{"uuid": "8aaa96a2-5425-4895-8f59-514efed12426", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26415", "type": "seen", "source": "https://t.me/bhhub/251", "content": "#BugBountyTips of the Day\nHere's a promised write-up of Windows Privilege Elevation bug that I've discovered / CVE-2021-26415  https://t.co/1uQoF9wAip  #security #EOP #LPE #bugbounty  https://t.co/VJzEcXw4tu\n---\nThe best Bug Bounty study is to approach programs even without finding any bugs.  this way your mind study scenarios and methods who are probably not vulnerable, doing so you constantly improve your workflow and become more efficient.  Get those \"flight hours\" in.  #bugbountytips\n---\n1. Testing an instance accessable to only employees through Login 2. Analysed source code and found a js file: /scripts/app-847d3aae5c.js 3. Used \"LinkFinder tool\" to check for endpoints 4. Found two endpoints disclosing admin and store details  without authentication. #bugbounty\n---\n\ud83d\udea8 #SecurityZine - Day 9/30 \ud83d\udea8  You might know what XSS is, but still a short zine read will be fun.  Read full coming soon @  https://t.co/yW06DGkCyU  Till then enjoy video from @theXSSrat :  https://t.co/e9oRlD7QLn  #xss #infosec #appsec #security #bugbounty #bugbountytips  https://t.co/tdtYLccIRj\n---\nI shared some basic recon idea with @KathanP19 that I used on @Hacker0x01 VDP programs to find sensitive information disclosure bugs. Attached screenshot as reference of my words   https://t.co/mUM0LA2mtE #bugbountytips  https://t.co/X8TXl7xuwl", "creation_timestamp": "2021-04-22T13:37:04.000000Z"}