All About hunting on the main application
by: @tabaahi_
#bugbountytips #infosecurity #cybersecurity #bughunting
by: @tabaahi_
#bugbountytips #infosecurity #cybersecurity #bughunting
👍6❤3👏1🤯1
Types of SQL Injection :
1. In-band SQLi
2. Error-based SQLi
3. Union-band SQLi
4. Inferential SQLi
5. Boolean-based SQLi
6. Time-based SQLi
7. Out-of-band SQLi
#bugbountytips #cybersecuritytips #infosecurity
1. In-band SQLi
2. Error-based SQLi
3. Union-band SQLi
4. Inferential SQLi
5. Boolean-based SQLi
6. Time-based SQLi
7. Out-of-band SQLi
#bugbountytips #cybersecuritytips #infosecurity
👏10👍2😱1
🖥️ 13 resources to learn ethical hacking:
1. PortSwigger Web Academy
2. Pentester Land Writeups
3. Vuln Machines
4. TryHackMe
5. OverTheWire
6. Cybrary
7. Root Me
8. Try2Hack
9. CyberSecLabs
10. Pentester labs
11. Pico CTF
12. Hack The Box
13. Vuln Hub
#bugbountytips #bugbounty
1. PortSwigger Web Academy
2. Pentester Land Writeups
3. Vuln Machines
4. TryHackMe
5. OverTheWire
6. Cybrary
7. Root Me
8. Try2Hack
9. CyberSecLabs
10. Pentester labs
11. Pico CTF
12. Hack The Box
13. Vuln Hub
#bugbountytips #bugbounty
❤🔥11👍2🔥2👏2
XML EXTERNAL ENTITY (XXE) Vulnerability 🌵
by @cyph3r_asr
In More Detail :
smoggy-mozzarella-076.notion.site/XXE-9d5d3f12a5…
#bugbounty #infosec
by @cyph3r_asr
In More Detail :
smoggy-mozzarella-076.notion.site/XXE-9d5d3f12a5…
#bugbounty #infosec
👍2😢2🍾2
Bug Bounty
XML EXTERNAL ENTITY (XXE) Vulnerability 🌵 by @cyph3r_asr In More Detail : smoggy-mozzarella-076.notion.site/XXE-9d5d3f12a5… #bugbounty #infosec
These are the notion Notes. It will help you a lot to clear your basic as well as advance
👍2😁2
I finally got ffuf to output to a text file in a decent way for automation:
ffuf -w /tmp/wordlists.txt -u URL/FUZZ -r -ac -v &>> /tmp/output.txt ; sed -i 's/\:\: Progress.*Errors.*\:\://g' /tmp/output.txt ; sed -i 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' /tmp/output.txt
#bugbounty #infosec #SecurityEveryday #Pentesting
ffuf -w /tmp/wordlists.txt -u URL/FUZZ -r -ac -v &>> /tmp/output.txt ; sed -i 's/\:\: Progress.*Errors.*\:\://g' /tmp/output.txt ; sed -i 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' /tmp/output.txt
#bugbounty #infosec #SecurityEveryday #Pentesting
👍5👏4👌3
A simple bypass for XXE
To avoid XXE Injections, some web applications have custom filters that will block requests which contain "application/xml" Content-Type, to bypass these filters, we can set the Content-Type to wildcard "*/*"
#bugbounty #Infosec #securitytips
To avoid XXE Injections, some web applications have custom filters that will block requests which contain "application/xml" Content-Type, to bypass these filters, we can set the Content-Type to wildcard "*/*"
#bugbounty #Infosec #securitytips
👨💻5❤1
Should I add a discussion box below some Post which is discussable ?
Anonymous Poll
96%
Yes, I want to discuss
4%
No, i don't need to discuss anything
Bug List (Most Commonly Found) 🔥🌵
More Clarity : https://pbs.twimg.com/media/FhVuIKHVsAEKnpD?format=png&name=medium
#bugbounty #Infosec
More Clarity : https://pbs.twimg.com/media/FhVuIKHVsAEKnpD?format=png&name=medium
#bugbounty #Infosec
👏4🔥3🕊1
Bugbounty Tips
Use round brackets to inject XSS / SQLi / RCE payloads in a valid e-mail address.
❌ yourname${}<>'/"*-@domain.com
✅ yourname(${}<>'/"*-)@domain.com
✅ yourname@(${}<>'/"*-)domain.com
#bugbounty #infosec #cybersecurity
Use round brackets to inject XSS / SQLi / RCE payloads in a valid e-mail address.
❌ yourname${}<>'/"*-@domain.com
✅ yourname(${}<>'/"*-)@domain.com
✅ yourname@(${}<>'/"*-)domain.com
#bugbounty #infosec #cybersecurity
⚡7👍3😍1
Those who wants to purchase Tryhackme voucher.
please go fast
Because I personly request to the seller for discount, for you guys
This offer valid for today { according to IST }
please go fast
Because I personly request to the seller for discount, for you guys
This offer valid for today { according to IST }
👍3🤬2