Mobile

#bugbounty Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields. Payout: $4,500! 😎👍 pic.twitter.com/JvP4jN8Zha— xer0dayz (@xer0dayz) June 24, 2018
- #bugbounty Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields. Payout: $4,500!
- #BugBountyTip this helped me alot: In case a program has an Android/IOS app, extract endpoints and add those to your wordlists before running directory bruteforce on the subdomains list. You'll be surprised to see the results
Last modified 2yr ago