100 web vulnerabilities, categorized into various types:
Injection Vulnerabilities:
1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)
Broken Authentication and Session Management:
14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse
Sensitive Data Exposure:
22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling
Security Misconfiguration:
28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration
XML-Related Vulnerabilities:
37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb
Broken Access Control:
40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control
Insecure Deserialization:
45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection
API Security Issues:
48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation
Insecure Communication:
52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols
Client-Side Vulnerabilities:
56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues
Denial of Service (DoS):
61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service
Other Web Vulnerabilities:
66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse
Mobile Web Vulnerabilities:
76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering
IoT Web Vulnerabilities:
80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities
Web of Things (WoT) Vulnerabilities:
83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues
Authentication Bypass:
85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass
Server-Side Request Forgery (SSRF):
87. Blind SSRF
88. Time-Based Blind SSRF
Content Spoofing:
89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass
Business Logic Flaws:
92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws
Zero-Day Vulnerabilities:
98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits
Injection Vulnerabilities:
1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)
Broken Authentication and Session Management:
14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse
Sensitive Data Exposure:
22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling
Security Misconfiguration:
28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration
XML-Related Vulnerabilities:
37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb
Broken Access Control:
40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control
Insecure Deserialization:
45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection
API Security Issues:
48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation
Insecure Communication:
52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols
Client-Side Vulnerabilities:
56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues
Denial of Service (DoS):
61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service
Other Web Vulnerabilities:
66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse
Mobile Web Vulnerabilities:
76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering
IoT Web Vulnerabilities:
80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities
Web of Things (WoT) Vulnerabilities:
83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues
Authentication Bypass:
85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass
Server-Side Request Forgery (SSRF):
87. Blind SSRF
88. Time-Based Blind SSRF
Content Spoofing:
89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass
Business Logic Flaws:
92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws
Zero-Day Vulnerabilities:
98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits
👍1
Инструмент поиска по никнейму
Snoop – один из самых перспективных OSINT-инструментов по поиску никнеймов
Он обеспечивает выслеживание nickname на 3000 интернет-ресурсах
Подготовлены сборки для OS GNU/Linux, Windows и Termux (Android)
Программа поддерживает загрузку nickname из файла и добавляет промежуточную таблицу в cli-отчет
#Tools #OSINT
Snoop – один из самых перспективных OSINT-инструментов по поиску никнеймов
Он обеспечивает выслеживание nickname на 3000 интернет-ресурсах
Подготовлены сборки для OS GNU/Linux, Windows и Termux (Android)
Программа поддерживает загрузку nickname из файла и добавляет промежуточную таблицу в cli-отчет
#Tools #OSINT
👍1
Stored XSS/IFrame/HTMLi | Bug Bounty Poc
"><A HREF="https://example.com/">Login Here</A>
"><iframe src="https://example.com/">
"><script>prompt(document.cookie)</script>
#XSS
"><A HREF="https://example.com/">Login Here</A>
"><iframe src="https://example.com/">
"><script>prompt(document.cookie)</script>
#XSS
👍1
Crowdstrike сломал всем Windows https://www.wired.com/story/microsoft-windows-outage-crowdstrike-global-it-probems/
WIRED
Huge Microsoft Outage Caused by CrowdStrike Takes Down Computers Around the World
A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally.
👍1
#Hacktify | Nuclei for Pentesting & Bug Bounties
Info: https://hacktify.thinkific.com/courses/mastering-nuclei-for-pentesting-bug-bounties
Info: https://hacktify.thinkific.com/courses/mastering-nuclei-for-pentesting-bug-bounties
👍1
SecList for CyberStudents
Crowdstrike сломал всем Windows https://www.wired.com/story/microsoft-windows-outage-crowdstrike-global-it-probems/
How to fix the Crowdstrike thing:
1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge
1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge
👍1
1000$ IDOR : Unauthorized Project Inclusion in Expense
https://medium.com/@a13h1/1000-idor-unauthorized-project-inclusion-in-expense-b9ce08b28c71
https://medium.com/@a13h1/1000-idor-unauthorized-project-inclusion-in-expense-b9ce08b28c71
Medium
1000$ IDOR : Unauthorized Project Inclusion in Expense
Hi Everyone! Today, I’m excited to talk about a critical vulnerability I discovered in a platform (let’s call it ExamFit), which allowed…
👍1
📮JScripter - A noob-friendly JavaScript scraper based on #GAU and #hakrawler. Options to scan a single URL or multiple URLs from a list. Uses threads, saves files into a directory, and de-duplicates during saving.
✅Download-https://github.com/ifconfig-me/JScripter
#BugBounty #bugbountytips
✅Download-
#BugBounty #bugbountytips
👍1
🚀 Apepe - Mobile application pentesting🚀
🕵️ Apepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...
🧾 Source - github.com/oppsec/Apepe
🕵️ Apepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...
🧾 Source - github.com/oppsec/Apepe
👍1
Forwarded from BM SECURITY Group 🇺🇿
CrowdStrike-ning Falcon Sensor dasturining yangilanishi tufayli yuzaga kelgan apokalipsis tarqalishda davom etmoqda. Dasturiy ta'minot Windows operatsion tizimida ishlaydigan 8,5 million kompyuterni o'chirib qo'yganidan xabaringiz bor. Endi Linux OS bazasidagi kompyuterlar va serverlarining ham ishdan chiqishiga sabab bo'lmoqda.
Red Hat o'z mijozlarini falcon dasturining "5.14.0-427.13.1.el9_4.x86_64" sonini yuklagandan so'ng "Kernel Panic" muammosi kelib chiqqani haqida ogohlantirdi.
CrowdStrike Falcon Sensor/Agent bilan bog'liq ikkinchi muammo "cshook_network_ops_inet6_sockraw_release+0x171a9" tizimni ishdan chiqarishi mumkinligi takidlangan. Red Hat xavfsizlik jamoasi "Falcon Sensor/Agent" dasturiy ta'minotini vaqtinchalik ishlatmaslik, yuqoridagi muammolarga uchramaslikni ta'minlashini aytgan.
The Register jurnali esa huddi shu muammo Debian va Rocky Linuxlarda ham uchraganini aytishgan.
Fursatdan foydalangan kiberjinoyatchilar, CrowdStrike kompaniyasi nomidan "muammoni bartaraf qilish uchun tarqatilgan yangilanish" niqobida hackerlik guruhlari bir qator domenlarni ochib, ommaviy zararli yangilanishni faol tarqatishmoqda.
crowdstrikebluescreen.com crowdstrikeØday.com crowdstrike-bsod.com crowdstrikedoomsday.com crowdstrikedoomsday.com crowdstrikefix.com crowdstrikedown.site crowdstriketoken.com
Bu muammo soha mutaxassislari orasida shu qadar ko'p va keng muhokama qilinmoqdaki, xar qanday mavzudagi xazillarni CrowdStrike bilan bog'lashmoqda, AI orqali she'rlar yozilmoqda, memlar soni esa cheksiz)). Birjadagi narxlarning qulashi fonida kompaniya rahbari bir qator xodimlarni ishdan bo'shatganini ham X da yozishmoqda. "blue screen of death" shu paytgacha "BSOD" bo'lgan bo'lsa, endi "BSODStrike" termini ham paydo bo'ldi 😁
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1
This media is not supported in your browser
VIEW IN TELEGRAM
BBRF-Client: The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices.
https://github.com/honoki/bbrf-client/
#Recon
https://github.com/honoki/bbrf-client/
#Recon
👍1
Red Team Interview Questions
Репозиторий, охватывающий широкий спектр тем и вопросов для кандидатов на собеседование, которые готовятся работать пентестерами в составе красной команды.
1. Initial Access
2. Windows Network
3. Active Directory
4. OS Language Programming
5. PowerShell
6. Windows Internals
7. DNS Server
8. Windows API
9. Macro Attack
10. APT Groups
11. EDR and Antivirus
12. Malware Development
13. System & Kernel Programming
14. Privilege Escalation
15. Post-exploitation (and Lateral Movement)
16. Persistence
17. Breaking Hash
18. C&C (Command and Control)
19. DLL
20. DNS Rebinding
21. LDAP
22. Evasion
23. Steganography
24. Kerberoasting and Kerberos
25. Mimikatz
26. RDP
27. NTLM
28. YARA Language
29. Windows API And DLL Difference
30. Antivirus and EDR Difference
31. NTDLL
32. Native API
33. Windows Driver
34. Tunneling
35. Shadow File
36. SAM File
37. LSA
38. LSASS
39. WDIGEST
40. CredSSP
41. MSV
42. LiveSSP
43. TSpkg
44. CredMan
45. EDR NDR XDR
46. Polymorphic Malware
47. Pass-the-Hash, Pass-the-Ticket or Build Golden Tickets
48. Firewall
49. WinDBG (Windows Debugger)
50. PE (Portable Executable)
51. ICMP
52. Major Microsoft frameworks for Windows
53. Services and Processes
54. svchost
55. CIM Class
56. CDB, NTSD, KD, Gflags, GflagsX, PE Explorer
57. Sysinternals Suite (tools)
58. Undocumented Functions
59. Process Explorer vs Process Hacker
60. CLR (Common Language Runtime)
Репозиторий, охватывающий широкий спектр тем и вопросов для кандидатов на собеседование, которые готовятся работать пентестерами в составе красной команды.
1. Initial Access
2. Windows Network
3. Active Directory
4. OS Language Programming
5. PowerShell
6. Windows Internals
7. DNS Server
8. Windows API
9. Macro Attack
10. APT Groups
11. EDR and Antivirus
12. Malware Development
13. System & Kernel Programming
14. Privilege Escalation
15. Post-exploitation (and Lateral Movement)
16. Persistence
17. Breaking Hash
18. C&C (Command and Control)
19. DLL
20. DNS Rebinding
21. LDAP
22. Evasion
23. Steganography
24. Kerberoasting and Kerberos
25. Mimikatz
26. RDP
27. NTLM
28. YARA Language
29. Windows API And DLL Difference
30. Antivirus and EDR Difference
31. NTDLL
32. Native API
33. Windows Driver
34. Tunneling
35. Shadow File
36. SAM File
37. LSA
38. LSASS
39. WDIGEST
40. CredSSP
41. MSV
42. LiveSSP
43. TSpkg
44. CredMan
45. EDR NDR XDR
46. Polymorphic Malware
47. Pass-the-Hash, Pass-the-Ticket or Build Golden Tickets
48. Firewall
49. WinDBG (Windows Debugger)
50. PE (Portable Executable)
51. ICMP
52. Major Microsoft frameworks for Windows
53. Services and Processes
54. svchost
55. CIM Class
56. CDB, NTSD, KD, Gflags, GflagsX, PE Explorer
57. Sysinternals Suite (tools)
58. Undocumented Functions
59. Process Explorer vs Process Hacker
60. CLR (Common Language Runtime)
GitHub
GitHub - HadessCS/Red-team-Interview-Questions: Red team Interview Questions
Red team Interview Questions. Contribute to HadessCS/Red-team-Interview-Questions development by creating an account on GitHub.
👍1
Hammaga salom do'stlar anchadan buyon ishlar ko'payib post yozmay qoygandim. Bu kanalda asosan kiber xavfsizlikni o'rganishga doir materiallar tashlab boriladi. Asosan o'zim ish davomida zaifliklarni topsishda yani pentesting va bugbounty qanday materiallardan foydalanayotganim haqida postlar tashlayman.
Shu o'rinda bugun bir necha zaifliklarga duch keldim va shuni sizlar bilan baham ko'rmoqchiman!
XSS via File upload vulnerability:
Odatda juda funksinalliklarga yani userlar bilan ishlashga mo'ljallangan platformalarda malum bir shaxsni tasdiqlovchi hujjatlar talab qilinishini va qanday turdagi fayllarni yuklash kerakligiga etibor bering! Shunda qanday qilib ushbu fayl turlarini bypass qilib shell yuklashga hamda uni RCE ga aylantirishga harakat qiling.
Bugun xuddi shu narsaga etibor bermaganligim uchun faqatgina PDF ichiga JS payload inject qilib stored XSS zaifligini topdim. Aslida undan ham katta natijaga erishishim mumkin edi, ammo etiborsizligim tufayli oddiy bir narsani unitib qo'ydim. Shunda kasbdoshim kelib qoldi XSS uchun payload emas balki php shell yuklashim kerakligini aytdi. Shunda requstni BurpSuite orqali ushlab pdf fayl ichiga php payload yozdik va uni serverga yukladik. Shunda php payloadimiz ishladi va RCE olishga muavaffaq bo'ldik😎
Ushbu malumotlar o'zimning xatolarimni esdan chiqarmaslik va sizlarnig rivojlanishigizga ozgina bo'lsa ham hissa qo'shish maqsadida yozildi.
Shu o'rinda bugun bir necha zaifliklarga duch keldim va shuni sizlar bilan baham ko'rmoqchiman!
XSS via File upload vulnerability:
Odatda juda funksinalliklarga yani userlar bilan ishlashga mo'ljallangan platformalarda malum bir shaxsni tasdiqlovchi hujjatlar talab qilinishini va qanday turdagi fayllarni yuklash kerakligiga etibor bering! Shunda qanday qilib ushbu fayl turlarini bypass qilib shell yuklashga hamda uni RCE ga aylantirishga harakat qiling.
Bugun xuddi shu narsaga etibor bermaganligim uchun faqatgina PDF ichiga JS payload inject qilib stored XSS zaifligini topdim. Aslida undan ham katta natijaga erishishim mumkin edi, ammo etiborsizligim tufayli oddiy bir narsani unitib qo'ydim. Shunda kasbdoshim kelib qoldi XSS uchun payload emas balki php shell yuklashim kerakligini aytdi. Shunda requstni BurpSuite orqali ushlab pdf fayl ichiga php payload yozdik va uni serverga yukladik. Shunda php payloadimiz ishladi va RCE olishga muavaffaq bo'ldik😎
Ushbu malumotlar o'zimning xatolarimni esdan chiqarmaslik va sizlarnig rivojlanishigizga ozgina bo'lsa ham hissa qo'shish maqsadida yozildi.
🔥3🤣2❤1😐1
🇨🇦Canadian OSINT🇨🇦
- business and corporate info
- archives and genealogy
- legal and court info
- people search
and more (dozens of resources).
https://github.com/S3V3N11S/Canadian-OSINT-
Contributor Jason Colborne
- business and corporate info
- archives and genealogy
- legal and court info
- people search
and more (dozens of resources).
https://github.com/S3V3N11S/Canadian-OSINT-
Contributor Jason Colborne
👍1