🔥13❤1
Here are some tips for finding CRLF (Carriage Return Line Feed) vulnerability:
1️⃣: Look for places where user input is reflected in the HTTP response header. CRLF vulnerabilities often arise when user input is injected into the header without being properly sanitized.
2️⃣: Try injecting CRLF characters into user input fields to see if they are reflected in the header. For example, you might try inputting a string like "foo%0D%0Abar" into a search field and see if "foo" and "bar" appear as separate lines in the header.
3️⃣: Use a tool like Burp Suite to intercept and modify HTTP requests. This can make it easier to inject CRLF characters and analyze the resulting header.
4️⃣: Pay attention to the content of the header and how it changes based on your input. Look for patterns or anomalies that might indicate a CRLF vulnerability.
5️⃣: Keep in mind that CRLF vulnerabilities can be used to perform a variety of attacks, including HTTP response splitting, header injection, and cache poisoning.
If you suspect that a CRLF vulnerability is present, be sure to thoroughly test and understand its potential impact.
#bugbounty #infosec #cybersecurity #hacking
1️⃣: Look for places where user input is reflected in the HTTP response header. CRLF vulnerabilities often arise when user input is injected into the header without being properly sanitized.
2️⃣: Try injecting CRLF characters into user input fields to see if they are reflected in the header. For example, you might try inputting a string like "foo%0D%0Abar" into a search field and see if "foo" and "bar" appear as separate lines in the header.
3️⃣: Use a tool like Burp Suite to intercept and modify HTTP requests. This can make it easier to inject CRLF characters and analyze the resulting header.
4️⃣: Pay attention to the content of the header and how it changes based on your input. Look for patterns or anomalies that might indicate a CRLF vulnerability.
5️⃣: Keep in mind that CRLF vulnerabilities can be used to perform a variety of attacks, including HTTP response splitting, header injection, and cache poisoning.
If you suspect that a CRLF vulnerability is present, be sure to thoroughly test and understand its potential impact.
#bugbounty #infosec #cybersecurity #hacking
❤17👍8
Best Way to Find Clint-Side Bugs
https://bugbountyguide.org/2022/12/10/best-way-to-find-clint-side-bugs/
https://bugbountyguide.org/2022/12/10/best-way-to-find-clint-side-bugs/
❤11👍1
🟢 Tricks to bypass CSRF-protection
Link: https://2017.zeronights.org/wp-content/uploads/materials/ZN17_MikhailEgorov%20_Neat_tricks_to_bypass_CSRF_protection.pdf
Link: https://2017.zeronights.org/wp-content/uploads/materials/ZN17_MikhailEgorov%20_Neat_tricks_to_bypass_CSRF_protection.pdf
👍14❤2
BUGOUNTY TIP
Getting a 403 error?
Try appending %2e after the first slash!
https://host.com/path = 403 FORBIDDEN
https://host.com/%2e/path = 200 0K
@rez__
Getting a 403 error?
Try appending %2e after the first slash!
https://host.com/path = 403 FORBIDDEN
https://host.com/%2e/path = 200 0K
@rez__
👍33🔥8❤6👏1
When using WayBackUrls, use below Regex
to find parameterized URL(s):
\/[A-Za-z0-9.-][a-z]\?.*=
to find parameterized URL(s):
\/[A-Za-z0-9.-][a-z]\?.*=
🔥29👍5👎1
Javascript Question
Mark the correct output
Q) !!"false" == !!"true";
Mark the correct output
Q) !!"false" == !!"true";
Anonymous Quiz
48%
true
52%
false
😨15🫡6👍3👨💻2🔥1🎉1
Javascript Question!!
what is the Length of theArray
Q) let theArrray = [, , , , ,]
what is the Length of theArray
Q) let theArrray = [, , , , ,]
Anonymous Quiz
44%
5
34%
6
23%
0
🤯9👍8🤔5
My Malicious File Upload Checklist
https://aacle.notion.site/Malicious-File-Upload-Checklist-3cd2b85ff7494efdac47d646b98cdce4
#bugbounty #infosec
https://aacle.notion.site/Malicious-File-Upload-Checklist-3cd2b85ff7494efdac47d646b98cdce4
#bugbounty #infosec
👏22🥰1
Javascript Question!!
One of these will not give a syntax error!!
One of these will not give a syntax error!!
Anonymous Quiz
20%
if="A"
15%
null="A"
23%
undefined="A"
42%
All wrong
🤔12😈5
🎯 HTTPZines
All About HTTP and Its role
https://securityzines.com/zines/http.html
#bugbounty #Infosec #hacking #penetrationtesting #cybersecurity
All About HTTP and Its role
https://securityzines.com/zines/http.html
#bugbounty #Infosec #hacking #penetrationtesting #cybersecurity
🔥7
Bug Bounty
Javascript Question!!
Q) [] == ''
Q) [] == ''
In JS (==) convert both values in the same type. In this case Empty String and Empty Array both are boolean value of false
So, they evaluate as equal
So, they evaluate as equal
👍11
Bug Bounty
Javascript Question!!
One of these will not give a syntax error!!
One of these will not give a syntax error!!
Undefined is not a reserved keyword
Bug Bounty
Javascript Question!!
what is the Length of theArray
Q) let theArrray = [, , , , ,]
what is the Length of theArray
Q) let theArrray = [, , , , ,]
In js array, it ignore last ,
👍2
Bug Bounty
Javascript Question
Mark the correct output
Q) !!"false" == !!"true";
Mark the correct output
Q) !!"false" == !!"true";
If a string is not empty == will convert it into boolean value of true so they both are equal 😊
😁6
👍12👎2😁1
Javascript Question!!
Q: What is the output of the following code?
let x = 1; if (function f(){}) { x += typeof f; }
Q: What is the output of the following code?
let x = 1; if (function f(){}) { x += typeof f; }
Anonymous Quiz
32%
Error
34%
"Number"
33%
"1undefined"
👎6🔥3