Welcome to nav1n.com
Nothing much to see here yet!, please come back again.
Connect me on twitter: @admin
AppSec | DBA | SysADMIN | Linux | Unix | MainFrame | Core-Banking and Manufacturing #BugBounty #HackerOne #BugCrowd #Intigrity
Retrieving etc/passwd or etc/hosts using LFI is critical severity or high severity? Anyone help me to chose please? #BugBounty (Image added for attention garbing purpose only) 🙂
Another P1. None ➡️ P1. I almost gaveup explaining the possible bug, thankfully at the end, the triager convenced and escalate the priority to P1 #BugBounty #RCE #SOLR
CVE-2020-11110 (Grafana 6.7.x stored XSS) in a biggest drinks maker's monitoring system. Funny that they still run tens of vulnerable apps. So, closing the day with a Critical finding. #BugBounty #Grafana #XSS2
Never expected to receive these two bounties +points knowing companies treat HTML injection and Open -redirection as low severity. I normally don't report open redirection or HTML injection unless there's a possible XSS, but these two reports proved me wrong!!! #BugBounty
If you found SSRF on target that's hosted at Digitalocean, try to pull http://169.254.169.254/metadata/v1/user-data. If the target was inside the k8s cluster, you might get a lot of sensitive information, including the k8s certs.