Endpoint