misconfig

2 articles
sort: new top best
clear filter
bug-bounty480 google298 xss277 microsoft249 facebook212 rce160 apple150 exploit137 bragging-post102 account-takeover98 malware94 csrf84 cve80 privilege-escalation74 stored-xss65 authentication-bypass64 writeup61 reflected-xss57 react54 browser54 cloudflare51 ssrf51 dos50 phishing50 access-control49 cross-site-scripting48 input-validation48 node47 docker46 aws46 smart-contract45 sql-injection45 ethereum44 defi43 supply-chain43 web-security43 web-application42 oauth41 web339 burp-suite36 lfi35 idor34 vulnerability-disclosure34 html-injection33 race-condition32 smart-contract-vulnerability32 reverse-engineering31 clickjacking31 csp-bypass30 information-disclosure30
0 5/10
Finding a p1 in one minute with shodan.io RCE
bug-bounty

A P1 RCE vulnerability discovered in a misconfigured Jenkins instance via Shodan reconnaissance, exploiting open user registration and exposed script console execution capabilities.

bug-bounty rce jenkins shodan reconnaissance authentication-bypass misconfig security-by-obscurity p1-vulnerability
Shodan Jenkins sw33tLie
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details
0 5/10
ADCS-ESC1: Misconfigured Certificate Templates Leading to Full Domain Compromise
vulnerability

ADCS ESC1 is a critical Active Directory Certificate Services misconfiguration where improperly configured certificate templates allow low-privileged users to request certificates on behalf of domain administrators, enabling full domain compromise through privilege escalation.

active-directory certificate-services adcs esc1 privilege-escalation domain-admin certificate-template misconfig lateral-movement windows
ADCS ESC1 Active Directory Certificate Services
cobalt.io · GhostShift · 1 day ago · details