Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty
https://infosecwriteups.com/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a
#XSSI
#JSONP
#BugBounty
#BugBountyTip
@web_priv8
https://infosecwriteups.com/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a
#XSSI
#JSONP
#BugBounty
#BugBountyTip
@web_priv8
Full Local File Read via Error Based XXE using XLIFF File
https://pwn.vg/articles/2021-06/local-file-read-via-error-based-xxe
#XXE
@web_priv8
https://pwn.vg/articles/2021-06/local-file-read-via-error-based-xxe
#XXE
@web_priv8
How Gopher works in escalating SSRFs
https://infosecwriteups.com/how-gopher-works-in-escalating-ssrfs-ce6e5459b630
#SSRF
@web_priv8
https://infosecwriteups.com/how-gopher-works-in-escalating-ssrfs-ce6e5459b630
#SSRF
@web_priv8
اگه روی API Gateway / BFF میکروسرویس ها ورودی کنترل نشه و هکر بتونه اونو دور بزنه همچین داستانی مثل Starbucks پیش میاد.
https://samcurry.net/hacking-starbucks/
#BugBounty
#DirTraversal
#Microservices
@web_priv8
https://samcurry.net/hacking-starbucks/
#BugBounty
#DirTraversal
#Microservices
@web_priv8
IDOR: Attack vectors, exploitation, bypasses and chains
https://www.notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
#IDOR
#Bypass
#BugBountyTip
@web_priv8
https://www.notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
#IDOR
#Bypass
#BugBountyTip
@web_priv8
rural-tune-378 on Notion
IDOR: Attack vectors, exploitation, bypasses and chains | Notion
API12019: Testing for IDOR/Broken object level authorization:
Hidden parameters discovery suite
command line version: https://github.com/Sh1Yo/x8
burp extention version: https://github.com/Impact-I/x8-Burp
#Tool
#Extension
#BurpSuite
@web_priv8
command line version: https://github.com/Sh1Yo/x8
burp extention version: https://github.com/Impact-I/x8-Burp
#Tool
#Extension
#BurpSuite
@web_priv8
GitHub
GitHub - Sh1Yo/x8: Hidden parameters discovery suite
Hidden parameters discovery suite. Contribute to Sh1Yo/x8 development by creating an account on GitHub.
when PHP parses parameters it uses the last duplicate value & ignores anything after nullbytes. So we can smuggle parameters to php even if front end api/server validates it. This let's us change unexploitable backend variables.
https://twitter.com/PaulosYibelo/status/1430972472942284806
#HPP
#PHP
#CTF
@web_priv8
https://twitter.com/PaulosYibelo/status/1430972472942284806
#HPP
#PHP
#CTF
@web_priv8
یه تکنیک ساده و کارآمد برای پیدا کردن Open Redirect و درصورت امکان XSS
https://twitter.com/NitinGavhane_/status/1385262184008065031
#XSS
#OpenRedirect
#BugBountyTip
@web_priv8
https://twitter.com/NitinGavhane_/status/1385262184008065031
#XSS
#OpenRedirect
#BugBountyTip
@web_priv8
👍1
اینجا ده نوع مختلف از آسیب پذیری های وب اپ هارو گفته و جدا از اینکه آسیب پذیری های به شدت جذابی هستن میشه گفت به نسبت آسیب پذیری های دیگه کمتر تست و کشف میشن، همین موضوع هم برای یه باگ هانتر باهوش کافیه :)
1. HTTP/2 Smuggling
2. XXE via Office Open XML Parsers
3. SSRF via XSS in PDF Generators
4. XSS via SVG Files
5. Blind XSS
6. Web Cache Deception
7. Web Cache Poisoning
8. h2c Smuggling
9. Second Order Subdomain Takeovers
10. postMessage bugs
https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/
@web_priv8
1. HTTP/2 Smuggling
2. XXE via Office Open XML Parsers
3. SSRF via XSS in PDF Generators
4. XSS via SVG Files
5. Blind XSS
6. Web Cache Deception
7. Web Cache Poisoning
8. h2c Smuggling
9. Second Order Subdomain Takeovers
10. postMessage bugs
https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/
@web_priv8
Labs Detectify
10 Types of Web Vulnerabilities that are Often Missed
Crowdsource hackers Hakluke and Farah Hawa share the top web vulnerabilities that are often missed during security testing. When hunting for bugs, especially on competitive bug bounty ...
Information Gathering & scanning for sensitive information
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#Recon
@web_priv8
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#Recon
@web_priv8
Medium
Information Gathering&scanning for sensitive information[ Reloaded ]
Testing Web-Application/Network , Information Gathering is important before we test for vulnerability on the target?
How to Bypass WAF. HackenProof Cheat Sheet
https://hacken.io/researches-and-investigations/how-to-bypass-waf-hackenproof-cheat-sheet/
#WAF
#Bypass
@web_priv8
https://hacken.io/researches-and-investigations/how-to-bypass-waf-hackenproof-cheat-sheet/
#WAF
#Bypass
@web_priv8
Hacken
How to Bypass WAF. HackenProof Cheat Sheet
What is WAF?
Web application firewall (WAF) is a set of monitors and filters designed to detect and block network attacks on a web application. WAFs refer to the application layer of the OSI model.
The web application firewall is used as a security tool.…
Web application firewall (WAF) is a set of monitors and filters designed to detect and block network attacks on a web application. WAFs refer to the application layer of the OSI model.
The web application firewall is used as a security tool.…
CSRF to account takeover(find hidden endpoint)
1. Login to account.
2. Go to account setting x.com/account.
3. Fuzzing x.com/account/FUZZ.
4. Hidden endpoint found for email and password editing x.com/account/edit.
5. CSRF.
https://twitter.com/r00t98/status/1451167449253089290
#CSRF
#BugBountyTip
@web_priv8
1. Login to account.
2. Go to account setting x.com/account.
3. Fuzzing x.com/account/FUZZ.
4. Hidden endpoint found for email and password editing x.com/account/edit.
5. CSRF.
https://twitter.com/r00t98/status/1451167449253089290
#CSRF
#BugBountyTip
@web_priv8
Recon Guide for Pentesters and Bug Bounty Hunters
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
#Recon
@web_priv8
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
#Recon
@web_priv8
Offensity
Just another Recon Guide for Pentesters and Bug Bounty Hunters | Offensity
Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities
Open redirect/SSRF payload generator
https://tools.intigriti.io/redirector/
#Bypass
#SSRF
#OpenRedirect
@web_priv8
https://tools.intigriti.io/redirector/
#Bypass
#SSRF
#OpenRedirect
@web_priv8
Bypass System Hardening RCE OOB
https://www.hahwul.com/2022/03/11/bypass-system-hardening-rce-oob/
#RCE
#OOB
#Bypass
@web_priv8
https://www.hahwul.com/2022/03/11/bypass-system-hardening-rce-oob/
#RCE
#OOB
#Bypass
@web_priv8
Generates combination of domain names from the provided input.
https://github.com/ProjectAnte/dnsgen
#Tool
#Recon
#Subdomain
@web_priv8
https://github.com/ProjectAnte/dnsgen
#Tool
#Recon
#Subdomain
@web_priv8
GitHub
GitHub - AlephNullSK/dnsgen: DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and…
DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discove...
Burpsuite Extension to bypass 403 restricted directory
https://github.com/sting8k/BurpSuite_403Bypasser
#Bypass
#Extension
#BurpSuite
@web_priv8
https://github.com/sting8k/BurpSuite_403Bypasser
#Bypass
#Extension
#BurpSuite
@web_priv8
GitHub
GitHub - sting8k/BurpSuite_403Bypasser: Burpsuite Extension to bypass 403 restricted directory
Burpsuite Extension to bypass 403 restricted directory - sting8k/BurpSuite_403Bypasser
👍1
ارائه James Kettle در Nullcon با موضوع آسیب پذیری هایی که باگ هانترا از دست میدن.
https://youtu.be/skbKjO8ahCI
@web_priv8
https://youtu.be/skbKjO8ahCI
@web_priv8
YouTube
Keynote Day 2 | Hunting Evasive Vulnerabilities: Finding Flaws That Others Miss by James Kettle
Abstract :
-----------------
Do you ever wonder about the vulnerabilities you've missed? Why didn't they show themselves - and will they be discovered by somebody else later?
Certain vulnerabilities have a knack for evading auditors. As we enter the age…
-----------------
Do you ever wonder about the vulnerabilities you've missed? Why didn't they show themselves - and will they be discovered by somebody else later?
Certain vulnerabilities have a knack for evading auditors. As we enter the age…