Please open Telegram to view this post
VIEW IN TELEGRAM
Ko-fi
Buy Brut Security a Coffee
Become a supporter of Brut Security today!
β€2π€1
Brut Security pinned Β«π€© Hey everyone, thanks for being part of this awesome community! πΈ If you enjoy my content and want to support me, you can buy me a coffee on Ko-fi: https://ko-fi.com/brutxninja βοΈ !Β»
Please open Telegram to view this post
VIEW IN TELEGRAM
Ko-fi
A Practical Guide to Starting Your Cybersecurity Career in India
Brut Security published a post on Ko-fi
β€1
actuator/env
actuator/auditevents
actuator/beans
actuator/caches
actuator/configprops
actuator/health
actuator/heapdump
actuator/info
actuator/integrationgraph
actuator/configprops
actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/hosts
#bugbountytip #bugbountytips #bugbounty
Please open Telegram to view this post
VIEW IN TELEGRAM
π3
If your input causes a server error (e.g. 500) when you inject a ' (for eg) but you don't get reliable results using boolean inferential injections, try these payloads which should trigger the 500 when the red condition is true.
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯2
Permission Model Issues: $3,000,000 methodology
https://forums.cybershieldctf.com/showthread.php?tid=87
https://forums.cybershieldctf.com/showthread.php?tid=87
New VDP Program - https://www.sonova.com/.well-known/security.txt
π₯1
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimited times.
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
#2 OTP Bypass | Response Manipulation | Bug Bounty POC | CyberTron | #bugbounty #cybersecurity
Bug Type - Improper Authentication β Generic CWE-287
## Summary:
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimitedβ¦
## Summary:
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimitedβ¦
π2β€1π1
Easy Account Take Over
1.Go to http://web.archive.org
2. Put the domain and search for urls
3. Type in the filter ( %40 ) and search
4. Get a lot of urls that have a parameter leaks the email and password of the users
By: @Sayed_v2
#BugBounty #bugbountytips
1.Go to http://web.archive.org
2. Put the domain and search for urls
3. Type in the filter ( %40 ) and search
4. Get a lot of urls that have a parameter leaks the email and password of the users
By: @Sayed_v2
#BugBounty #bugbountytips
π₯11π3
you have a big js file ? no time to analyze it all
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
π14β€1
Do you want to receive this gift with just one report and one bug?
The GC3 Vulnerability program is one of the best programs after the DOD program for reputation collection as well as gift collection
This program is similar to the large DOD and has more than 10,000 subdomains you can work on it works in two ways
The first only gives you a reputation. You can report it on the HACKERONE platform
LINK: https://vulnerability-reporting.service.security.gov.uk/
Secondly, it gives you a reputation and gifts as shown above
LINK: https://www.gov.uk/guidance/report-a-vulnerability-on-an-mod-system
#bugbounty #bugbountytips
The GC3 Vulnerability program is one of the best programs after the DOD program for reputation collection as well as gift collection
This program is similar to the large DOD and has more than 10,000 subdomains you can work on it works in two ways
The first only gives you a reputation. You can report it on the HACKERONE platform
LINK
Secondly, it gives you a reputation and gifts as shown above
LINK
#bugbounty #bugbountytips
π3
add this file to your wordlist `.gitlab-ci.yml` , enjoy
its contain a database username and password
By:@NoRed0x
#bugbounty #bugbountytips
its contain a database username and password
By:@NoRed0x
#bugbounty #bugbountytips
β€5π1
chrome_2PdqXXPfb9.png
128.7 KB
Please open Telegram to view this post
VIEW IN TELEGRAM
π3β€2
3 million dollars Methodology Santiago Lopez.pdf
469.9 KB
$3 million dollars Methodology! [Santiago Lopez]
β€4π3π1
LucasFaudman_apkscan_Scan_for_secrets,_endpoints,_and_other_sensitive.mov
3.7 MB
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯8
π¨ Depix π It is a free and open-source tool used for image steganography, specifically for extracting hidden data from images.
πDownload : https://github.com/spipm/Depix
#bugbounty #bugbountytips
πDownload : https://github.com/spipm/Depix
#bugbounty #bugbountytips
β€2π₯2
Discover more subdomains during your recon by extracting subdomains from TLS certificates. Integrate Cero into your recon automation for better results.
https://github.com/glebarez/cero
https://github.com/glebarez/cero
π₯5π2
Mastering Online Cameras Searching πΉ
Intrigued by global events? Live cameras offer a solution. Millions of Internet-connected devices worldwide provide real-time views of live events, like public gatherings and conflictsπ₯
IoT search engines, Google dorking, and niche websites: learn how to search online cameras around the world π
π Read now: https://netlas.io/blog/find_online_cameras/
β
Sign Up Now on @netlas- https://app.netlas.io/ref/9cc61538/
Intrigued by global events? Live cameras offer a solution. Millions of Internet-connected devices worldwide provide real-time views of live events, like public gatherings and conflictsπ₯
IoT search engines, Google dorking, and niche websites: learn how to search online cameras around the world π
π Read now: https://netlas.io/blog/find_online_cameras/
Please open Telegram to view this post
VIEW IN TELEGRAM
netlas.io
Mastering Online Camera Searches - Netlas Blog
A guide on how to find exposed webcams anywhere in the world. Techniques, tools, and best practices. Examples of searching for the most popular devices.
β€2π2