{"uuid": "899437f7-bd1c-48fb-bd3d-49f22fe9a9f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "https://t.me/bhhub/640", "content": "#BugBountyTips of the Day\nFew months ago i was awarded $10,000 from microsoft for finding a security vulnerability on their web application. now the bug has been patched and got the acknowledgment on their HOF :)  #bugbounty #cybersecurity #news #microsoft #ethicalhacking #bugbountytips #bounty  https://t.co/BCCG7TzP8w\n---\nRed Team Toolkit \ud83e\uddf0 - An Open-Source Django Offensive Web-App that contains useful offensive tools used in the red-teaming activity.  \u00bb  https://t.co/nl4OewP3f5  #cybersecurity #infosec #security  #cyber #informationsecurity #redteam #redteaming #bugbounty #bugbountytips  https://t.co/3ZEmmOSpyo\n---\nJust published a write-up on Account Takeover due to OAuth Misconfiguration + CSRF + XSS and Weak CSP.    https://t.co/lslyFhDmbF  #Pentesting #hacking #cybersecurity #infosec #bugbounty #bugbountytips\n---\nReally excited for this Precious gift from GoogleVRP team.   Thanks for selecting me.  #infosec #googlevrp #bugbounty  https://t.co/jVFi2IxgMG\n---\nBest of Web Penetration Testing  Credit @sec_r0   #infosec #cybersecurity #pentesting #ctf #oscp #windows #cheatsheet #redteaming #burpsuite #bugbounty #bugbountytips  https://t.co/nPepuxs3WR\n---\nBest of Web Penetration Testing   Credit @sec_r0  #infosec #cybersecurity #pentesting #ctf #oscp #windows #cheatsheet #redteaming #burpsuite #bugbounty #bugbountytips  https://t.co/jq1DnJ34gl\n---\nThere are more than 17k publicly accessible Metabase instances on shodan and few BB programs that were affected as well, the fix is super easy for  CVE-2021-41277 and the impact is CRITICAL, so I'd advise patching quickly  : )  #bugbounty  https://t.co/FPQTir4bE2\n---\nwhich wordlist you use for subdomain brute !!!  #bugbountydiscussion #bugbounty #infosec\n---\nI've pushed a nuclei template to detect this misconfiguration An unauthenticated api endpoint requiring a URL parameter, with insufficient validation that lead to LFI. ( CVE-2021-41277 ).   https://t.co/shrTv2gr85  Source :  https://t.co/ByzKbMFX8m  #bugbounty #bugbountytips 1/2  https://t.co/r72gDHNYWt\n---\nBest of Web Penetration Testing (Part 3)  Credit @hackerscrolls   #infosec #cybersecurity #pentesting #ctf #oscp #windows #cheatsheet #redteaming #burpsuite #bugbounty #bugbountytips  https://t.co/1WuKhFEXMa", "creation_timestamp": "2021-11-21T13:37:04.000000Z"}