Cookie Based Authentication Vulnerabilities🔥

Link : github.com/imran-parray/M…

#bugbounty #infosec

These are the notion Notes. It will help you a lot to clear your basic as well as advance

I finally got ffuf to output to a text file in a decent way for automation:

ffuf -w /tmp/wordlists.txt -u URL/FUZZ -r -ac -v &>> /tmp/output.txt ; sed -i 's/\:\: Progress.*Errors.*\:\://g' /tmp/output.txt ; sed -i 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' /tmp/output.txt

#bugbounty #infosec #SecurityEveryday #Pentesting

A simple bypass for XXE

To avoid XXE Injections, some web applications have custom filters that will block requests which contain "application/xml" Content-Type, to bypass these filters, we can set the Content-Type to wildcard "*/*"

#bugbounty #Infosec #securitytips

QnA : will help Beginners a lot

https://www.youtube.com/watch?v=DgsvUvt18mA

Bug List (Most Commonly Found) 🔥🌵

More Clarity : https://pbs.twimg.com/media/FhVuIKHVsAEKnpD?format=png&name=medium

#bugbounty #Infosec

Bugbounty Tips

Use round brackets to inject XSS / SQLi / RCE payloads in a valid e-mail address.

❌ yourname${}<>'/"*-@domain.com
✅ yourname(${}<>'/"*-)@domain.com
✅ yourname@(${}<>'/"*-)domain.com

#bugbounty #infosec #cybersecurity

Those who wants to purchase Tryhackme voucher.

please go fast

Because I personly request to the seller for discount, for you guys

This offer valid for today { according to IST }