Could someone help me with the following disclosure in terms of how critical such leakage would be? I want to get into bug bountys and am curious if such leakage is worth a bounty.
So lets say you have an app, i downloaded the apk files and found the api key id aswell as the key secret. I read through some stuff already but am still a beginner if and how this would be exploitable and how critical this would be. Could someone explain if this is a valid vulnerability and if it makes sense to report such findings? An explanation or source where i can get more detailed information you can recommend is also greatly appreciated. submitted by /u/LegEnvironmental8863
[link] [comments]
http://dlvr.it/TBqTk6
Full width home advertisement
Blog Archive
-
▼
2024
(445)
-
▼
August
(50)
- Best MDR/XDR for EC2?
- HTML Injection in email via fname field
- Favorite report generation software?
- How I was able to give verification badge to any Y...
- Cryptographic Key Management
- Defensive Strategies and Best Practices to Protect...
- When are compliance automation tools worth it?
- Find Bugs From Google Dorks
- Web Cache Poisoning: Understanding the Threat and ...
- Best Practices for Log Collection from Managed End...
- How I Found Vulnerabilities in NASA and Got into t...
- Malicious Links, AI-Enabled Tools, and Attacks on ...
- Software Evaluation Prior to Installation
- Race Condition on Likes of Product Leads to Produc...
- cyberseReal-World Applications and Case Studies: C...
- Seeking Advice: What should I do next to be a pent...
- Advanced Techniques for Mitigating Web Cache Poiso...
- What does an IT security engineer do at your company?
- Title: Mastering CSRF Exploits with Port Swigger A...
- Sub-finder tool methodology
- AppSec Security Tool List
- 24.10 Lab: Web cache poisoning to exploit a DOM vu...
- General question about XDR/EDR, IPS, IDS, and HIDS
- Protecting against multi-step SQL injections: A sh...
- Capital.com launches bug bounty programme with Int...
- Cyber Security Self Employment Tipps
- Compliance Tools
- My first bounty report was a duplicate
- Student raised security concerns in Mobile Guardia...
- How Much Did I Make in My First Year of Bug Bounty...
- Leakage of api keys
- Hacking the System: How I Beat Subscription Restri...
- What kinda of projects (if any) can I partake to a...
- The Evolution of Deserialization Attacks: Understa...
- Machine Learning and Cybersecurity
- What After Recon ? Part 01 Bug Bounty Methodology
- What Are the Most Effective Strategies for Managin...
- Leaked Credentials Cybersecurity Tools - Trend Hunter
- O manual do Hacker Moderno
- Easiest P3/P4 security misconfiguration to make $$...
- Best Interview questions for hiring a Security exp...
- Advanced Defense Mechanisms and Continuous Monitor...
- What is an API really? Need deeper explanation.
- Zero-Click account Take-over
- Free data breach detection (the dark web)
- Hacking OWASP Juice Shop: Part4 — Exploiting Payme...
- how I found a critical bug using response manipula...
- Seeking Advice on Microservices Security: Investig...
- Integer Overflow
- any recommendation for pentesting tools?
-
▼
August
(50)
Advertisement
LIVE CYBERTHREAT
Latest Trends
Contact Form
amcat question search
search Pentest tools
Total Pageviews
Search Blog
Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib
No comments:
Post a Comment