HTTP Parameter Pollution - It’s Contaminated
https://medium.com/@shahjerry33/http-parameter-pollution-its-contaminated-85edc0805654
#HPP
#ATO
#BugBounty
@web_priv8
https://medium.com/@shahjerry33/http-parameter-pollution-its-contaminated-85edc0805654
#HPP
#ATO
#BugBounty
@web_priv8
Medium
HTTP Parameter Pollution - It’s Contaminated
Summary :
Forwarded from امنیت اطلاعات
ابزار اتوماتیک اکسپلویت کننده آسیب پذیریهای ثبت شده در weblogic
https://github.com/0xn0ne/weblogicScanner
#weblogic #rce #exploit
@sec_nerd
https://github.com/0xn0ne/weblogicScanner
#weblogic #rce #exploit
@sec_nerd
GitHub
GitHub - 0xn0ne/weblogicScanner: weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017…
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32...
Forwarded from digMeMore (r00t98)
توی این رایتاپ باهم میبینیم که چطور آسیب پذیری های مختلف باهم ترکیب شدن که در نهایت باعث تصاحب حساب کاربری شده، پیشنهاد میکنم بخونید نکات خوبی داره.
https://medium.com/@valeriyshevchenko/from-crlf-to-account-takeover-a94d7aa0d74e
#ATO
#XSS
#CORS
#CSRF
#CRLFI
#BugBounty
@digmemore
https://medium.com/@valeriyshevchenko/from-crlf-to-account-takeover-a94d7aa0d74e
#ATO
#XSS
#CORS
#CSRF
#CRLFI
#BugBounty
@digmemore
Forwarded from امنیت اطلاعات
Mysql waf bypasses to cash on SQL-Injection bugs
1. select '\f\l\a\g'='flag'; // This is true
2. All are same
* select 'abcd';
* select 0x61626364;
* select 0b01100001011000100110001101100100;
3. select 'admin' = 'àdmin'; // is true if utf8 is allowed
#bugbounty
#sqli
@sec_nerd
1. select '\f\l\a\g'='flag'; // This is true
2. All are same
* select 'abcd';
* select 0x61626364;
* select 0b01100001011000100110001101100100;
3. select 'admin' = 'àdmin'; // is true if utf8 is allowed
#bugbounty
#sqli
@sec_nerd
Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION
https://blog.securitybreached.org/2017/11/04/access-localhost-via-virtual-host-virtual-host-enumeration/
#Vhost
#BugBounty
#BugBountyTip
@web_priv8
https://blog.securitybreached.org/2017/11/04/access-localhost-via-virtual-host-virtual-host-enumeration/
#Vhost
#BugBounty
#BugBountyTip
@web_priv8
Security Breached Blog
Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION
The Blog post is about what are Virtual Host, how U can Enumerate them and get access to the vulnerable system, including POC of resent BugBounty Report.
Bug Bounty Tips #1
https://www.infosecmatter.com/bug-bounty-tips-1/
Bug Bounty Tips #2
https://www.infosecmatter.com/bug-bounty-tips-2-jun-30/
Bug Bounty Tips #3
https://www.infosecmatter.com/bug-bounty-tips-3-jul-21/
Bug Bounty Tips #4
https://www.infosecmatter.com/bug-bounty-tips-4-aug-03/
#BugBounty
#BugBountyTip
@web_priv8
https://www.infosecmatter.com/bug-bounty-tips-1/
Bug Bounty Tips #2
https://www.infosecmatter.com/bug-bounty-tips-2-jun-30/
Bug Bounty Tips #3
https://www.infosecmatter.com/bug-bounty-tips-3-jul-21/
Bug Bounty Tips #4
https://www.infosecmatter.com/bug-bounty-tips-4-aug-03/
#BugBounty
#BugBountyTip
@web_priv8
InfosecMatter
Bug Bounty Tips #1 - InfosecMatter
Heartbleed vulnerability, Use grep to extract URLs, Extract information from APK, Extract zip file remotely, Top 25 open redirect dorks, JWT token bypass, Finding subdomains, Curl + parallels one-liner, Simple XSS check, Filter out noise from Burp Suite
Black Hat USA: Your guide to the top web hacking sessions in 2020
https://portswigger.net/daily-swig/amp/black-hat-usa-your-guide-to-the-top-web-hacking-sessions-in-2020
#Blackhat
@web_priv8
https://portswigger.net/daily-swig/amp/black-hat-usa-your-guide-to-the-top-web-hacking-sessions-in-2020
#Blackhat
@web_priv8
Steal input DATA’s with CSS File injection
https://link.medium.com/6wGNHfL0F8
#CSSI
#BugBounty
#BugBountyTip
@web_priv8
https://link.medium.com/6wGNHfL0F8
#CSSI
#BugBounty
#BugBountyTip
@web_priv8
How I was Able To bypass CloudFlare WAF
https://link.medium.com/HZR2xGPHH8
#CDN
#WAF
#Bypass
#CloudFlare
#BugBounty
@web_priv8
https://link.medium.com/HZR2xGPHH8
#CDN
#WAF
#Bypass
#CloudFlare
#BugBounty
@web_priv8