#BugBounty #bugbountytips #vulnerability
Please open Telegram to view this post
VIEW IN TELEGRAM
β€1
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
WebLogic Server Unauthenticated RCE via GET request | CVE 2020-14882 | Brut Security
CVE 2020-14882
https://www.exploit-db.com/exploits/49479
https://www.exploit-db.com/exploits/49479
π5
Add 'app/config/config.local.neon' to the wordlist, and maybe you will get juicy data.
By: @NoRed0x
#bugbountytips #bugbountytip
By: @NoRed0x
#bugbountytips #bugbountytip
π5β€2π1
#bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
π4β€1π₯1
This media is not supported in your browser
VIEW IN TELEGRAM
Bug Bounty Roadmaps Collection
https://github.com/bittentech/Bug-Bounty-Beginner-Roadmap
https://github.com/1ndianl33t/Bug-Bounty-Roadmaps
https://github.com/Thunderwolfistesting/A-Comprehensive-Bug-Bounty-Roadmap-
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/bobby-lin/study-bug-bounty
https://github.com/ashutoshshah1/Ethical-hacking-Roadmap
https://github.com/krishanthan4/Ethical-Hacking-Roadmap
https://github.com/BLACKHAT-SSG/Bug-Bounty-RoadMap
https://github.com/imanikchopra/cybersecurity-roadmap-bug-bounty
π10π₯2β€1π1
Position for SOC leader at Director/ Associate Director level to run a SOC. Position is in Noida, CTC ~60L. Pls share any reference with priti@thecyberhire.com with a cc to talent@thecyberhire.com
π¨ New Ethical Hacking Batch Starting on 16th August! π¨
Ready to dive into the world of ethical hacking? Our next batch kicks off on 16th August at 4 PM IST. Whether you're a student aiming to sharpen your cybersecurity skills or a professional looking to enhance your expertise, this course is designed for you!
π Exclusive Offer for Students: 50% OFF (Student ID Required)
Donβt miss out on this opportunity to learn the latest in penetration testing, vulnerability assessment, and more. Secure your spot today!
π Register Now: https://wa.me/message/NQLPOBIAEFDBN1
Ready to dive into the world of ethical hacking? Our next batch kicks off on 16th August at 4 PM IST. Whether you're a student aiming to sharpen your cybersecurity skills or a professional looking to enhance your expertise, this course is designed for you!
π Exclusive Offer for Students: 50% OFF (Student ID Required)
Donβt miss out on this opportunity to learn the latest in penetration testing, vulnerability assessment, and more. Secure your spot today!
π Register Now: https://wa.me/message/NQLPOBIAEFDBN1
π1
Bug Bounty-The Unseen Struggle.pdf
349.2 KB
π»Bug Bounty Story Time π»
βDrop A Review After Reading Itβ
βDrop A Review After Reading Itβ
π₯3
Please open Telegram to view this post
VIEW IN TELEGRAM
π3
#bugbountytips #BugBounty
Please open Telegram to view this post
VIEW IN TELEGRAM
π3
If you've discovered an Insecure Direct Object Reference (IDOR) vulnerability where you can modify data belonging to others, here's a strategic approach to handle it:
1. Understand the Impact:First, assess the severity of the IDOR. If it allows you to modify critical data or perform actions with significant consequences, it's a high-impact vulnerability.
2. Avoid Temptation:Even though you could exploit the IDOR to change data, it's crucial not to do so without authorization. Unauthorized modification of data is a breach of trust and could lead to legal and ethical implications.
3. Proof of Concept (PoC):Create a PoC to demonstrate the IDOR. This could be as simple as changing a user's name or email address to something obvious, like " test@example.com ".
4. Check for XSS Vulnerability:Before escalating the IDOR, check if the application is vulnerable to Cross-Site Scripting (XSS). If user input is echoed without proper sanitization and escaping, an IDOR could be escalated to an XSS attack.
5. Escalate to XSS:If an XSS vulnerability is found, exploit it to inject a malicious script. This could allow you to steal cookies, perform actions on behalf of the user, or even take over the user's account (Account Takeover - ATO).
Here's a simple example of how you might escalate an IDOR to an XSS attack:
- IDOR: You can change another user's name to "test".
- XSS: You find that user input is echoed without proper sanitization. So, you change the user's name to a malicious script, like .
6. Report the Vulnerabilities:After creating your PoCs, report the IDOR and any XSS vulnerabilities you've found to the appropriate security team. Provide clear steps on how to reproduce the issues.
Here's how you might report it:
- IDOR: "I found that I could change another user's name to any value. Here's how to reproduce it: [steps]..."
- XSS: "I found that user input is echoed without proper sanitization, allowing for XSS attacks. Here's how to reproduce it: [steps]..."
1. Understand the Impact:
2. Avoid Temptation:
3. Proof of Concept (PoC):
4. Check for XSS Vulnerability:
5. Escalate to XSS:
Here's a simple example of how you might escalate an IDOR to an XSS attack:
- XSS: You find that user input is echoed without proper sanitization. So, you change the user's name to a malicious script, like
<script>alert('XSS Attack!')</script>6. Report the Vulnerabilities:
Here's how you might report it:
- XSS: "I found that user input is echoed without proper sanitization, allowing for XSS attacks. Here's how to reproduce it: [steps]..."
π6β€2