اینجا ده نوع مختلف از آسیب پذیری های وب اپ هارو گفته و جدا از اینکه آسیب پذیری های به شدت جذابی هستن میشه گفت به نسبت آسیب پذیری های دیگه کمتر تست و کشف میشن، همین موضوع هم برای یه باگ هانتر باهوش کافیه :)
1. HTTP/2 Smuggling
2. XXE via Office Open XML Parsers
3. SSRF via XSS in PDF Generators
4. XSS via SVG Files
5. Blind XSS
6. Web Cache Deception
7. Web Cache Poisoning
8. h2c Smuggling
9. Second Order Subdomain Takeovers
10. postMessage bugs
https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/
@web_priv8
1. HTTP/2 Smuggling
2. XXE via Office Open XML Parsers
3. SSRF via XSS in PDF Generators
4. XSS via SVG Files
5. Blind XSS
6. Web Cache Deception
7. Web Cache Poisoning
8. h2c Smuggling
9. Second Order Subdomain Takeovers
10. postMessage bugs
https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/
@web_priv8
Labs Detectify
10 Types of Web Vulnerabilities that are Often Missed
Crowdsource hackers Hakluke and Farah Hawa share the top web vulnerabilities that are often missed during security testing. When hunting for bugs, especially on competitive bug bounty ...
Information Gathering & scanning for sensitive information
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#Recon
@web_priv8
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#Recon
@web_priv8
Medium
Information Gathering&scanning for sensitive information[ Reloaded ]
Testing Web-Application/Network , Information Gathering is important before we test for vulnerability on the target?
How to Bypass WAF. HackenProof Cheat Sheet
https://hacken.io/researches-and-investigations/how-to-bypass-waf-hackenproof-cheat-sheet/
#WAF
#Bypass
@web_priv8
https://hacken.io/researches-and-investigations/how-to-bypass-waf-hackenproof-cheat-sheet/
#WAF
#Bypass
@web_priv8
Hacken
How to Bypass WAF. HackenProof Cheat Sheet
What is WAF?
Web application firewall (WAF) is a set of monitors and filters designed to detect and block network attacks on a web application. WAFs refer to the application layer of the OSI model.
The web application firewall is used as a security tool.…
Web application firewall (WAF) is a set of monitors and filters designed to detect and block network attacks on a web application. WAFs refer to the application layer of the OSI model.
The web application firewall is used as a security tool.…
CSRF to account takeover(find hidden endpoint)
1. Login to account.
2. Go to account setting x.com/account.
3. Fuzzing x.com/account/FUZZ.
4. Hidden endpoint found for email and password editing x.com/account/edit.
5. CSRF.
https://twitter.com/r00t98/status/1451167449253089290
#CSRF
#BugBountyTip
@web_priv8
1. Login to account.
2. Go to account setting x.com/account.
3. Fuzzing x.com/account/FUZZ.
4. Hidden endpoint found for email and password editing x.com/account/edit.
5. CSRF.
https://twitter.com/r00t98/status/1451167449253089290
#CSRF
#BugBountyTip
@web_priv8
Recon Guide for Pentesters and Bug Bounty Hunters
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
#Recon
@web_priv8
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
#Recon
@web_priv8
Offensity
Just another Recon Guide for Pentesters and Bug Bounty Hunters | Offensity
Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities
Open redirect/SSRF payload generator
https://tools.intigriti.io/redirector/
#Bypass
#SSRF
#OpenRedirect
@web_priv8
https://tools.intigriti.io/redirector/
#Bypass
#SSRF
#OpenRedirect
@web_priv8
Bypass System Hardening RCE OOB
https://www.hahwul.com/2022/03/11/bypass-system-hardening-rce-oob/
#RCE
#OOB
#Bypass
@web_priv8
https://www.hahwul.com/2022/03/11/bypass-system-hardening-rce-oob/
#RCE
#OOB
#Bypass
@web_priv8
Generates combination of domain names from the provided input.
https://github.com/ProjectAnte/dnsgen
#Tool
#Recon
#Subdomain
@web_priv8
https://github.com/ProjectAnte/dnsgen
#Tool
#Recon
#Subdomain
@web_priv8
GitHub
GitHub - AlephNullSK/dnsgen: DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and…
DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discove...
Burpsuite Extension to bypass 403 restricted directory
https://github.com/sting8k/BurpSuite_403Bypasser
#Bypass
#Extension
#BurpSuite
@web_priv8
https://github.com/sting8k/BurpSuite_403Bypasser
#Bypass
#Extension
#BurpSuite
@web_priv8
GitHub
GitHub - sting8k/BurpSuite_403Bypasser: Burpsuite Extension to bypass 403 restricted directory
Burpsuite Extension to bypass 403 restricted directory - sting8k/BurpSuite_403Bypasser
👍1
ارائه James Kettle در Nullcon با موضوع آسیب پذیری هایی که باگ هانترا از دست میدن.
https://youtu.be/skbKjO8ahCI
@web_priv8
https://youtu.be/skbKjO8ahCI
@web_priv8
YouTube
Keynote Day 2 | Hunting Evasive Vulnerabilities: Finding Flaws That Others Miss by James Kettle
Abstract :
-----------------
Do you ever wonder about the vulnerabilities you've missed? Why didn't they show themselves - and will they be discovered by somebody else later?
Certain vulnerabilities have a knack for evading auditors. As we enter the age…
-----------------
Do you ever wonder about the vulnerabilities you've missed? Why didn't they show themselves - and will they be discovered by somebody else later?
Certain vulnerabilities have a knack for evading auditors. As we enter the age…
ارائه James Kettle در مورد حملات HTTP Request Smuggling با استفاده از مرورگر که ده روز پیش در 2022 BlackHat ارائه شد، کلیت باگ همونه با این تفاوت که تکنیک پویزن شدن سرور فرق میکنه.
https://portswigger.net/research/browser-powered-desync-attacks
#Smuggling
@web_priv8
https://portswigger.net/research/browser-powered-desync-attacks
#Smuggling
@web_priv8
PortSwigger Research
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib
حملاتی که روی Reverse Proxy ها میشه انجام داد.
https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
#ReverseProxy
@web_priv8
https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
#ReverseProxy
@web_priv8
Acunetix
A fresh look on reverse proxy related attacks | Acunetix
The goal of this research is to portray the bigger picture of potential attacks on a reverse proxy or the backend servers behind it. In the main part of the article, I will show some examples of vulnerable configurations and exploitation of attacks on various…
رسیدن به باگ های RCE و SQLi از طریق کانفیگ اشتباه Reverse Proxy.
https://infosecwriteups.com/how-i-made-25000-usd-in-bug-bounties-with-reverse-proxy-d29dba4570d7
#RCE
#SQLi
#ReverseProxy
@web_priv8
https://infosecwriteups.com/how-i-made-25000-usd-in-bug-bounties-with-reverse-proxy-d29dba4570d7
#RCE
#SQLi
#ReverseProxy
@web_priv8
Medium
How I made 25000 USD in bug bounties with reverse proxy
A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across…
code.jquery.com hacked :)
https://twitter.com/r00t98/status/1601195883152158721
رایتاپ این هک و آسیب پذیری به زودی
منتشر میشود...
@web_priv8
https://twitter.com/r00t98/status/1601195883152158721
رایتاپ این هک و آسیب پذیری به زودی
منتشر میشود...
@web_priv8
👍6👏1
Soon I will published my tool in github for detect http request smuggling vulnerability.
https://twitter.com/r00t98/status/1605330608372453376
#Tool
#Smuggling
#BugBounty
#BugBountyTip
@web_priv8
https://twitter.com/r00t98/status/1605330608372453376
#Tool
#Smuggling
#BugBounty
#BugBountyTip
@web_priv8
👍9🔥3👏3
Convert reflected XSS to DOM-based XSS to bypass length limit filter
https://www.sudokaikan.com/2019/03/convert-reflected-xss-to-dom-based-xss.html
This method also works for stored XSS.
#XSS
#Bypass
@web_priv8
https://www.sudokaikan.com/2019/03/convert-reflected-xss-to-dom-based-xss.html
This method also works for stored XSS.
#XSS
#Bypass
@web_priv8
🔥2👍1
Knocking on the Front Door (client side desync attack on Azure CDN)
https://blog.jeti.pw/posts/knocking-on-the-front-door/
یه محقق تونسته آسیب پذیری CSD روی CDN آژور مایکروسافت کشف کنه، حدود دو ماه پیش بود که خودم هم تونستم همچین چیزی ازش کشف کنم اما یکم متفاوت تر، 6k بانتی داد و اگه شد رایتاپش رو مینویسم بعدا.
#Smuggling
@web_priv8
https://blog.jeti.pw/posts/knocking-on-the-front-door/
یه محقق تونسته آسیب پذیری CSD روی CDN آژور مایکروسافت کشف کنه، حدود دو ماه پیش بود که خودم هم تونستم همچین چیزی ازش کشف کنم اما یکم متفاوت تر، 6k بانتی داد و اگه شد رایتاپش رو مینویسم بعدا.
#Smuggling
@web_priv8
Jeti's blog
Knocking on the Front Door (client side desync attack on Azure CDN)
A few months ago, I embarked on a security bug hunt within the scope of a private program available through the Intigriti platform. During this endeavor, I encountered an intriguing anomaly while analyzing the redirect from HTTP to HTTPS traffic on a particular…
👍4👏1