you have a big js file ? no time to analyze it all
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
π14β€1
Do you want to receive this gift with just one report and one bug?
The GC3 Vulnerability program is one of the best programs after the DOD program for reputation collection as well as gift collection
This program is similar to the large DOD and has more than 10,000 subdomains you can work on it works in two ways
The first only gives you a reputation. You can report it on the HACKERONE platform
LINK: https://vulnerability-reporting.service.security.gov.uk/
Secondly, it gives you a reputation and gifts as shown above
LINK: https://www.gov.uk/guidance/report-a-vulnerability-on-an-mod-system
#bugbounty #bugbountytips
The GC3 Vulnerability program is one of the best programs after the DOD program for reputation collection as well as gift collection
This program is similar to the large DOD and has more than 10,000 subdomains you can work on it works in two ways
The first only gives you a reputation. You can report it on the HACKERONE platform
LINK
Secondly, it gives you a reputation and gifts as shown above
LINK
#bugbounty #bugbountytips
π3
add this file to your wordlist `.gitlab-ci.yml` , enjoy
its contain a database username and password
By:@NoRed0x
#bugbounty #bugbountytips
its contain a database username and password
By:@NoRed0x
#bugbounty #bugbountytips
β€5π1
chrome_2PdqXXPfb9.png
128.7 KB
Please open Telegram to view this post
VIEW IN TELEGRAM
π3β€2
3 million dollars Methodology Santiago Lopez.pdf
469.9 KB
$3 million dollars Methodology! [Santiago Lopez]
β€4π3π1
LucasFaudman_apkscan_Scan_for_secrets,_endpoints,_and_other_sensitive.mov
3.7 MB
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯8
π¨ Depix π It is a free and open-source tool used for image steganography, specifically for extracting hidden data from images.
πDownload : https://github.com/spipm/Depix
#bugbounty #bugbountytips
πDownload : https://github.com/spipm/Depix
#bugbounty #bugbountytips
β€2π₯2
Discover more subdomains during your recon by extracting subdomains from TLS certificates. Integrate Cero into your recon automation for better results.
https://github.com/glebarez/cero
https://github.com/glebarez/cero
π₯5π2
Mastering Online Cameras Searching πΉ
Intrigued by global events? Live cameras offer a solution. Millions of Internet-connected devices worldwide provide real-time views of live events, like public gatherings and conflictsπ₯
IoT search engines, Google dorking, and niche websites: learn how to search online cameras around the world π
π Read now: https://netlas.io/blog/find_online_cameras/
β
Sign Up Now on @netlas- https://app.netlas.io/ref/9cc61538/
Intrigued by global events? Live cameras offer a solution. Millions of Internet-connected devices worldwide provide real-time views of live events, like public gatherings and conflictsπ₯
IoT search engines, Google dorking, and niche websites: learn how to search online cameras around the world π
π Read now: https://netlas.io/blog/find_online_cameras/
Please open Telegram to view this post
VIEW IN TELEGRAM
netlas.io
Mastering Online Camera Searches - Netlas Blog
A guide on how to find exposed webcams anywhere in the world. Techniques, tools, and best practices. Examples of searching for the most popular devices.
β€2π2
πCRLFsuite - CRLF injection scanner π
π The most powerful CRLF injection (HTTP Response Splitting) scanner.
π Download : https://github.com/Raghavd3v/CRLFsuite
π The most powerful CRLF injection (HTTP Response Splitting) scanner.
π Download : https://github.com/Raghavd3v/CRLFsuite
GitHub
GitHub - Raghavd3v/CRLFsuite: The most powerful CRLF injection (HTTP Response Splitting) scanner.
The most powerful CRLF injection (HTTP Response Splitting) scanner. - Raghavd3v/CRLFsuite
π₯6
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π14β€7
#BugBounty #bugbountytips #vulnerability
Please open Telegram to view this post
VIEW IN TELEGRAM
β€1
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
WebLogic Server Unauthenticated RCE via GET request | CVE 2020-14882 | Brut Security
CVE 2020-14882
https://www.exploit-db.com/exploits/49479
https://www.exploit-db.com/exploits/49479
π5
Add 'app/config/config.local.neon' to the wordlist, and maybe you will get juicy data.
By: @NoRed0x
#bugbountytips #bugbountytip
By: @NoRed0x
#bugbountytips #bugbountytip
π5β€2π1