👩💻IW Weekly #56: Admin Panel Takeover, $10,000 Bounty, Caches & Firewalls for XSS, Telegram Vulnerabilities, Kubernetes Hacking, RCE using Log Poisoning and many more…
@anandpraka_sh shares their experience of finding a vulnerability in LinkedIn that enabled the deletion of any post, resulting in a $10,000 bounty.
Welcome to the #IWWeekly56 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We also have a Beginner's Corner featured in this edition.
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- @nanwinata reports on a company admin panel being taken over, resulting in a $4500 bounty.
- @anandpraka_sh explores the story of how they discovered a vulnerability that allowed the deletion of any LinkedIn post and was rewarded with a $10,000 bounty.
- @snoopy shares their experience of hacking the hackers in the Voorivex Hunt Event.
- Learn about how to bypass caches and firewalls for XSS attacks with this article by @SynackRedTeam.
- @davtur19 explores various security vulnerabilities discovered in Telegram, including RCE, privacy issues, and IP leaks, and how they were discovered through bug bounties.
🧵4 Trending Threads
- With all the AI buzz going around, learn more about Prompt Injection Attacks in this Twitter thread by @rez0__.
- Learn how @ronenshh and team gained unauthorized access to Alibaba Cloud.
- A story about a fresh new CVE in the packages advisory tool of @snyksec by @WeizmanGal.
- Here’s how @silentgh00st found SQL injection and possible RCE via recon and dorking.
📽️ 3 Insightful Videos
- @NahamSec provides useful techniques and advice for discovering your first valid bug in his latest video.
- @_JohnHammond delves into the world of Kubernetes hacking, providing insights in his latest video.
- @gregxsunday covers how you can set up your web3 testing environment with a few clicks.
⚒️ 2 GitHub repositories & Tools
- @diego95root's HackerOne Templates browser extension improves the reporting process on HackerOne by offering useful tools and templates.
- Check out @amalmurali47's Github repository "swagroutes" - a command-line utility for extracting and listing API routes from Swagger files in YAML or JSON format.
💰1 Job Alert
- @PayPal is seeking a Security Engineer(Sailpoint) for their India Remote team to manage identity and access management solutions.
![](https://weekly.infosecwriteups.com/content/images/2023/01/IWBeginnersCorner.png)
📝 3 Infosec Articles
- Found a Local File Inclusion (LFI)? Learn how to escalate it to a Remote code execution (RCE) using log poisoning, by @josewice7.
- Different ways to bypass rate-limiting by @heydc7.
- Learn about SMTP injection from this article by @deep_marketer_.
🧵 2 Trending Threads
- A compilation of a few awesome Burpsuite extensions, by @intigriti.
- A great tool to use while mobile pentesting is MobSF, learn about the different features of the same by @TakSec.
📽️ 1 Insightful Video
- Learn about access control bugs from @InsiderPhD’s bug bounty basics video series.
![](https://weekly.infosecwriteups.com/content/images/2023/03/image.png)
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Nithin R, Vinay Kumar, Tuhin Bose, Manan.
Newsletter formatting by: Nikhil A Memane, Manan, Ayush Singh, Hardik Singh, Siddharth, Rushi Padhiyar, and Nithin R.
Lots of love
Editorial team,
Infosec Writeups