We Hacked GitHub for a Month : Here’s What We Found @MrRajputHacker 🤝@Th3Pr0xyB0y
blog.cyberxplore.com/we-hacked-gith…
#BugBounty #bugbountytips #infosec #cybersecurite
blog.cyberxplore.com/we-hacked-gith…
#BugBounty #bugbountytips #infosec #cybersecurite
😱5❤4👏4👍2😁1
Price Manipulation Method
If the product price parameter cannot be changed, change the quantity of products.
items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €
#bugbountytips #bugbountytip #bugbounty #cybersecurity #ethicalhacking
If the product price parameter cannot be changed, change the quantity of products.
items[1][quantity]=1 --> 234 €
items[1][quantity]=0.1 --> 23.4 €
#bugbountytips #bugbountytip #bugbounty #cybersecurity #ethicalhacking
🔥31👍8❤6🤔1
Browser-Based application LFI
file:///etc/passwd blacklisted? Use "view-source:file:///etc/passwd"
"view-source" is often forgotten by developers in blacklists.
#BugBounty #BugBountyTip #BugBountyTips
file:///etc/passwd blacklisted? Use "view-source:file:///etc/passwd"
"view-source" is often forgotten by developers in blacklists.
#BugBounty #BugBountyTip #BugBountyTips
👍21🔥6🤔2
I use this tools: subfinder, amass, puredns, dnsrecon, assetfinder, subscraper
After search, I filter results with this tool: filter-resolved
Because these tools bring a lot of invalid subdomains. Then I use this tool to get me only valid DNS
try this:
cat subdomainlist.txt | sort -u | filter-resolved > subdomainlist_resolved.txt
After search, I filter results with this tool: filter-resolved
Because these tools bring a lot of invalid subdomains. Then I use this tool to get me only valid DNS
try this:
cat subdomainlist.txt | sort -u | filter-resolved > subdomainlist_resolved.txt
🔥31👍5🐳2
Bug Reports 🥬☘️ & Bug bounty Guide 🌿🎯🍀
1)Attacker is able to query Github repositories of arbitrary Shopify Hydrogen Users
https://hackerone.com/reports/1692788
2)The Story of Becoming a Super Admin
https://medium.com/@omerkepenek/the-story-of-becoming-a-super-admin-ab32db7dd1b3
3)How to Bypass XSS Filters: A Practical Example
https://securitylit.medium.com/how-to-bypass-xss-filters-a-practical-example-3189877fe2ce
4)XSS Vulnerability Types
https://medium.com/@rkarthik435/xss-vulnerability-types-272ae496d1a1
5)A Beginner’s Guide to Bug Hunting and Exploiting Common WordPress Vulnerabilities
https://medium.com/@cuncis/a-beginners-guide-to-bug-hunting-and-exploiting-common-wordpress-vulnerabilities-821fe0d79461
6)What Is Open Source Intelligence (OSINT) In the Context of Bug Bounty
https://securitylit.medium.com/what-is-open-source-intelligence-osint-in-the-context-of-bug-bounty-c792f8680e3c
7)Can you spot the vulnerability? #16022023 — Intigriti
https://infosecwriteups.com/can-you-spot-the-vulnerability-16022023-intigriti-a46068e557cc
8)Skipjack Encryption: Understanding Its Advantages and Limitations in Cyber Security | 2023
https://cyberw1ng.medium.com/skipjack-encryption-understanding-its-advantages-and-limitations-in-cyber-security-2023-b0dcfdf8cf6c
9)Earning cryptocurrency through bug bounties
https://medium.com/@apriltoken/earning-cryptocurrency-through-bug-bounties-718158b013dd
Bug Reports 🥬☘️ & Bug bounty Guide 🌿🎯🍀 ☝️☝️
1)Attacker is able to query Github repositories of arbitrary Shopify Hydrogen Users
https://hackerone.com/reports/1692788
2)The Story of Becoming a Super Admin
https://medium.com/@omerkepenek/the-story-of-becoming-a-super-admin-ab32db7dd1b3
3)How to Bypass XSS Filters: A Practical Example
https://securitylit.medium.com/how-to-bypass-xss-filters-a-practical-example-3189877fe2ce
4)XSS Vulnerability Types
https://medium.com/@rkarthik435/xss-vulnerability-types-272ae496d1a1
5)A Beginner’s Guide to Bug Hunting and Exploiting Common WordPress Vulnerabilities
https://medium.com/@cuncis/a-beginners-guide-to-bug-hunting-and-exploiting-common-wordpress-vulnerabilities-821fe0d79461
6)What Is Open Source Intelligence (OSINT) In the Context of Bug Bounty
https://securitylit.medium.com/what-is-open-source-intelligence-osint-in-the-context-of-bug-bounty-c792f8680e3c
7)Can you spot the vulnerability? #16022023 — Intigriti
https://infosecwriteups.com/can-you-spot-the-vulnerability-16022023-intigriti-a46068e557cc
8)Skipjack Encryption: Understanding Its Advantages and Limitations in Cyber Security | 2023
https://cyberw1ng.medium.com/skipjack-encryption-understanding-its-advantages-and-limitations-in-cyber-security-2023-b0dcfdf8cf6c
9)Earning cryptocurrency through bug bounties
https://medium.com/@apriltoken/earning-cryptocurrency-through-bug-bounties-718158b013dd
Bug Reports 🥬☘️ & Bug bounty Guide 🌿🎯🍀 ☝️☝️
🔥10🎉3👍2❤1
First I reported XSS trigged as medium!
I am not satisfied with that later I chained it with account takeover! Got additional. $650
Tips: - if application have feature of Api key and you can't steal session cookies!
1/n
More : 👇
https://twitter.com/bug_vs_me/status/1634090120658780162?t=X54aRAVY05Ajv0zosKda4Q&s=19
I am not satisfied with that later I chained it with account takeover! Got additional. $650
Tips: - if application have feature of Api key and you can't steal session cookies!
1/n
More : 👇
https://twitter.com/bug_vs_me/status/1634090120658780162?t=X54aRAVY05Ajv0zosKda4Q&s=19
🔥7👍4👏2🍾1
Tips 🌿🌻🍂
whenever you saw any email input field!
70% bug hunters don't try XSS there as compared to name field.
always try this in email input field!
"<img/src/onerror=alert(0)"@xss.com
This don't work every time but give it a try found 2 XSS today using this!
Tips 🌿🌻🍂 👆
whenever you saw any email input field!
70% bug hunters don't try XSS there as compared to name field.
always try this in email input field!
"<img/src/onerror=alert(0)"@xss.com
This don't work every time but give it a try found 2 XSS today using this!
Tips 🌿🌻🍂 👆
🔥53👍20🍌5
TIP:
🛡️ Admin panel access using %20 🛡️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip
🛡️ Admin panel access using %20 🛡️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip
👍14🔥4👌2