interesting macro samples
https://app.any.run/tasks/2be858c1-ff74-44b0-bb2a-4bb5de18a443
https://app.any.run/tasks/da537699-5942-46dd-a747-76de5e99f1ed/
https://app.any.run/tasks/2be858c1-ff74-44b0-bb2a-4bb5de18a443
https://app.any.run/tasks/da537699-5942-46dd-a747-76de5e99f1ed/
app.any.run
4dd6c0a22d4b5ff8d33c8ed45c23cc23159fd7c8f6e9e19e90fce80103cbdc50.doc (MD5: 7C7386C86CFEB790FE65DC27545DA45F) - Interactive analysis…
Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
Deeplink issues:
https://youtu.be/wyIx0D-M2S8
Exploitation of exported activities (OOS on some programs, nevertheless an interesting watch)
https://youtu.be/ZUikTuoCP_M
#bugbountytip #bugbounty
https://youtu.be/wyIx0D-M2S8
Exploitation of exported activities (OOS on some programs, nevertheless an interesting watch)
https://youtu.be/ZUikTuoCP_M
#bugbountytip #bugbounty
YouTube
Android Deeplinks and how to exploit them
In this video we go over what deeplinks are and ways they can be exploited. PoC examples and example reports are also reviewed.
CSRF for disabling 2FA
1. Capture request in burpsuite
2. Engagement tools> Generate CSRF POC
3. Pass null chars in token value so function will over-ride
4. Submit twice for overriding
5. 2FA disabled
1. Capture request in burpsuite
2. Engagement tools> Generate CSRF POC
3. Pass null chars in token value so function will over-ride
4. Submit twice for overriding
5. 2FA disabled
#XXE
https://spaceraccoon.dev/a-tale-of-two-formats-exploiting-insecure-xml-and-zip-file-parsers-to-create-a
https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/
https://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
https://github.com/setuid0-sec/Swiss_E-Voting_Publications/blob/master/xxe_setuid0.pdf
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/
https://corben.io/XSS-to-XXE-in-Prince/
https://medium.com/@zain.sabahat/an-interesting-xxe-in-sap-8b35fec6ef33
#bugbounty,#bugbountytips
https://spaceraccoon.dev/a-tale-of-two-formats-exploiting-insecure-xml-and-zip-file-parsers-to-create-a
https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/
https://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
https://github.com/setuid0-sec/Swiss_E-Voting_Publications/blob/master/xxe_setuid0.pdf
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/
https://corben.io/XSS-to-XXE-in-Prince/
https://medium.com/@zain.sabahat/an-interesting-xxe-in-sap-8b35fec6ef33
#bugbounty,#bugbountytips
spaceraccoon.dev
A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell
While researching a bug bounty target, I came across a web application that processed a custom file type which was actually just a ZIP file that contains an XML that functions as a manifest. If handled naively, this packaging pattern creates additional security…
Recently found a RXSS in captcha response
Resolve captcha --> capture request --> change captcha response to XSS payload --> XSS trigger
#BugBounty #BugBountyTip #BugBountyTips
Resolve captcha --> capture request --> change captcha response to XSS payload --> XSS trigger
#BugBounty #BugBountyTip #BugBountyTips
Rate limit bypass:
Add header/s with request
X-Originating-IP: IP
X-Forwarded-For: IP
X-Remote-IP: IP
X-Remote-Addr: IP
X-Client-IP: IP
X-Host: IP
X-Forwared-Host: IP
If bypass successful, & after a while blocking request again. Increment the last octate
#infosec #bugbounty
Add header/s with request
X-Originating-IP: IP
X-Forwarded-For: IP
X-Remote-IP: IP
X-Remote-Addr: IP
X-Client-IP: IP
X-Host: IP
X-Forwared-Host: IP
If bypass successful, & after a while blocking request again. Increment the last octate
#infosec #bugbounty
Bugbounty tips#3
Short IP addrs by dropping zeroes. To bypasses WAF filters for SSRF, open-redirect, whr any IP got blocked
Exmpls:
http://1.0.0.1 → http://1.1
http://192.168.0.1 → http://192.168.1
#infosec #SSRF #bugbountytip #bypass #WAF #bugbountytips #hackerone #hackers
Short IP addrs by dropping zeroes. To bypasses WAF filters for SSRF, open-redirect, whr any IP got blocked
Exmpls:
http://1.0.0.1 → http://1.1
http://192.168.0.1 → http://192.168.1
#infosec #SSRF #bugbountytip #bypass #WAF #bugbountytips #hackerone #hackers
Payload xss en aplicación de javascript.
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydGBZMDAwYDwvc2NyaXB0Pg=='></object>
#xss #payload #payloads #bugbountytips
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydGBZMDAwYDwvc2NyaXB0Pg=='></object>
#xss #payload #payloads #bugbountytips