โก๏ธWant to download 100+ Bug Bounty Tips collected from X?
โ Download the PDF from here - https://t.iss.one/brutsecurity/767
#BugBounty #bugbountytips
โ Download the PDF from here - https://t.iss.one/brutsecurity/767
#BugBounty #bugbountytips
๐7๐ฅ3
โก๏ธGoSearch - OSINT tool for searching people's digital footprint and leaked passwords across various social networks, written in Go.
โ https://github.com/ibnaleem/gosearch
#bugbounty #bugbountytips #cybersecurity
โ https://github.com/ibnaleem/gosearch
#bugbounty #bugbountytips #cybersecurity
๐8โค4๐ฅ2
๐ On-Site Request Forgery (OSRF): An Overview
๐จOn-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
๐ Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
Look for inputs that can be reflected in attributes like
๐ If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
โ ๏ธ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
๐จOn-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
๐ Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
src Attributes Look for inputs that can be reflected in attributes like
src. Example vulnerable tags: html
<img src="OUR_INPUT_HERE">
<video width="400" height="200" controls src="OUR_INPUT_HERE">
<audio src="OUR_INPUT_HERE">
<iframe src="OUR_INPUT_HERE">
๐ If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
GET /settings.php?remove_account=1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
โ ๏ธ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
src, are properly validated and sanitized. 3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
GitHub
AllAboutBugBounty/On Site Request Forgery.md at master ยท daffainfo/AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc) - daffainfo/AllAboutBugBounty
๐8โค3๐ฅ1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐10โค4
โ Easily Identify SSRF on a Website Using a Single Command*
This approach leverages a combination of powerful tools:
- Findomain: Gathers all subdomains related to the target site.
- Httpx: Verifies the accessibility of these domains.
- Getallurls (gau): Extracts URLs from sources like AlienVault OTX, Wayback Machine, and Common Crawl.
- Qsreplace: Substitutes query string values in URLs with a user-specified value.
Steps:
1. Install the mentioned tools.
2. Run the following command:
Replace
This method streamlines the search for SSRF vulnerabilities effectively.
#bugbounty #web #ssrf #cybersecurity #bugbountytips
Credit: Aman Dara
This approach leverages a combination of powerful tools:
- Findomain: Gathers all subdomains related to the target site.
- Httpx: Verifies the accessibility of these domains.
- Getallurls (gau): Extracts URLs from sources like AlienVault OTX, Wayback Machine, and Common Crawl.
- Qsreplace: Substitutes query string values in URLs with a user-specified value.
Steps:
1. Install the mentioned tools.
2. Run the following command:
findomain -t DOMAIN -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace your.burpcollaborator.net
Replace
your.burpcollaborator.net with your server or Burp Collaborator address. This method streamlines the search for SSRF vulnerabilities effectively.
#bugbounty #web #ssrf #cybersecurity #bugbountytips
Credit: Aman Dara
๐10๐ฟ9๐คจ2โค1
๐จ403 Bypass list by @jhaddix Url Manipulation Methods Top 77 ways to bypass access control๐จ
๐10โค8
Please open Telegram to view this post
VIEW IN TELEGRAM
HackerOne
AWS Security Configuration Review and Best Practices | HackerOne
Learn the ins and outs of AWS security configuration testing and why community-driven PTaaS is the best method.
CVE-2025-0282, -0283: Two vulnerabilities in Ivanti Connect Secure, 7.0 - 9.0 rating ๐ฅ
Stack-based buffer overflow caused potential RCE and privilege escalation.
Search at Netlas.io:
๐ Link: https://nt.ls/WMQwN
๐ Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
Stack-based buffer overflow caused potential RCE and privilege escalation.
Search at Netlas.io:
๐ Link: https://nt.ls/WMQwN
๐ Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
๐4
Super Blind SQL Injection- $20000 bounty | Thousands of targets still vulnerableโ by priyanshu shakya https://medium.com/@pranshux0x/super-blind-sql-injection-20000-bounty-thousands-of-targets-still-vulnerable-f9b013765448
๐8๐ฅ5
๐ฅMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
โ https://github.com/robotshell/magicRecon
โ https://github.com/robotshell/magicRecon
๐5
โกGoogle Dorks - Cloud Storage: site:https://s3.amazonaws.com "target[.]com" site:https://blob.core.windows.net "target[.]com" site:https://googleapis.com "target[.]com" site:https://drive.google.com "target[.]com"
๐Find buckets and sensitive data.
Combine:
site:https://s3.amazonaws.com | site:https://blob.core.windows.net | site:https://googleapis.com | site:https://drive.google.com "target[.]com"
Add something to narrow the results: "confidentialโ โprivileged" โnot for public releaseโ
โ Credit- Mike Takahashi
๐Find buckets and sensitive data.
Combine:
site:https://s3.amazonaws.com | site:https://blob.core.windows.net | site:https://googleapis.com | site:https://drive.google.com "target[.]com"
Add something to narrow the results: "confidentialโ โprivileged" โnot for public releaseโ
โ Credit- Mike Takahashi
๐ฅ9๐7
This media is not supported in your browser
VIEW IN TELEGRAM
OffSec Train ๐๐
1๐ฟ19๐จโ๐ป4๐ณ2๐ฅ1