Man, please tell me it was in the default John the Ripper wordlist
UNBELIEVABLE - Someone was able to crack the password of the Bitcoin wallet I reported on only a short time ago and spend the $1,000,000,000 that was inside it!
The idea behind my latest XSS challenge was to bypass a strict CSP to execute arbitrary XSS without using parentheses. I explained the solution in detail, with mini-research alongside, in this article https://medium.com/@terjanq/arbitrary-parentheses-less-xss-e4a1cf37c13d. Check it out!😃
I've been typosquatting Python packages in PyPI for the last two years and the data is pretty fascinating: https://medium.com/@williambengtson/python-typosquatting-for-fun-not-profit-99869579c35d
So the sites should be using 301 redirects when redirecting to an external unknown page. Or even better, they should consider getting rid of the Open Redirect altogether as it can pose many social engineering vectors and other risks. And it's generally considered a security issue
As it turns out, Google display 302 Found redirects in the search results, as they could be *temporary* and the redirect location could change, it *doesn't* display 301 *Moved Permanently* redirects as they should be final. Nicely explained here: https://www.sistrix.com/blog/want-confuse-google-use-302-redirect/
All their domains registered by the same registrant and proxied through Cloudflare, going to report them
Well, they aren't scams exactly (yet), they are just harvesting that sweet search engine juice to then become one, once they are high enough on the search results page... hxxps://npq.thomasonlawfirm.com/t/639?56016d167596934240cac067d444d7a5
This looks like a pretty standard @iDNEScz@twitter.com article, right?
Open redirects I found they use:
Twitter pinned the credentials for their super-user admin tool to a Slack channel?!?!?!? https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html
Warning: you are about to enter about:internet, this could be a security risk!
But no worries... I have the Enhanced Security Configuration enabled...
Student, doing stuff with computers, electronics and other kinds of crap.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!