How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access
https://notifybugme.medium.com/how-github-recon-help-me-to-find-nine-full-ssrf-vulnerability-with-aws-metadata-access-531d931413a5
#SSRF
#Recon
#Github
#BugBounty
@web_priv8
https://notifybugme.medium.com/how-github-recon-help-me-to-find-nine-full-ssrf-vulnerability-with-aws-metadata-access-531d931413a5
#SSRF
#Recon
#Github
#BugBounty
@web_priv8
Medium
How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access
Hi, everyone
Backdoor of All Flickr API Calls by XSSI
https://ngailong.wordpress.com/2017/08/11/open-door-to-all-flickr-api-calls-by-xssi/
#XSSI
#JSONP
#BugBounty
@web_priv8
https://ngailong.wordpress.com/2017/08/11/open-door-to-all-flickr-api-calls-by-xssi/
#XSSI
#JSONP
#BugBounty
@web_priv8
Ron Chan
Backdoor of All Flickr API Calls by XSSI
After reporting the Flickr ATO fix bypass, I left Flickr for a few days and go hunt after Uber. I keep changing the target from time to time when I get bored of the target. When I get back to Flick…
Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty
https://infosecwriteups.com/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a
#XSSI
#JSONP
#BugBounty
#BugBountyTip
@web_priv8
https://infosecwriteups.com/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a
#XSSI
#JSONP
#BugBounty
#BugBountyTip
@web_priv8
Full Local File Read via Error Based XXE using XLIFF File
https://pwn.vg/articles/2021-06/local-file-read-via-error-based-xxe
#XXE
@web_priv8
https://pwn.vg/articles/2021-06/local-file-read-via-error-based-xxe
#XXE
@web_priv8
How Gopher works in escalating SSRFs
https://infosecwriteups.com/how-gopher-works-in-escalating-ssrfs-ce6e5459b630
#SSRF
@web_priv8
https://infosecwriteups.com/how-gopher-works-in-escalating-ssrfs-ce6e5459b630
#SSRF
@web_priv8
اگه روی API Gateway / BFF میکروسرویس ها ورودی کنترل نشه و هکر بتونه اونو دور بزنه همچین داستانی مثل Starbucks پیش میاد.
https://samcurry.net/hacking-starbucks/
#BugBounty
#DirTraversal
#Microservices
@web_priv8
https://samcurry.net/hacking-starbucks/
#BugBounty
#DirTraversal
#Microservices
@web_priv8
IDOR: Attack vectors, exploitation, bypasses and chains
https://www.notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
#IDOR
#Bypass
#BugBountyTip
@web_priv8
https://www.notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
#IDOR
#Bypass
#BugBountyTip
@web_priv8
rural-tune-378 on Notion
IDOR: Attack vectors, exploitation, bypasses and chains | Notion
API12019: Testing for IDOR/Broken object level authorization:
Hidden parameters discovery suite
command line version: https://github.com/Sh1Yo/x8
burp extention version: https://github.com/Impact-I/x8-Burp
#Tool
#Extension
#BurpSuite
@web_priv8
command line version: https://github.com/Sh1Yo/x8
burp extention version: https://github.com/Impact-I/x8-Burp
#Tool
#Extension
#BurpSuite
@web_priv8
GitHub
GitHub - Sh1Yo/x8: Hidden parameters discovery suite
Hidden parameters discovery suite. Contribute to Sh1Yo/x8 development by creating an account on GitHub.
when PHP parses parameters it uses the last duplicate value & ignores anything after nullbytes. So we can smuggle parameters to php even if front end api/server validates it. This let's us change unexploitable backend variables.
https://twitter.com/PaulosYibelo/status/1430972472942284806
#HPP
#PHP
#CTF
@web_priv8
https://twitter.com/PaulosYibelo/status/1430972472942284806
#HPP
#PHP
#CTF
@web_priv8
یه تکنیک ساده و کارآمد برای پیدا کردن Open Redirect و درصورت امکان XSS
https://twitter.com/NitinGavhane_/status/1385262184008065031
#XSS
#OpenRedirect
#BugBountyTip
@web_priv8
https://twitter.com/NitinGavhane_/status/1385262184008065031
#XSS
#OpenRedirect
#BugBountyTip
@web_priv8
👍1
اینجا ده نوع مختلف از آسیب پذیری های وب اپ هارو گفته و جدا از اینکه آسیب پذیری های به شدت جذابی هستن میشه گفت به نسبت آسیب پذیری های دیگه کمتر تست و کشف میشن، همین موضوع هم برای یه باگ هانتر باهوش کافیه :)
1. HTTP/2 Smuggling
2. XXE via Office Open XML Parsers
3. SSRF via XSS in PDF Generators
4. XSS via SVG Files
5. Blind XSS
6. Web Cache Deception
7. Web Cache Poisoning
8. h2c Smuggling
9. Second Order Subdomain Takeovers
10. postMessage bugs
https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/
@web_priv8
1. HTTP/2 Smuggling
2. XXE via Office Open XML Parsers
3. SSRF via XSS in PDF Generators
4. XSS via SVG Files
5. Blind XSS
6. Web Cache Deception
7. Web Cache Poisoning
8. h2c Smuggling
9. Second Order Subdomain Takeovers
10. postMessage bugs
https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/
@web_priv8
Labs Detectify
10 Types of Web Vulnerabilities that are Often Missed
Crowdsource hackers Hakluke and Farah Hawa share the top web vulnerabilities that are often missed during security testing. When hunting for bugs, especially on competitive bug bounty ...
Information Gathering & scanning for sensitive information
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#Recon
@web_priv8
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#Recon
@web_priv8
Medium
Information Gathering&scanning for sensitive information[ Reloaded ]
Testing Web-Application/Network , Information Gathering is important before we test for vulnerability on the target?
How to Bypass WAF. HackenProof Cheat Sheet
https://hacken.io/researches-and-investigations/how-to-bypass-waf-hackenproof-cheat-sheet/
#WAF
#Bypass
@web_priv8
https://hacken.io/researches-and-investigations/how-to-bypass-waf-hackenproof-cheat-sheet/
#WAF
#Bypass
@web_priv8
Hacken
How to Bypass WAF. HackenProof Cheat Sheet
What is WAF?
Web application firewall (WAF) is a set of monitors and filters designed to detect and block network attacks on a web application. WAFs refer to the application layer of the OSI model.
The web application firewall is used as a security tool.…
Web application firewall (WAF) is a set of monitors and filters designed to detect and block network attacks on a web application. WAFs refer to the application layer of the OSI model.
The web application firewall is used as a security tool.…
CSRF to account takeover(find hidden endpoint)
1. Login to account.
2. Go to account setting x.com/account.
3. Fuzzing x.com/account/FUZZ.
4. Hidden endpoint found for email and password editing x.com/account/edit.
5. CSRF.
https://twitter.com/r00t98/status/1451167449253089290
#CSRF
#BugBountyTip
@web_priv8
1. Login to account.
2. Go to account setting x.com/account.
3. Fuzzing x.com/account/FUZZ.
4. Hidden endpoint found for email and password editing x.com/account/edit.
5. CSRF.
https://twitter.com/r00t98/status/1451167449253089290
#CSRF
#BugBountyTip
@web_priv8
Recon Guide for Pentesters and Bug Bounty Hunters
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
#Recon
@web_priv8
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
#Recon
@web_priv8
Offensity
Just another Recon Guide for Pentesters and Bug Bounty Hunters | Offensity
Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities
Open redirect/SSRF payload generator
https://tools.intigriti.io/redirector/
#Bypass
#SSRF
#OpenRedirect
@web_priv8
https://tools.intigriti.io/redirector/
#Bypass
#SSRF
#OpenRedirect
@web_priv8
Bypass System Hardening RCE OOB
https://www.hahwul.com/2022/03/11/bypass-system-hardening-rce-oob/
#RCE
#OOB
#Bypass
@web_priv8
https://www.hahwul.com/2022/03/11/bypass-system-hardening-rce-oob/
#RCE
#OOB
#Bypass
@web_priv8