🔰 Best Way to Find Clint-Side Bugs
➡️ Contains : CSRF Injection, Vuln Cookie For self XSS, Bypass WAF with double encoding, Stealing Anti-CSRF token, Step by Step of how Exploit WOrks and Much More
➡️ Link : https://bugbountyguide.org/2022/12/10/best-way-to-find-clint-side-bugs/
#hacking #bugbounty #Infosec #server
➡️ Contains : CSRF Injection, Vuln Cookie For self XSS, Bypass WAF with double encoding, Stealing Anti-CSRF token, Step by Step of how Exploit WOrks and Much More
➡️ Link : https://bugbountyguide.org/2022/12/10/best-way-to-find-clint-side-bugs/
#hacking #bugbounty #Infosec #server
👍8🔥3
🔰 The OWASP WTG4.2 Mindmap
#bugbounty #infosec
Credit : Abdelrhman Allam
➡️ Mindmap Link : https://xmind.app/m/XM7KaG/
Do Check This Out :👆
#bugbounty #infosec
Credit : Abdelrhman Allam
➡️ Mindmap Link : https://xmind.app/m/XM7KaG/
Do Check This Out :👆
🔥11👍5👌2
🔰 { One-Liner } - Extract all URL from Source Code
➡️ curl "https://example .com/" | grep -oP '(https*://|www\.)[^ ]*'
#bugbounty #Infosec
➡️ curl "https://example .com/" | grep -oP '(https*://|www\.)[^ ]*'
#bugbounty #Infosec
👍27👏2
🔰 { One-Liner } - Extract End-Points From Js File
by @renniepak
➡️ cat main.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | sort -u
#bugbounty #infosec
by @renniepak
➡️ cat main.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | sort -u
#bugbounty #infosec
🔥19👍4🫡4
🔰 Local File Inclusion (LFI) Attack
➖ An LFI attack may lead to inform. disclosure, RCE, or even XSS).
Take a look Below : 👆
#bugbounty #infosec #cybersecurity #hacking
➖ An LFI attack may lead to inform. disclosure, RCE, or even XSS).
Take a look Below : 👆
#bugbounty #infosec #cybersecurity #hacking
👍14🔥5
🔰 Offensive Security Approved OSCP Notes
🔗 https://oscpnotes.infosecsanyam.in/
#bugbounty #infosec #oscp #cybersecurity
🔗 https://oscpnotes.infosecsanyam.in/
#bugbounty #infosec #oscp #cybersecurity
❤16👍4✍1🤩1
🔰 Linux Challenge Part – 1 { Tryhackme Room }
➖https://bugbountyguide.org/2022/12/12/linux-challenge-part-1-tryhackme-room/
#bugbounty #infosec #cybersecurity #hacking
➖https://bugbountyguide.org/2022/12/12/linux-challenge-part-1-tryhackme-room/
#bugbounty #infosec #cybersecurity #hacking
👍7
✨ 50+ Cross-site scripting (XSS) Vulnerabilities Bugcrowd Public Program
➖ https://bugbountyguide.org/2022/12/12/50-cross-site-scripting-xss-vulnerabilities-bugcrowd-public-programs/
Take A Look : 👆
➖ https://bugbountyguide.org/2022/12/12/50-cross-site-scripting-xss-vulnerabilities-bugcrowd-public-programs/
Take A Look : 👆
🔥21😱3👍1🤯1
✨ Grab this apportunity Guys
Free Registration For Cyber Security Certification
https://secops.group/cyber-security-certifications/
Coupon code: 100-OFF
Free Registration For Cyber Security Certification
https://secops.group/cyber-security-certifications/
Coupon code: 100-OFF
❤24😱13👍10🔥4🤬2
If you want to master SSRF, open this thread!
Server-Side Request Forgery vulnerabilities are attacks that allow attackers to send arbitrary requests from the server often resulting in gaining authorized access to data!🤯
[1️⃣] Server-side request forgery by
@PortSwigger
[ https://portswigger.net/web-security/ssrf ]
As always, when talking about web vulnerabilities, PortSwigger academy is the place to go! Their labs offer a great way to practice your skills as well!
[2️⃣] SSRF in 100 seconds by
@PinkDraconian
[ https://youtu.be/3dKavgfL2pA ]
Want a quick overview of what SSRF is? Check out this video explaining SSRF in 100 seconds!
[3️⃣] SSRF Techniques mindmap
[ https://xmind.app/m/eJm7bd/# ]
A mindmap is a great way to visualize what SSRF techniques there are! We couldn't find the author of this mindmap, meaning we can't give credit. If you know who created it, let us know! 💪
[4️⃣] Bug bounty writeup by
@win3zz
[ https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204 ]
SSRF is one of the most found vulnerabilities in bug bounty. There are tons of great writeups out there, but we really liked this on granting a HUGE bounty on Facebook!
[5️⃣] SSRFMap by
@pentest_swissky
[ https://github.com/swisskyrepo/SSRFmap ]
Exploiting SSRF vulnerabilities can often be quite hard, this framework can help you out and make it a bit less time-intensive!
[6️⃣] Cheatsheet by
@pentest_swissky
[ https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md ]
Want a concise overview of different SSRF filter bypasses? Check out this amazing cheatsheet!
[7️⃣] Hackademy by
@intigriti
[ https://blog.intigriti.com/hackademy/server-side-request-forgery-ssrf/ ]
Did you know that Intigriti has its very own hackademy? This is the place for you to learn about a bunch of security issues!
Post by intigriti
Server-Side Request Forgery vulnerabilities are attacks that allow attackers to send arbitrary requests from the server often resulting in gaining authorized access to data!🤯
[1️⃣] Server-side request forgery by
@PortSwigger
[ https://portswigger.net/web-security/ssrf ]
As always, when talking about web vulnerabilities, PortSwigger academy is the place to go! Their labs offer a great way to practice your skills as well!
[2️⃣] SSRF in 100 seconds by
@PinkDraconian
[ https://youtu.be/3dKavgfL2pA ]
Want a quick overview of what SSRF is? Check out this video explaining SSRF in 100 seconds!
[3️⃣] SSRF Techniques mindmap
[ https://xmind.app/m/eJm7bd/# ]
A mindmap is a great way to visualize what SSRF techniques there are! We couldn't find the author of this mindmap, meaning we can't give credit. If you know who created it, let us know! 💪
[4️⃣] Bug bounty writeup by
@win3zz
[ https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204 ]
SSRF is one of the most found vulnerabilities in bug bounty. There are tons of great writeups out there, but we really liked this on granting a HUGE bounty on Facebook!
[5️⃣] SSRFMap by
@pentest_swissky
[ https://github.com/swisskyrepo/SSRFmap ]
Exploiting SSRF vulnerabilities can often be quite hard, this framework can help you out and make it a bit less time-intensive!
[6️⃣] Cheatsheet by
@pentest_swissky
[ https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md ]
Want a concise overview of different SSRF filter bypasses? Check out this amazing cheatsheet!
[7️⃣] Hackademy by
@intigriti
[ https://blog.intigriti.com/hackademy/server-side-request-forgery-ssrf/ ]
Did you know that Intigriti has its very own hackademy? This is the place for you to learn about a bunch of security issues!
Post by intigriti
👍15🔥4❤1
Open Redirect To XSS
Payloads : https://book.hacktricks.xyz/pentesting-web/open-redirect#open-redirect-to-xss
#bugbounty #infosec #cybersecurity #hacking
Payloads : https://book.hacktricks.xyz/pentesting-web/open-redirect#open-redirect-to-xss
#bugbounty #infosec #cybersecurity #hacking
🔥10👍4👎1🤔1
🔰 Top 10 Mistakes & Myths Of Bug bounty hunting
https://bugbountyguide.org/2022/12/16/top-10-mistakes-myths-in-bug-bounty-hunting/
https://bugbountyguide.org/2022/12/16/top-10-mistakes-myths-in-bug-bounty-hunting/
👍9🔥3
Complete OSCP Guide With Active Directory
Amazing Article Contains :
• lots of tips
• Recommended Tools For Active Directory
• Recommended Labs To Solve For Active Directory
• Cheatsheet
• Resources
Take 👇 : Look
https://bugbountyguide.org/index.php/2022/11/29/oscp-preparation-with-active-directory/
#bugbounty #infosec #oscp
Amazing Article Contains :
• lots of tips
• Recommended Tools For Active Directory
• Recommended Labs To Solve For Active Directory
• Cheatsheet
• Resources
Take 👇 : Look
https://bugbountyguide.org/index.php/2022/11/29/oscp-preparation-with-active-directory/
#bugbounty #infosec #oscp
🔥7👍6👏2❤🔥1🏆1
Found Open Redirection Vulnerability in Google
I'll share POC with you soon
I'll share POC with you soon
🔥49👍6👏3
email verification bypass
• After registering with email 1 you'll get verification link on email 1
• Change email to email 2 instead of verifying email 1
• Check if email verification link sended priviously on email 1 is valid for verifying email 2
• After registering with email 1 you'll get verification link on email 1
• Change email to email 2 instead of verifying email 1
• Check if email verification link sended priviously on email 1 is valid for verifying email 2
👍29🔥17
secondary context fuzzing: 🌵
#bugbounty #infosec
/..%2f
/..;/
/../
/..%00/
/..%0d/
/..%5c
/..\
/..%ff/
/%2e%2e%2f
/.%2e/
/%3f (?)
/%26 (&)
/%23 (#)
via https://samcurry.net/hacking-starbucks/
100 million😲 sbux accounts disclosure
see also: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8
#bugbounty #infosec
/..%2f
/..;/
/../
/..%00/
/..%0d/
/..%5c
/..\
/..%ff/
/%2e%2e%2f
/.%2e/
/%3f (?)
/%26 (&)
/%23 (#)
via https://samcurry.net/hacking-starbucks/
100 million😲 sbux accounts disclosure
see also: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8
🔥6👍4
Why Security Headers are Important for websites
https://bugbountyguide.org/2022/12/19/why-security-headers-are-important-for-websites/
https://bugbountyguide.org/2022/12/19/why-security-headers-are-important-for-websites/
👍8🔥7