Bug Bounty-The Unseen Struggle.pdf
349.2 KB
๐ปBug Bounty Story Time ๐ป
โDrop A Review After Reading Itโ
โDrop A Review After Reading Itโ
๐ฅ3
Please open Telegram to view this post
VIEW IN TELEGRAM
๐3
#bugbountytips #BugBounty
Please open Telegram to view this post
VIEW IN TELEGRAM
๐3
If you've discovered an Insecure Direct Object Reference (IDOR) vulnerability where you can modify data belonging to others, here's a strategic approach to handle it:
1. Understand the Impact:First, assess the severity of the IDOR. If it allows you to modify critical data or perform actions with significant consequences, it's a high-impact vulnerability.
2. Avoid Temptation:Even though you could exploit the IDOR to change data, it's crucial not to do so without authorization. Unauthorized modification of data is a breach of trust and could lead to legal and ethical implications.
3. Proof of Concept (PoC):Create a PoC to demonstrate the IDOR. This could be as simple as changing a user's name or email address to something obvious, like " test@example.com ".
4. Check for XSS Vulnerability:Before escalating the IDOR, check if the application is vulnerable to Cross-Site Scripting (XSS). If user input is echoed without proper sanitization and escaping, an IDOR could be escalated to an XSS attack.
5. Escalate to XSS:If an XSS vulnerability is found, exploit it to inject a malicious script. This could allow you to steal cookies, perform actions on behalf of the user, or even take over the user's account (Account Takeover - ATO).
Here's a simple example of how you might escalate an IDOR to an XSS attack:
- IDOR: You can change another user's name to "test".
- XSS: You find that user input is echoed without proper sanitization. So, you change the user's name to a malicious script, like .
6. Report the Vulnerabilities:After creating your PoCs, report the IDOR and any XSS vulnerabilities you've found to the appropriate security team. Provide clear steps on how to reproduce the issues.
Here's how you might report it:
- IDOR: "I found that I could change another user's name to any value. Here's how to reproduce it: [steps]..."
- XSS: "I found that user input is echoed without proper sanitization, allowing for XSS attacks. Here's how to reproduce it: [steps]..."
1. Understand the Impact:
2. Avoid Temptation:
3. Proof of Concept (PoC):
4. Check for XSS Vulnerability:
5. Escalate to XSS:
Here's a simple example of how you might escalate an IDOR to an XSS attack:
- XSS: You find that user input is echoed without proper sanitization. So, you change the user's name to a malicious script, like
<script>alert('XSS Attack!')</script>6. Report the Vulnerabilities:
Here's how you might report it:
- XSS: "I found that user input is echoed without proper sanitization, allowing for XSS attacks. Here's how to reproduce it: [steps]..."
๐6โค2
Please open Telegram to view this post
VIEW IN TELEGRAM
โคโ๐ฅ15๐ฅ5๐ฏ2๐1๐1
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
โค4๐3๐ฅ1๐ซก1
DiosProStarFordNG.txt
4.4 KB
Please open Telegram to view this post
VIEW IN TELEGRAM
๐3
`site:linktr.ee + keyword`
Please open Telegram to view this post
VIEW IN TELEGRAM
๐5โค2๐2๐ฅ2
Please open Telegram to view this post
VIEW IN TELEGRAM
๐คฃ30๐1
My Fav Music While Hunting For Bugs๐ฅฐ๐ฅฐ๐ฅฐ
https://www.youtube.com/watch?v=UdA88SmDXb4
https://www.youtube.com/watch?v=UdA88SmDXb4
YouTube
๐ฎLa Maritza but itโs my favorite part | Sylvie Vartan | 1Hour | Slowed + Reverb
๐๐ ๐นโ๐๐ ๐ป๐๐๐๐๐ ๐โ ๐๐พ๐๐ ๐ถ๐๐น ๐๐๐ท๐๐ธ๐๐พ๐ท๐ ๐๐
๐ป๐ฎ๐๐โก๐ ๐๐ ๐ฉ๐ ๐พ๐๐๐๐ถ๐๐๐ถ๐ -
https://instagram.com/unxstapable/
You can Support me if you want :) - https://www.patreon.com/unxstapable
๐ป๐ฎ๐๐โก๐ ๐๐ ๐ฉ๐ ๐พ๐๐๐๐ถ๐๐๐ถ๐ -
https://instagram.com/unxstapable/
You can Support me if you want :) - https://www.patreon.com/unxstapable
CVE-2024-22116: RCE in Zabbix, 9.9 rating ๐ฅ
Lack of escaping for script parameters allows an attacker to execute arbitrary code.
Search at Netlas.io:
๐ Link: https://nt.ls/KoYW4
๐ Dork: http.favicon.hash_sha256:22b06a141c425c92951056805f46691c4cd8e7547ed90b8836a282950d4b4be2
Vendor's advisory: https://support.zabbix.com/browse/ZBX-25016
Lack of escaping for script parameters allows an attacker to execute arbitrary code.
Search at Netlas.io:
๐ Link: https://nt.ls/KoYW4
๐ Dork: http.favicon.hash_sha256:22b06a141c425c92951056805f46691c4cd8e7547ed90b8836a282950d4b4be2
Vendor's advisory: https://support.zabbix.com/browse/ZBX-25016
๐ฅ2
Please open Telegram to view this post
VIEW IN TELEGRAM
โค7๐1
Brut Security
Don't Spam or else will be banned, do respect everyone. Read the criteria, if matched then share you CV or else don't.
๐1
# Google Dorks Cli
# https://github.com/six2dez/degoogle_hunter
degoogle_hunter.sh company.com
# Google dorks helper
https://dorks.faisalahmed.me/
# Code share sites
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://jsfiddle.net "company"
# GitLab/GitHub/Bitbucket
site:github.com | site:gitlab.com | site:bitbucket.org "company"
# Stackoverflow
site:stackoverflow.com "target.com"
# Project management sites
site:http://trello.com | site:*.atlassian.net "company"
# Pastebin-like sites
site:http://justpaste.it | site:http://pastebin.com "company"
# Config files
site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:env | ext:ini
# Database files
site:target.com ext:sql | ext:dbf | ext:mdb
# Backup files
site:target.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
# .git folder
inurl:"/.git" target.com -github
# Exposed documents
site:target.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
# Other files
site:target.com intitle:index.of | ext:log | ext:php intitle:phpinfo "published by the PHP Group" | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor | inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config | inurl:"/phpinfo.php" | inurl:".htaccess" | ext:swf
# SQL errors
site:target.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
# PHP errors
site:target.com "PHP Parse error" | "PHP Warning" | "PHP Error"
# Login pages
site:target.com inurl:signup | inurl:register | intitle:Signup
# Open redirects
site:target.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
# Apache Struts RCE
site:target.com ext:action | ext:struts | ext:do
# Search in pastebin
site:pastebin.com target.com
# Linkedin employees
site:linkedin.com employees target.com
# Wordpress files
site:target.com inurl:wp-content | inurl:wp-includes
# Subdomains
site:*.target.com
# Sub-subdomains
site:*.*.target.com
#Find S3 Buckets
site:.s3.amazonaws.com | site:http://storage.googleapis.com | site:http://amazonaws.com "target"
# Traefik
intitle:traefik inurl:8080/dashboard "target"
# Jenkins
intitle:"Dashboard [Jenkins]"
# https://github.com/six2dez/degoogle_hunter
degoogle_hunter.sh company.com
# Google dorks helper
https://dorks.faisalahmed.me/
# Code share sites
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://jsfiddle.net "company"
# GitLab/GitHub/Bitbucket
site:github.com | site:gitlab.com | site:bitbucket.org "company"
# Stackoverflow
site:stackoverflow.com "target.com"
# Project management sites
site:http://trello.com | site:*.atlassian.net "company"
# Pastebin-like sites
site:http://justpaste.it | site:http://pastebin.com "company"
# Config files
site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:env | ext:ini
# Database files
site:target.com ext:sql | ext:dbf | ext:mdb
# Backup files
site:target.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
# .git folder
inurl:"/.git" target.com -github
# Exposed documents
site:target.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
# Other files
site:target.com intitle:index.of | ext:log | ext:php intitle:phpinfo "published by the PHP Group" | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor | inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config | inurl:"/phpinfo.php" | inurl:".htaccess" | ext:swf
# SQL errors
site:target.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
# PHP errors
site:target.com "PHP Parse error" | "PHP Warning" | "PHP Error"
# Login pages
site:target.com inurl:signup | inurl:register | intitle:Signup
# Open redirects
site:target.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
# Apache Struts RCE
site:target.com ext:action | ext:struts | ext:do
# Search in pastebin
site:pastebin.com target.com
# Linkedin employees
site:linkedin.com employees target.com
# Wordpress files
site:target.com inurl:wp-content | inurl:wp-includes
# Subdomains
site:*.target.com
# Sub-subdomains
site:*.*.target.com
#Find S3 Buckets
site:.s3.amazonaws.com | site:http://storage.googleapis.com | site:http://amazonaws.com "target"
# Traefik
intitle:traefik inurl:8080/dashboard "target"
# Jenkins
intitle:"Dashboard [Jenkins]"
GitHub
GitHub - six2dez/degoogle_hunter: Simple fork from degoogle original project with bug hunting purposes
Simple fork from degoogle original project with bug hunting purposes - six2dez/degoogle_hunter
๐9โค1
".mlab.com password""access_key"
"access_token""amazonaws"
"api.googlemaps AIza""api_key"
"api_secret""apidocs"
"apikey""apiSecret"
"app_key""app_secret"
"appkey""appkeysecret"
"application_key""appsecret"
"appspot""auth"
"auth_token""authorizationToken"
"aws_access""aws_access_key_id"
"aws_key""aws_secret"
"aws_token""AWSSecretKey"
"bashrc password""bucket_password"
"client_secret""cloudfront"
"codecov_token""config"
"conn.login""connectionstring"
"consumer_key""credentials"
"database_password""db_password"
"db_username""dbpasswd"
"dbpassword""dbuser"
"dot-files"
"dotfiles""encryption_key"
"fabricApiSecret""fb_secret"
"firebase""ftp"
"gh_token""github_key"
"github_token""gitlab"
"gmail_password""gmail_username"
"herokuapp""internal"
"irc_pass""JEKYLL_GITHUB_TOKEN"
"key""keyPassword"
"ldap_password""ldap_username"
"login""mailchimp"
"mailgun""master_key"
"mydotfiles""mysql"
"node_env""npmrc _auth"
"oauth_token""pass"
"passwd""password"
"passwords""pem private"
"preprod""private_key"
"prod""pwd"
"pwds"
"rds.amazonaws.com password""redis_password"
"root_password""secret"
"secret.password""secret_access_key"
"secret_key""secret_token"
"secrets""secure"
"security_credentials""send.keys"
"send_keys"
"sendkeys""SF_USERNAME salesforce"
"sf_username""site.com" FIREBASE_API_JSON=
"site.com" vim_settings.xml"slack_api"
"slack_token""sql_password"
"ssh""ssh2_auth_password"
"sshpass""staging"
"stg""storePassword"
"stripe""swagger"
"testuser""token"
"x-api-key""xoxb "
"xoxp"[WFClient] Password= extension:ica
access_keybucket_password
dbpassworddbuser
extension:avastlic "support.avast.com"extension:bat
extension:cfgextension:env
extension:exsextension:ini
extension:json api.forecast.ioextension:json googleusercontent client_secret
extension:json mongolab.comextension:pem
extension:pem privateextension:ppk
extension:ppk privateextension:properties
extension:shextension:sls
extension:sqlextension:sql mysql dump
extension:sql mysql dump passwordextension:yaml mongolab.com
extension:zshfilename:.bash_history
filename:.bash_history DOMAIN-NAMEfilename:.bash_profile aws
filename:.bashrc mailchimpfilename:.bashrc password
filename:.cshrcfilename:.dockercfg auth
filename:.env DB_USERNAME NOT homesteadfilename:.env MAIL_HOST=smtp.gmail.com
filename:.esmtprc passwordfilename:.ftpconfig
filename:.git-credentialsfilename:.history
filename:.htpasswdfilename:.netrc password
filename:.npmrc _authfilename:.pgpass
filename:.remote-sync.jsonfilename:.s3cfg
filename:.sh_historyfilename:.tugboat NOT _tugboat
filename:_netrc passwordfilename:apikey
filename:bashfilename:bash_history
filename:bash_profilefilename:bashrc
filename:beanstalkd.ymlfilename:CCCam.cfg
filename:composer.jsonfilename:config
filename:config irc_passfilename:config.json auths
filename:config.php dbpasswdfilename:configuration.php JConfig password
filename:connectionsfilename:connections.xml
filename:constantsfilename:credentials
filename:credentials aws_access_key_idfilename:cshrc
filename:databasefilename:dbeaver-data-sources.xml
filename:deployment-config.jsonfilename:dhcpd.conf
filename:dockercfgfilename:environment
filename:express.conffilename:express.conf path:.openshift
filename:filezilla.xmlfilename:filezilla.xml Pass
filename:git-credentialsfilename:gitconfig
filename:globalfilename:history
filename:htpasswdfilename:hub oauth_token
filename:id_dsafilename:id_rsa
filename:id_rsa or filename:id_dsafilename:idea14.key
filename:known_hostsfilename:logins.json
filename:makefilefilename:master.key path:config
filename:netrcfilename:npmrc
filename:passfilename:passwd path:etc
filename:pgpassfilename:prod.exs
filename:prod.exs NOT prod.secret.exsfilename:prod.secret.exs
filename:proftpdpasswdfilename:recentservers.xml
filename:recentservers.xml Passfilename:robomongo.json
filename:s3cfgfilename:secrets.yml password
filename:server.cfgfilename:server.cfg rcon password
filename:settingsfilename:settings.py SECRET_KEY
filename:sftp-config.jsonfilename:sftp-config.json password
filename:sftp.json path:.vscodefilename:shadow
filename:shadow
Please open Telegram to view this post
VIEW IN TELEGRAM
๐4โค2