اگه روی API Gateway / BFF میکروسرویس ها ورودی کنترل نشه و هکر بتونه اونو دور بزنه همچین داستانی مثل Starbucks پیش میاد.
https://samcurry.net/hacking-starbucks/
#BugBounty
#DirTraversal
#Microservices
@web_priv8
https://samcurry.net/hacking-starbucks/
#BugBounty
#DirTraversal
#Microservices
@web_priv8
IDOR: Attack vectors, exploitation, bypasses and chains
https://www.notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
#IDOR
#Bypass
#BugBountyTip
@web_priv8
https://www.notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
#IDOR
#Bypass
#BugBountyTip
@web_priv8
rural-tune-378 on Notion
IDOR: Attack vectors, exploitation, bypasses and chains | Notion
API12019: Testing for IDOR/Broken object level authorization:
Hidden parameters discovery suite
command line version: https://github.com/Sh1Yo/x8
burp extention version: https://github.com/Impact-I/x8-Burp
#Tool
#Extension
#BurpSuite
@web_priv8
command line version: https://github.com/Sh1Yo/x8
burp extention version: https://github.com/Impact-I/x8-Burp
#Tool
#Extension
#BurpSuite
@web_priv8
GitHub
GitHub - Sh1Yo/x8: Hidden parameters discovery suite
Hidden parameters discovery suite. Contribute to Sh1Yo/x8 development by creating an account on GitHub.
when PHP parses parameters it uses the last duplicate value & ignores anything after nullbytes. So we can smuggle parameters to php even if front end api/server validates it. This let's us change unexploitable backend variables.
https://twitter.com/PaulosYibelo/status/1430972472942284806
#HPP
#PHP
#CTF
@web_priv8
https://twitter.com/PaulosYibelo/status/1430972472942284806
#HPP
#PHP
#CTF
@web_priv8
یه تکنیک ساده و کارآمد برای پیدا کردن Open Redirect و درصورت امکان XSS
https://twitter.com/NitinGavhane_/status/1385262184008065031
#XSS
#OpenRedirect
#BugBountyTip
@web_priv8
https://twitter.com/NitinGavhane_/status/1385262184008065031
#XSS
#OpenRedirect
#BugBountyTip
@web_priv8
👍1
اینجا ده نوع مختلف از آسیب پذیری های وب اپ هارو گفته و جدا از اینکه آسیب پذیری های به شدت جذابی هستن میشه گفت به نسبت آسیب پذیری های دیگه کمتر تست و کشف میشن، همین موضوع هم برای یه باگ هانتر باهوش کافیه :)
1. HTTP/2 Smuggling
2. XXE via Office Open XML Parsers
3. SSRF via XSS in PDF Generators
4. XSS via SVG Files
5. Blind XSS
6. Web Cache Deception
7. Web Cache Poisoning
8. h2c Smuggling
9. Second Order Subdomain Takeovers
10. postMessage bugs
https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/
@web_priv8
1. HTTP/2 Smuggling
2. XXE via Office Open XML Parsers
3. SSRF via XSS in PDF Generators
4. XSS via SVG Files
5. Blind XSS
6. Web Cache Deception
7. Web Cache Poisoning
8. h2c Smuggling
9. Second Order Subdomain Takeovers
10. postMessage bugs
https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/
@web_priv8
Labs Detectify
10 Types of Web Vulnerabilities that are Often Missed
Crowdsource hackers Hakluke and Farah Hawa share the top web vulnerabilities that are often missed during security testing. When hunting for bugs, especially on competitive bug bounty ...
Information Gathering & scanning for sensitive information
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#Recon
@web_priv8
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#Recon
@web_priv8
Medium
Information Gathering&scanning for sensitive information[ Reloaded ]
Testing Web-Application/Network , Information Gathering is important before we test for vulnerability on the target?
How to Bypass WAF. HackenProof Cheat Sheet
https://hacken.io/researches-and-investigations/how-to-bypass-waf-hackenproof-cheat-sheet/
#WAF
#Bypass
@web_priv8
https://hacken.io/researches-and-investigations/how-to-bypass-waf-hackenproof-cheat-sheet/
#WAF
#Bypass
@web_priv8
Hacken
How to Bypass WAF. HackenProof Cheat Sheet
What is WAF?
Web application firewall (WAF) is a set of monitors and filters designed to detect and block network attacks on a web application. WAFs refer to the application layer of the OSI model.
The web application firewall is used as a security tool.…
Web application firewall (WAF) is a set of monitors and filters designed to detect and block network attacks on a web application. WAFs refer to the application layer of the OSI model.
The web application firewall is used as a security tool.…
CSRF to account takeover(find hidden endpoint)
1. Login to account.
2. Go to account setting x.com/account.
3. Fuzzing x.com/account/FUZZ.
4. Hidden endpoint found for email and password editing x.com/account/edit.
5. CSRF.
https://twitter.com/r00t98/status/1451167449253089290
#CSRF
#BugBountyTip
@web_priv8
1. Login to account.
2. Go to account setting x.com/account.
3. Fuzzing x.com/account/FUZZ.
4. Hidden endpoint found for email and password editing x.com/account/edit.
5. CSRF.
https://twitter.com/r00t98/status/1451167449253089290
#CSRF
#BugBountyTip
@web_priv8
Recon Guide for Pentesters and Bug Bounty Hunters
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
#Recon
@web_priv8
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
#Recon
@web_priv8
Offensity
Just another Recon Guide for Pentesters and Bug Bounty Hunters | Offensity
Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities
Open redirect/SSRF payload generator
https://tools.intigriti.io/redirector/
#Bypass
#SSRF
#OpenRedirect
@web_priv8
https://tools.intigriti.io/redirector/
#Bypass
#SSRF
#OpenRedirect
@web_priv8
Bypass System Hardening RCE OOB
https://www.hahwul.com/2022/03/11/bypass-system-hardening-rce-oob/
#RCE
#OOB
#Bypass
@web_priv8
https://www.hahwul.com/2022/03/11/bypass-system-hardening-rce-oob/
#RCE
#OOB
#Bypass
@web_priv8
Generates combination of domain names from the provided input.
https://github.com/ProjectAnte/dnsgen
#Tool
#Recon
#Subdomain
@web_priv8
https://github.com/ProjectAnte/dnsgen
#Tool
#Recon
#Subdomain
@web_priv8
GitHub
GitHub - AlephNullSK/dnsgen: DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and…
DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discove...
Burpsuite Extension to bypass 403 restricted directory
https://github.com/sting8k/BurpSuite_403Bypasser
#Bypass
#Extension
#BurpSuite
@web_priv8
https://github.com/sting8k/BurpSuite_403Bypasser
#Bypass
#Extension
#BurpSuite
@web_priv8
GitHub
GitHub - sting8k/BurpSuite_403Bypasser: Burpsuite Extension to bypass 403 restricted directory
Burpsuite Extension to bypass 403 restricted directory - sting8k/BurpSuite_403Bypasser
👍1
ارائه James Kettle در Nullcon با موضوع آسیب پذیری هایی که باگ هانترا از دست میدن.
https://youtu.be/skbKjO8ahCI
@web_priv8
https://youtu.be/skbKjO8ahCI
@web_priv8
YouTube
Keynote Day 2 | Hunting Evasive Vulnerabilities: Finding Flaws That Others Miss by James Kettle
Abstract :
-----------------
Do you ever wonder about the vulnerabilities you've missed? Why didn't they show themselves - and will they be discovered by somebody else later?
Certain vulnerabilities have a knack for evading auditors. As we enter the age…
-----------------
Do you ever wonder about the vulnerabilities you've missed? Why didn't they show themselves - and will they be discovered by somebody else later?
Certain vulnerabilities have a knack for evading auditors. As we enter the age…
ارائه James Kettle در مورد حملات HTTP Request Smuggling با استفاده از مرورگر که ده روز پیش در 2022 BlackHat ارائه شد، کلیت باگ همونه با این تفاوت که تکنیک پویزن شدن سرور فرق میکنه.
https://portswigger.net/research/browser-powered-desync-attacks
#Smuggling
@web_priv8
https://portswigger.net/research/browser-powered-desync-attacks
#Smuggling
@web_priv8
PortSwigger Research
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib
حملاتی که روی Reverse Proxy ها میشه انجام داد.
https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
#ReverseProxy
@web_priv8
https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
#ReverseProxy
@web_priv8
Acunetix
A fresh look on reverse proxy related attacks | Acunetix
The goal of this research is to portray the bigger picture of potential attacks on a reverse proxy or the backend servers behind it. In the main part of the article, I will show some examples of vulnerable configurations and exploitation of attacks on various…
رسیدن به باگ های RCE و SQLi از طریق کانفیگ اشتباه Reverse Proxy.
https://infosecwriteups.com/how-i-made-25000-usd-in-bug-bounties-with-reverse-proxy-d29dba4570d7
#RCE
#SQLi
#ReverseProxy
@web_priv8
https://infosecwriteups.com/how-i-made-25000-usd-in-bug-bounties-with-reverse-proxy-d29dba4570d7
#RCE
#SQLi
#ReverseProxy
@web_priv8
Medium
How I made 25000 USD in bug bounties with reverse proxy
A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across…