credential-extraction

3 articles

sort: new top best

bug-bounty473 google371 microsoft318 facebook271 xss267 rce184 apple178 malware177 exploit165 cve122 account-takeover110 bragging-post102 phishing85 csrf85 privilege-escalation83 browser71 supply-chain69 stored-xss65 authentication-bypass64 dos64 react58 reflected-xss57 cloudflare52 reverse-engineering50 access-control48 node48 input-validation48 aws48 cross-site-scripting48 writeup47 docker46 ssrf45 smart-contract45 ethereum44 web-security43 sql-injection43 defi43 web343 oauth41 web-application41 lfi38 info-disclosure37 pentest37 race-condition37 idor35 burp-suite35 auth-bypass35 vulnerability-disclosure34 cloud34 html-injection33

0 2/10

Admin Panel Accessed Via SQL Injection…

bug-bounty

A bug bounty hunter discovered admin panel access through SQL injection by enumerating historical URLs with waybackurls/gau, filtering for SQL injection patterns with gf, testing with a private tool, extracting admin credentials from the database, and finding the login panel URL in website source code.

sql-injection admin-panel-access bug-bounty recon url-enumeration credential-extraction bragging-post

waybackurls gau gf httpx Ratnadip Gajbhiye

medium.com · kh4sh3i/bug-bounty-writeups · 20 hours ago · details

0 3/10

SQL Injection & Remote Code Execution - Double P1

bug-bounty

A researcher discovered SQL injection on a subdomain to extract admin credentials, then leveraged those credentials to access phpMyAdmin on a different subdomain and achieved remote code execution via a PHP shell upload using MySQL's INTO OUTFILE command.

sql-injection remote-code-execution rce phpmyadmin information-disclosure mysql file-upload web-shell credential-extraction hash-cracking subdomain-enumeration bragging-post

Jerry Shah HackerOne BugCrowd crackstation.net pentestmonkey.net MySQL

shahjerry33.medium.com · kh4sh3i/bug-bounty-writeups · 20 hours ago · details

0 8/10

Escalating SSRF to RCE

vulnerability

A complete SSRF-to-RCE exploit chain on AWS Elastic Beanstalk that leverages the EC2 metadata service to extract IAM credentials, then uses those credentials to upload a PHP web shell to an accessible S3 bucket for remote code execution. The attack demonstrates how weak IAM policies can enable escalation from SSRF to full system compromise.

ssrf rce aws elastic-beanstalk metadata-service ec2 s3 aws-cli credential-extraction file-upload web-shell privilege-escalation cloud-security iam-role-abuse

Youssef A. Mohamed GeneralEG CESPPA Squnity Synack AWS Elastic Beanstalk AWS Systems Manager AWS CLI 169.254.169.254 aws-elasticbeanstalk-ec2-role AWSElasticBeanstalkWebTier

medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details