β‘οΈWant to download 100+ Bug Bounty Tips collected from X?
β Download the PDF from here - https://t.iss.one/brutsecurity/767
#BugBounty #bugbountytips
β Download the PDF from here - https://t.iss.one/brutsecurity/767
#BugBounty #bugbountytips
π7π₯3
β‘οΈGoSearch - OSINT tool for searching people's digital footprint and leaked passwords across various social networks, written in Go.
β https://github.com/ibnaleem/gosearch
#bugbounty #bugbountytips #cybersecurity
β https://github.com/ibnaleem/gosearch
#bugbounty #bugbountytips #cybersecurity
π8β€4π₯2
π On-Site Request Forgery (OSRF): An Overview
π¨On-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
π Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
Look for inputs that can be reflected in attributes like
π If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
β οΈ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
π¨On-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
π Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
src Attributes Look for inputs that can be reflected in attributes like
src. Example vulnerable tags: html
<img src="OUR_INPUT_HERE">
<video width="400" height="200" controls src="OUR_INPUT_HERE">
<audio src="OUR_INPUT_HERE">
<iframe src="OUR_INPUT_HERE">
π If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
GET /settings.php?remove_account=1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
β οΈ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
src, are properly validated and sanitized. 3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
GitHub
AllAboutBugBounty/On Site Request Forgery.md at master Β· daffainfo/AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc) - daffainfo/AllAboutBugBounty
π8β€3π₯1
Please open Telegram to view this post
VIEW IN TELEGRAM
π10β€4
β Easily Identify SSRF on a Website Using a Single Command*
This approach leverages a combination of powerful tools:
- Findomain: Gathers all subdomains related to the target site.
- Httpx: Verifies the accessibility of these domains.
- Getallurls (gau): Extracts URLs from sources like AlienVault OTX, Wayback Machine, and Common Crawl.
- Qsreplace: Substitutes query string values in URLs with a user-specified value.
Steps:
1. Install the mentioned tools.
2. Run the following command:
Replace
This method streamlines the search for SSRF vulnerabilities effectively.
#bugbounty #web #ssrf #cybersecurity #bugbountytips
Credit: Aman Dara
This approach leverages a combination of powerful tools:
- Findomain: Gathers all subdomains related to the target site.
- Httpx: Verifies the accessibility of these domains.
- Getallurls (gau): Extracts URLs from sources like AlienVault OTX, Wayback Machine, and Common Crawl.
- Qsreplace: Substitutes query string values in URLs with a user-specified value.
Steps:
1. Install the mentioned tools.
2. Run the following command:
findomain -t DOMAIN -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace your.burpcollaborator.net
Replace
your.burpcollaborator.net with your server or Burp Collaborator address. This method streamlines the search for SSRF vulnerabilities effectively.
#bugbounty #web #ssrf #cybersecurity #bugbountytips
Credit: Aman Dara
π10πΏ9π€¨2β€1
π¨403 Bypass list by @jhaddix Url Manipulation Methods Top 77 ways to bypass access controlπ¨
π10β€8
Please open Telegram to view this post
VIEW IN TELEGRAM
HackerOne
AWS Security Configuration Review and Best Practices | HackerOne
Learn the ins and outs of AWS security configuration testing and why community-driven PTaaS is the best method.
CVE-2025-0282, -0283: Two vulnerabilities in Ivanti Connect Secure, 7.0 - 9.0 rating π₯
Stack-based buffer overflow caused potential RCE and privilege escalation.
Search at Netlas.io:
π Link: https://nt.ls/WMQwN
π Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
Stack-based buffer overflow caused potential RCE and privilege escalation.
Search at Netlas.io:
π Link: https://nt.ls/WMQwN
π Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
π4
Super Blind SQL Injection- $20000 bounty | Thousands of targets still vulnerableβ by priyanshu shakya https://medium.com/@pranshux0x/super-blind-sql-injection-20000-bounty-thousands-of-targets-still-vulnerable-f9b013765448
π8π₯5
π₯MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
β https://github.com/robotshell/magicRecon
β https://github.com/robotshell/magicRecon
π5