Happy happy happy new year 🥳

May the new year 2023 bring joy, prosperity, and all the things you wish for.

A Gift From My Side

2 x 1-month Tryhackme Voucher: https://tryhackme.com/voucher/stats/B8MMeLOTPAx8NF

Don't worry After exactly 30m - Another 2x1-month Tryhackme Voucher giveaway

VOucher: https://tryhackme.com/voucher/stats/497esgccfFA7wj

if Anybody wants to purchase at a cheap price, can contact @infosec_lover

Get your networking basics clear

https://explained-from-first-principles.com/internet/

🔰 CRLF Vulnerability

• CRLF stands for "Carriage Return, Line Feed." It is a sequence of two characters used to signify the end of a line of text in many computer systems.

• How It Occurs

A CRLF injection vulnerability occurs when an attacker is able to inject a CRLF sequence into an application, often by manipulating input that is not properly validated

This can allow the attacker to alter the behavior of the application

• Way To Protect CRLF Vulnerability

To protect against CRLF injection attacks, it is important to properly validate and sanitize all user input.

This can help to ensure that malicious input is not able to be injected into the application.

#bugbounty #Infosec #penetrationtesting #hacking #bugbountytips

A new Vulnerable Web Application by
@PortSwiggerRes

Gin & Juice Shop: https://ginandjuice.shop

Here are some tips for finding CRLF (Carriage Return Line Feed) vulnerability:

1️⃣: Look for places where user input is reflected in the HTTP response header. CRLF vulnerabilities often arise when user input is injected into the header without being properly sanitized.

2️⃣: Try injecting CRLF characters into user input fields to see if they are reflected in the header. For example, you might try inputting a string like "foo%0D%0Abar" into a search field and see if "foo" and "bar" appear as separate lines in the header.

3️⃣: Use a tool like Burp Suite to intercept and modify HTTP requests. This can make it easier to inject CRLF characters and analyze the resulting header.

4️⃣: Pay attention to the content of the header and how it changes based on your input. Look for patterns or anomalies that might indicate a CRLF vulnerability.

5️⃣: Keep in mind that CRLF vulnerabilities can be used to perform a variety of attacks, including HTTP response splitting, header injection, and cache poisoning.

If you suspect that a CRLF vulnerability is present, be sure to thoroughly test and understand its potential impact.

#bugbounty #infosec #cybersecurity #hacking

Best Way to Find Clint-Side Bugs

https://bugbountyguide.org/2022/12/10/best-way-to-find-clint-side-bugs/

🟢 Tricks to bypass CSRF-protection

Link: https://2017.zeronights.org/wp-content/uploads/materials/ZN17_MikhailEgorov%20_Neat_tricks_to_bypass_CSRF_protection.pdf

BUGOUNTY TIP

Getting a 403 error?
Try appending %2e after the first slash!

https://host.com/path = 403 FORBIDDEN
https://host.com/%2e/path = 200 0K

@rez__

When using WayBackUrls, use below Regex
to find parameterized URL(s):

\/[A-Za-z0-9.-][a-z]\?.*=

My Malicious File Upload Checklist

https://aacle.notion.site/Malicious-File-Upload-Checklist-3cd2b85ff7494efdac47d646b98cdce4

#bugbounty #infosec