{"uuid": "5a0a8650-5e04-4ccc-9291-2e91d00ed50e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22204", "type": "seen", "source": "https://t.me/bhhub/278", "content": "#BugBountyTips of the Day\nHere\u2019s a writeup of the recent ExifTool bug (CVE-2021-22204) I discovered while  working on the #bugbounty program at @gitlab!  Issue was in the DjVu module but can be embedded it most other formats.  Make sure to patch GitLab and ExifTool!   https://t.co/sWxkHPTRJS\n---\nGitLab disclosed a bug submitted by @wcbowling:  https://t.co/AT5tpl2rqG - Bounty: $20,000 #hackerone #bugbounty  https://t.co/9CGRh55hEj\n---\nNuclei Templates v8.2.7 release comes with improved templates for springboot.  Here is how you can quickly run templates to scan for springboot based security issues.  \ud835\uddfb\ud835\ude02\ud835\uddf0\ud835\uddf9\ud835\uddf2\ud835\uddf6 -\ud835\ude02 \ud835\uddf5\ud835\uddfc\ud835\ude00\ud835\ude01 -\ud835\ude01\ud835\uddee\ud835\uddf4\ud835\ude00 \ud835\ude00\ud835\uddfd\ud835\uddff\ud835\uddf6\ud835\uddfb\ud835\uddf4\ud835\uddef\ud835\uddfc\ud835\uddfc\ud835\ude01  #hackwithautomation #pentest #cybersecurity #bugbounty  https://t.co/FBXHPYn1MU\n---\nFile Upload Attacks(Part1)   https://t.co/Q7ncD8v97V  #Hackenews #bugbonty #bugbountytips #infosec #cybersecurity #bugbountytip #Linux  https://t.co/nDQMpvgfIe\n---\nI found RCE in Facebook and got $7500 bounty from Facebook #bugbounty #infosec #infosecgirl #CyberSecurity  https://t.co/3CwycDGPDl\n---\nI earned $200 for my submission on bugcrowd. My first bounty \ud83d\ude0a  @bugcrowd  #ItTakesACrowd #bugbounty #bughunting #infosec #security  https://t.co/hRHBB04EyF\n---\nLol. got my ip banned again, def need to distribute my reconftw scans with axiom and smash my nmaps using unimap .. Oh and here's a fresh #bountythursdays video for you! Good times!     https://t.co/qVqhpiYA78  #CyberSecurity #bugbounty #pentesting #offensivesecurity  https://t.co/8JYMdyI1rt\n---\nI made $0 this week on bug bounties, and $50 an hour pentesting.  #bugbountytips\n---\n#BugBounty Hunters and other #infosec friends \ud83d\ude0d Want to practice your WAF bypass skills?   Feel free to bash on our WAF all you want \ud83e\udd29\ud83e\udd73   http://139.162.232.63/WAF.php?keyword=test#\n---\nMass Assignment exploitation in the wild - Escalating privileges in style  A blog post about a Mass Assignment vulnerability which allowed me to escalate privileges from normal user to administrator with a single POST request.   https://t.co/pSbcfIZcov  #bugbountytips #bugbounty\n---\nnote to self..  Spend less time tweeting and more time hacking,  #bugbountytips\n---\nAwesome Bug Bounty One Liners - Repo:  https://t.co/NapJ5fmWeU - Credit: @TomNomNom for the example in the screenshot \u2665 - #bugbountytips #bugbounty #cybersecurity #hackerone #bugcrowd #infosec #ctf  https://t.co/ojJa257aPH", "creation_timestamp": "2021-05-15T13:37:04.000000Z"}