Impact
@lmpact_l
Followers
566
Following
41
Media
4
Statuses
43
Application Security Engineer | Bug Bounty Hunter π₯
Joined July 2021
π± New article by our researcher Andrey Pesnyak: "Android Jetpack Navigation: Deep Links Handling Exploitation" Read about a flaw that allows an attacker to launch any fragments in a navigation graph associated with an exported activity. https://t.co/Va0s25r44f
swarm.ptsecurity.com
The androidx.fragment.app.Fragment class available in Android allows creating parts of application UI (so-called fragments). Each fragment has its own layout, lifecycle, and event handlers. Fragments...
2
17
49
#bugbounty #bugbountytips #cybersecurity Added checklists and uploaded methodologies into the model. Now GPT helps to find vulnerabilities, instead of arguing with you about ethics!
1
0
11
Hi everyone! I've been completely rewriting x8 for the past several months. In this thread, I am going to highlight the main changes. For new people, x8 is an efficient tool for searching for hidden parameters. You can find it in the tweet below. #bugbountytips #bugbounty
x8 v4.0.0 released! π A lot of things were reworked. I will explain some of them in my next tweet. https://t.co/dRYFXWNYhc
1
5
37
πNew research by @lmpact_l: "Fork Bomb for Flutter" There are more and more Flutter applications, and security analysis of these apps is in high demand. Our member Phil shares his knowledge and presents his reFlutter tool. Read the article:
swarm.ptsecurity.com
Flutter applications can be found in security analysis projects or bugbounty programs. Most often, such assets are simply overlooked due to the lack of methodologies and ways to reverse engineer...
6
27
76
π New version of reFlutter is available to download! Now reFlutter not only allows you to monitor traffic, but also shows absolute offsets of the functions in the target Android or iOS application. Root is not required. https://t.co/a4ydxXEhCI
4
45
101
One vulnerability in the Oracle library is reproduced in several bug bounty programs #bugbounty #bugbountytip
0
2
8
Possible to steal any protected files 750$ #bugbounty #bugbountytips Jadx + Check file upload function -> find bypass alternative path / use symlink https://t.co/PSo6n0i03z
https://t.co/1WMdI6VQMD
hackerone.com
Hi. I have found an issue which allows to retrieve any files from `/data/data/com.owncloud.android/*` directory. The problem is in exported activity...
2
2
11
π² We are pleased to present the utility developed by our researcher @lmpact_l for Flutter apps traffic monitoring. Just make app trust installed certificates by repacking it with reFlutter and hunt bugs using Burp Suite. No root, no VPN, no more hassle! https://t.co/YlWTfPCRlq
6
84
235
π₯ We have reproduced the fresh CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49. If files outside of the document root are not protected by "require all denied" these requests can succeed. Patch ASAP! https://t.co/6JrbayDbqG
15
366
727
x8-Burp v0.1.2 released π #bugbounty #bugbountytips #cybersecurity Hidden parameters discovery suite wrapper You can check it on https://t.co/yhUMtNyhAl
1
3
8
I played with rust's tcpStream and decided to create something with it. Request smuggling looked like a good vulnerability for this idea because it is impossible to automate with regular http libraries. https://t.co/Qwpq7aqUfa
#bugbounty #bugbountytips
0
6
19
x8-Burp v0.1.0 released. #bugbounty #bugbountytips Hidden parameters discovery suite wrapper You can check it on https://t.co/yhUMtNyhAl
0
7
15
[QIWI Wallet] Access to protected app components https://t.co/rkVyAdRKZy
#bugbountytips #bugbounty
#bugbountywriteup
0
1
6