Bug Bounty - GitBook
الذهاب إلى القناة على Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
إظهار المزيد7 436
المشتركون
-124 ساعات
+27 أيام
+16630 أيام
أرشيف المشاركات
7 439
A company exposes an API for developers? This is not the same API which is used by mobile / web application. Always test them separately. Don't assume they implement the same security mechanisms.
#api
@GitBook_s
7 439
Mass Assignment is a real thing. Modern frameworks encourage developers to use MA without understanding the security implications. During exploitation, don't guess object's properties names, simply find a GET endpoint that returns all of them.
#api
@GitBook_s
7 439
Found SSRF? use it for:
Internal port scanning
Leverage cloud services(like 169.254.169.254)
Use http://webhook.site to reveal IP Address & HTTP Library
Download a very large file (Layer 7 DoS)
Reflective SSRF? disclose local mgmt consoles
@GitBook_s
7 439
Testing a Ruby on Rails App & noticed an HTTP parameter containing a URL? Developers sometimes use "Kernel#open" function to access URLs == Game Over. Just send a pipe as the first character and then a shell command (Command Injection by design)
Learn more about the open function: https://apidock.com/ruby/Kernel/open
#api
@GitBook_s
7 439
Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc.. Find and test all of them for AuthN problems.
#api
@GitBook
7 439
Older APIs versions tend to be more vulnerable and they lack security mechanisms. Leverage the predictable nature of REST APIs to find old versions. Saw a call to api/v3/login? Check if api/v1/login
exists as well. It might be more vulnerable.
#api
@GitBook
متاح الآن! بحث تيليغرام 2025 — أهم رؤى العام 
