👩💻IW Weekly #61: CVE-2023-2822, PII breach, IDOR’s impacting organizations, Open Redirect to Account Takeover, File upload Vulnerabilities, Root an AVD and many more..
cyberninja8881 uncovers a reflected cross-site scripting vulnerability lurking in the Ellucian Ethos Identity CAS Logout Page.
Welcome to the #IWWeekly61 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter.
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Checkout @cyberninja8881's amazing RXSS find in Ethos Identity & unleash WAF bypass magic!
- @nav1n0x's triumph: Halting a massive PII breach through hacking SQL servers in India's top health benefits platform.
- Go through @Sahildari's remarkable journey in discovering a unique kind of IDOR!
- Unveiling the diaries of an IDOR that exposed 17 Million users’ data by @Supun Halangoda.
- Revealing the power of historical URLs with @AayushVishnoi10's journey into successful blind SQLi exploits!
🧵4 Trending Threads
- Unraveling @mcipekci's journey in exploiting SQLi with KB_SQL and thinking outside the box.
- Read @ZaricNenad_'s epic journey in discovering an account takeover through open redirects.
- Unraveling the upload puzzle: @intigriti's remarkable quest to exploit file upload vulnerabilities.
- Harnessing your hacker path: @hakluke's essential guide to kickstart your cybersecurity career.
📽️ 3 Insightful Videos
- Discover two efficient methods to root an AVD (Android Studio) in this insightful video by @intigriti: Magisk (rootAVD) and SuperSU.
- @NahamSec shares expert insights and practical tips on how to discover your first bug.
- @ctbbpodcast's episode 20 dives into bug bounty hunting's mental tolls, offering hacks to overcome them and succeed in the field.
⚒️ 2 GitHub repositories & Tools
- @z0idsec updated his tool pathbuster: Path-normalization pentesting tool with enhanced features.
- @harshbothra_'s Github repository, SecurityStories is 52 inspiring stories of global cyber security professionals, aiming to inspire and reveal lesser-known narratives in the field.
💰1 Job Alert
- Unlock Your Potential: Join Payatu's Elite Team as a Security Consultant.
AI-Powered Cyber Threat Detection and Response: SIEM and Compliance solution powered by AI, real-time correlation, and threat intelligence. Built for simplicity, reduced noise and affordability. Learn More
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Nithin R, Tuhin Bose, Shlok and Abdelrhman Allam.
Newsletter formatting by: Manan, Nithin R and Abdelrhman Allam.
Lots of love
Editorial team,
Infosec Writeups