Web_Priv8
@web_priv8
765 subscribers
405 photos
24 videos
45 files
588 links
Sina Doosti @r00t98
Web Security Researcher, Bug Hunter
https://twitter.com/r00t98

Amir Hasanvand @al9n3_wolf
Web Security Researcher, Bug Hunter
https://twitter.com/al9n3_wolf
Download Telegram
About
Blog
Apps
Platform
Join
Web_Priv8
765 subscribers
Web_Priv8
Forwarded from ناویا، ماشین کاوش اپلای
چرا فایروال‌های تحت وب دور می‌خورند و عموما بدردنخورند؟ مورد ۴۵۶۷ام.

اضافه‌شدن یک کاراکتر (0x0A) به پیلود حمله، بعنوان یک بلوک از داده‌های بی‌مصرف (Padding)، فایروال رو جوری گمراه می‌کنه که اون بلوک (که در اینجا یک کاراکتر هست) رو حذف کنه و بقیه پیلود (که مخرب هست) رو نادیده بگیره. این موردی از کلودفلیر بود.
@offsecmag
1.02K viewsr00t98
Web_Priv8
#SSRF
#Bypass
#BugBountyTip

@web_priv8
1.18K viewsr00t98, edited  
Web_Priv8
#CSRF
#SameSite

@web_priv8
👎1
815 viewsr00t98
Web_Priv8
https://gosecure.github.io/xxe-workshop/

#XXE

@web_priv8
974 viewsr00t98, edited  
Web_Priv8
Advance JSON Post Exploitation

https://0xveera.medium.com/advance-json-post-exploitation-cors-csrf-broken-access-control-c18841b98a50

#CSRF
#CORS
#JSON

@web_priv8
1.14K viewsr00t98, edited  
Web_Priv8
OWASP TimeGap Theory Handbook

مقاله ای فوق العاده عالی در خصوص آسیب پذیری race condition همراه با مثال و اکسپلویت.

#RC
#Book

@web_priv8
1.19K viewsr00t98, edited  
Web_Priv8
OWASP TimeGap Theory Handbook.pdf
13.2 MB
@web_priv8
1.45K viewsr00t98, edited  
Web_Priv8
File Upload Checklist

#Upload
#BugBountyTip

@web_priv8
1.6K viewsr00t98, edited  
Web_Priv8
A Glossary of Blind SSRF Chains

https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/

#SSRF
#Blind
#BugBountyTip

@web_priv8
Assetnote
A Glossary of Blind SSRF Chains
Application security issues found by Assetnote
1.26K viewsr00t98
Web_Priv8
Subdomain Takeover in Azure: making a PoC

https://godiego.tech/posts/STO/

#Azure
#SubdomainTakeover

@web_priv8
843 viewsr00t98
Web_Priv8
How To Find XXE Bugs

https://www.bugcrowd.com/blog/how-to-find-xxe-bugs/

#XXE

@web_priv8
739 viewsr00t98, edited  
Web_Priv8
Scope Based Recon Methodology: Exploring Tactics for Smart Recon

https://blog.cobalt.io/scope-based-recon-smart-recon-tactics-7e72d590eae5

#Recon
#BugBounty

@web_priv8
1.04K viewsr00t98
Web_Priv8
Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough

https://galnagli.com/Cache_Poisoning/

#WCP
#BugBounty

@web_priv8
715 viewsr00t98
Web_Priv8
Mass Assignment vulnerability and prevention

https://itzone.com.vn/en/article/mass-assignment-vulnerability-and-prevention/

#MassAssignment
#BugBountyTip

@web_priv8
933 viewsr00t98
Web_Priv8
Bug Bounty Playbook v1

#Book
#BugBounty

@web_priv8
733 viewsr00t98, edited  
Web_Priv8
Bug Bounty Playbook v1.pdf
9.8 MB
@web_priv8
802 viewsr00t98, edited  
Web_Priv8
Bug Bounty Playbook v2

#Book
#BugBounty

@web_priv8
806 viewsr00t98, edited  
Web_Priv8
Bug Bounty Playbook v2.pdf
28.9 MB
@web_priv8
893 viewsr00t98, edited