Skip to content

Instantly share code, notes, and snippets.

@fordrink
fordrink / zendesk_endpoints.txt
Created July 29, 2023 01:28 — forked from win3zz/zendesk_endpoints.txt
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
POST /api/v2/accounts
GET /api/v2/activities?since=cstest
GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest
GET /api/v2/automations
POST /api/v2/automations
GET /api/v2/bookmarks
POST /api/v2/bookmarks
GET /api/v2/brands
POST /api/v2/brands
GET /api/v2/custom_objects
@fordrink
fordrink / sample.md
Created October 26, 2022 19:12 — forked from DanielVF/sample.md
Sample Vulnerability Report

Impact

CRITICAL! Almost all USDC liquidity on the REKT/USDC uniswap pool can be stolen, due to an authorization issue with burnFrom() on the REKT token.

Background

Uniswap v2 pools get the prices for their swaps by comparing the relative amounts of each of the two tokens that they hold. If the pool holds very little of token A, and a lot of token B, then it only takes a little of token A to buy a lot of token B.

Currently REKT and USDC are fairly priced in the pool. If there were to suddenly be very little REKT in the pool, but the same amount of USDC, then very little REKT would be able to buy a lot of USDC.