🕸💉 Advanced SQL Injection Cheatsheet 📃
This repository contains a advanced methodology of all types of SQL Injection.
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
#bugbounty #bugbountytips #infosec #hacking #cybersecurity #penetrationtesting
This repository contains a advanced methodology of all types of SQL Injection.
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
#bugbounty #bugbountytips #infosec #hacking #cybersecurity #penetrationtesting
❤19🔥5👍4
Bug bounty Bootcamp 📃🕸🔖
• Is an excellent guide looking to break into the world of bug hunting
The book covers :
Everything from the basics of web security to advanced techniques for finding vulnerabilities in complex systems.
Another important aspect of the book is the :
Emphasis on practical
Hands-on experience
This Book is an excellent resource for anyone interested in bug bounty hunting
https://bugbountyguide.org/top-best-books-for-bugbounty/#bug-bounty-bootcamp
• Is an excellent guide looking to break into the world of bug hunting
The book covers :
Everything from the basics of web security to advanced techniques for finding vulnerabilities in complex systems.
Another important aspect of the book is the :
Emphasis on practical
Hands-on experience
This Book is an excellent resource for anyone interested in bug bounty hunting
https://bugbountyguide.org/top-best-books-for-bugbounty/#bug-bounty-bootcamp
❤13👍6😱1
💫 OSI model V/S TCP/IP model, take a look at the comparison.
New Flyer, check this out on site, if you want to read in HD : smpl.is/12dur
If you like this, feel free to provide your feedback with emoji!
#infosec #appsec #securityzines #cybersecurity
New Flyer, check this out on site, if you want to read in HD : smpl.is/12dur
If you like this, feel free to provide your feedback with emoji!
#infosec #appsec #securityzines #cybersecurity
👍22❤2🔥1
AWS Well-Architected Labs
https://dx1572sre29wk.cloudfront.net/security/
#bugbounty #infosec #hacking #pentesting
https://dx1572sre29wk.cloudfront.net/security/
#bugbounty #infosec #hacking #pentesting
🔥10👍4
OS Command Injection 🕸🔖
Allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application
leads to fully compromising the application and all its data.
Thread 🧵 : 👇
https://twitter.com/Aacle_/status/1629700693530640385?s=20
Allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application
leads to fully compromising the application and all its data.
Thread 🧵 : 👇
https://twitter.com/Aacle_/status/1629700693530640385?s=20
❤7
The 1st time I tried Bugcrowd! And found 1 P2 level vulnerability
Credit: bug_vs_me (Deepak)
Tip:- always try to check if the website is hosted on Netlify!
Then try:- for example the main domain name is Deepak
So I tried http://deepak-dev.netlify.app/admin
60% of people set Netlify CMS to public signup
#bugbountytips
Credit: bug_vs_me (Deepak)
Tip:- always try to check if the website is hosted on Netlify!
Then try:- for example the main domain name is Deepak
So I tried http://deepak-dev.netlify.app/admin
60% of people set Netlify CMS to public signup
#bugbountytips
👏11👍9❤7
My OS Command Injection { Notion's Notes }
https://aacle.notion.site/OS-Command-Injection-cc45796dbedc4919b0aca76b2e807c16
https://aacle.notion.site/OS-Command-Injection-cc45796dbedc4919b0aca76b2e807c16
❤18🥰1👏1
We Hacked GitHub for a Month : Here’s What We Found @MrRajputHacker 🤝@Th3Pr0xyB0y
blog.cyberxplore.com/we-hacked-gith…
#BugBounty #bugbountytips #infosec #cybersecurite
blog.cyberxplore.com/we-hacked-gith…
#BugBounty #bugbountytips #infosec #cybersecurite
😱5❤4👏4👍2😁1
Price Manipulation Method
If the product price parameter cannot be changed, change the quantity of products.
items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €
#bugbountytips #bugbountytip #bugbounty #cybersecurity #ethicalhacking
If the product price parameter cannot be changed, change the quantity of products.
items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €
#bugbountytips #bugbountytip #bugbounty #cybersecurity #ethicalhacking
🔥31👍8❤6🤔1
Browser-Based application LFI
file:///etc/passwd blacklisted? Use "view-source:file:///etc/passwd"
"view-source" is often forgotten by developers in blacklists.
#BugBounty #BugBountyTip #BugBountyTips
file:///etc/passwd blacklisted? Use "view-source:file:///etc/passwd"
"view-source" is often forgotten by developers in blacklists.
#BugBounty #BugBountyTip #BugBountyTips
👍21🔥6🤔2
I use this tools: subfinder, amass, puredns, dnsrecon, assetfinder, subscraper
After search, I filter results with this tool: filter-resolved
Because these tools bring a lot of invalid subdomains. Then I use this tool to get me only valid DNS
try this:
cat subdomainlist.txt | sort -u | filter-resolved > subdomainlist_resolved.txt
After search, I filter results with this tool: filter-resolved
Because these tools bring a lot of invalid subdomains. Then I use this tool to get me only valid DNS
try this:
cat subdomainlist.txt | sort -u | filter-resolved > subdomainlist_resolved.txt
🔥31👍5🐳2