Finding Hidden Parameter & Potential XSS with Arjun + KXSS
arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxssβ€13
JS Recon : WaybackURLs & HTTPX
waybackurls url | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} python lazyegg[.]py "{}" --js_urls --domains --ips > urls && cat urls | grep '\.' | sort -u | xargs -I{} httpx -silent -u {} -sc -title -td
π6β€3
PRO TIP TO DETECT CSTI
- in your proxy add a match and replace rule for some keywords to make changes in the response
- in your proxy add a match and replace rule for some keywords to make changes in the response
eg : TESTCSTI = {{7*9}}CVE-2024-8698: Privelege Escalation in Keycloak, 7.7 ratingβοΈ
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
π Link: https://nt.ls/LJfRK
π Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
π Link: https://nt.ls/LJfRK
π Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
β€1
β‘TOP 100 Vulnerabilities Step-by-Step Guide Handbook
https://github.com/Zorono/Learning-PDFs/blob/main/TOP%20100%20Vulnerabilities%20Step-by-Step%20Guide%20Handbook.pdf
https://github.com/Zorono/Learning-PDFs/blob/main/TOP%20100%20Vulnerabilities%20Step-by-Step%20Guide%20Handbook.pdf
GitHub
Learning-PDFs/TOP 100 Vulnerabilities Step-by-Step Guide Handbook.pdf at main Β· Zorono/Learning-PDFs
Contribute to Zorono/Learning-PDFs development by creating an account on GitHub.
β€12π³1πΏ1
CVE-2024-47062: SQL Injection and Auth Bypass in Navidrome Music Server, 9.4 rating π₯
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
π Link: https://nt.ls/N9Jj8
π Dork: http.description:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
π Link: https://nt.ls/N9Jj8
π Dork: http.description:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
π4
β‘οΈGoogle Dorks - Vulnerable Parameters β‘οΈ
βοΈXSS prone parameters:
inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example[.]com
βοΈOpen Redirect prone parameters
inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example[.]com
βοΈSQLi Prone Parameters
inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example[.]com
βοΈSSRF Prone Parameters
inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example[.]com
βοΈLFI Prone Parameters
inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example[.]com
βοΈRCE Prone Parameters
inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example[.]com
π Credit- Mike Takashi
βοΈXSS prone parameters:
inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example[.]com
βοΈOpen Redirect prone parameters
inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example[.]com
βοΈSQLi Prone Parameters
inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example[.]com
βοΈSSRF Prone Parameters
inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example[.]com
βοΈLFI Prone Parameters
inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example[.]com
βοΈRCE Prone Parameters
inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example[.]com
π Credit- Mike Takashi
π13β€4π₯4
Media is too big
VIEW IN TELEGRAM
πHacking Kia: Remotely Controlling Cars With Just a License PlateNew writeup from Specters and Sam Curry: They were finally allowed to disclose a vulnerability reported to Kia that could have allowed an attacker to remotely control nearly all vehicles made after 2013, using only the license plate.
Full Blog: https://samcurry.net/hacking-kia
Full Blog: https://samcurry.net/hacking-kia
π3β€2
https://leak.sx
https://scylla.sh
https://intelx.io
https://4iq.com
https://leaked.site
https://hashes.org
https://leakcheck.io
https://vigilante.pw
https://leakcheck.net
https://weleakinfo.to
https://leakcorp.com
https://leakpeek.com
https://rslookup.com
https://snusbase.com
https://ghostproject.fr
https://leakedsource.ru
https://leak-lookup.com
https://nuclearleaks.com
https://private-base.info
https://haveibeensold.app
https://breachchecker.com
https://dehashed.com
https://scatteredsecrets.com
https://haveibeenpwned.com
https://haveibeenpwned.com
https://services.normshield.com
https://joe.black/leakengine.html
Please open Telegram to view this post
VIEW IN TELEGRAM
leak.sx
Leak.sx | Homepage | best source for hacking tools.
Leak.sx - The best leaked accounts website, Homepage, free combo tool, ai image generator, roblox free roblox accounts, free membership for netflix,Minecraft account generator.
π7β€4π₯3
Methods that no one tells u to find origin ip addresses!!!???
https://forums.cybershieldctf.com/search.php?action=results&sid=3e360b4b477968060184d73068b9f841
#bugbounty #bugbountytips
https://forums.cybershieldctf.com/search.php?action=results&sid=3e360b4b477968060184d73068b9f841
#bugbounty #bugbountytips
β€4π1π₯1
Brut Security
Methods that no one tells u to find origin ip addresses!!!??? https://forums.cybershieldctf.com/search.php?action=results&sid=3e360b4b477968060184d73068b9f841 #bugbounty #bugbountytips
Usually CI CD integrations are not protected by wafs and reverse proxies, so if you find any small organization's gitlab, jenkin instance etc you'll often find configurations files (from wayback machine, previous commit too +a lot of ways) , they often leak some ip addresses
π₯3β€2π1
β‘ ffufai is an AI-powered wrapper for the popular web fuzzer ffuf. It automatically suggests file extensions for fuzzing based on the target URL and its headers, using either OpenAI's GPT or Claude AI models.
πhttps://github.com/jthack/ffufai
πhttps://github.com/jthack/ffufai
π9
Authorization bypass due to cache misconfiguration???
https://forums.cybershieldctf.com/search.php?action=getnew
#bugbounty #bugbountytips
https://forums.cybershieldctf.com/search.php?action=getnew
#bugbounty #bugbountytips