Bug Bounty Tip
PHP Info Page Exposure.
There's a lot of sensitive information that can be obtained from an exposed PHP Info page, from configuration secrets to exposed user session cookies.
For example, when chained with XSS, this can lead to a full account takeover.
Cheers!
#Recon #XSS #InformationDisclosure
PHP Info Page Exposure.
There's a lot of sensitive information that can be obtained from an exposed PHP Info page, from configuration secrets to exposed user session cookies.
For example, when chained with XSS, this can lead to a full account takeover.
Cheers!
#Recon #XSS #InformationDisclosure
Bug Bounty Tip
When testing an app for SQL injection, don't forget to check the form keys in addition to the values
Sometimes, developers may overlook applying protection to form keys
To bypass spaces, you can use the encoded tab %09. For other symbols, simply URL encode them
#SQLinjection
When testing an app for SQL injection, don't forget to check the form keys in addition to the values
Sometimes, developers may overlook applying protection to form keys
To bypass spaces, you can use the encoded tab %09. For other symbols, simply URL encode them
#SQLinjection