Open Redirect To XSS

Payloads : https://book.hacktricks.xyz/pentesting-web/open-redirect#open-redirect-to-xss

#bugbounty #infosec #cybersecurity #hacking

Big respect  for this Egyptian 🇪🇬 guy

Reads my website article for almost 40m 😲😧

🔰 Top 10 Mistakes & Myths Of Bug bounty hunting

https://bugbountyguide.org/2022/12/16/top-10-mistakes-myths-in-bug-bounty-hunting/

Complete OSCP Guide With Active Directory

Amazing Article Contains :
• lots of tips
• Recommended Tools For Active Directory
• Recommended Labs To Solve For Active Directory
• Cheatsheet
• Resources

Take 👇 : Look
https://bugbountyguide.org/index.php/2022/11/29/oscp-preparation-with-active-directory/

#bugbounty #infosec #oscp

Found Open Redirection Vulnerability in Google

I'll share POC with you soon

email verification bypass

• After registering with email 1 you'll get verification link on email 1
• Change email to email 2 instead of verifying email 1
• Check if email verification link sended priviously on email 1 is valid for verifying email 2

secondary context fuzzing: 🌵
#bugbounty #infosec

/..%2f
/..;/
/../
/..%00/
/..%0d/
/..%5c
/..\
/..%ff/
/%2e%2e%2f
/.%2e/
/%3f (?)
/%26 (&)
/%23 (#)

via https://samcurry.net/hacking-starbucks/

100 million😲 sbux accounts disclosure
see also: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8

Why Security Headers are Important for websites

https://bugbountyguide.org/2022/12/19/why-security-headers-are-important-for-websites/

Bug Bounty Recon Methodology For Beginners : Link

Live Hacking On Indeed with Tess 💥 | Watch

Bug Bounty 🪲 Tip:
Target had a /?back= parameter,

but payloads like javascript://alert(1) did not work.

Exploited using the following with URL-encoded ASCII tab characters:
%09Jav%09ascript:alert(document.domain)

#bugbountytips #bugbounty

🔰 Amazing Cheatsheet { You Must Follow This }

✨ Privilege Escalation Overview

https://bugbountyguide.org/2022/12/21/privilege-escalation/

The Game of HTTP Request And Response

https://bugbountyguide.org/2022/12/23/understand-the-game-of-http-request-and-response/

#bugbounty #Infosec

All Network Services & Ports with Enumeration techniques

https://bugbountyguide.org/2022/12/24/all-network-services-ports-enumeration/

✨ Huge Bug Bounty Mindmap

https://bugbountyguide.org/bug-bounty/mindmaps-cheatsheets#Bug-bounty-mindmap

Web Application Security Mindmap

https://bugbountyguide.org/bug-bounty/mindmaps-cheatsheets/#Web%20Application%20Security%20Mindmap

#bugbounty #infosec

An interesting trick: you can bypass a WAF during a XSS attack on ASP(dot)NET/IIS technology by using a HTTP parameter pollution attack.

#BugBounty #BugBountyTips #InfoSec

(Credit to Acunetix)
Full article: https://acunetix.com/blog/whitepaper-http-parameter-pollution/

Tryhackme voucher at a cheap price.

At Rs 155 / 2.2$ for a month

This guy is providing @Infosec_lover | Verified by me