ch
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

前往频道在 Telegram
7 429
订阅者
+424 小时
+207
+16430
帖子存档
You can use XSStrike for reflected and DOM XSS scanning. 🔹 multi-threaded crawling 🔹 WAF detection & evasion 🔹 outdated JS lib scanning 🔹 blind XSS support 🔹 bruteforce payloads from a file #XSS https://github.com/s0md3v/XSStrike @GitBook_s

Cve and cwe in persian توضیح فارسی https://www.aparat.com/v/d015i58

CVE is a catalog of known software flaws, with each ID representing a specific vulnerability. CWE, on the other hand, is a ca
CVE is a catalog of known software flaws, with each ID representing a specific vulnerability. CWE, on the other hand, is a category system for software and hardware weaknesses that can lead to vulnerabilities.

قضیه منتفی شد

عزیزان دوست دارید تو پیام‌رسان ایتا کانال بزنیم

WAF Bypass Arsenal - Full-Width Unicode Symbols Cheatsheet for XSS, CRLF & WAF Bypass:https://wafbypass.berrry.app/

🎯What is CVSS and why is it important? 🔐CVSS, or Common Vulnerability Scoring System, is a global standard for scoring the severity of security vulnerabilities. When you find a vulnerability (for example, in a bug bounty or penetration test), you need to know how dangerous it is, what its impact is, and how quickly you need to react to it. That's where CVSS comes in! 🚨 --- 📊 How does it work? So CVSS gives each vulnerability a number between 0.0 and 10.0: * 🔵 0.0–3.9 = Low * 🟡 4.0–6.9 = Medium * 🟠 7.0–8.9 = High * 🔴 9.0–10.0 = Critical This score is calculated based on 3 main metrics: 1. Base Score – the basic nature of the vulnerability ✅ Access required (local, network) ✅ Complexity of the exploit ✅ Authentication required ✅ Impact on confidentiality, integrity, availability 2. Temporal Score – Changes over time 🕐 Is there a public exploit? 🛠 Has a fix been provided? 📉 How reliable is the technical report? 3. Environmental Score – Impact in the specific environment 🏢 How important is the vulnerability to the specific organization or system? 🔧 Are some factors in the environment recoverable? --- 🛠 What are its uses? ✅ Patch Management prioritization ✅ Bug severity determination in bug bounty programs ✅ Professional reporting to organizations ✅ Risk analysis in information security teams ✅ Documentation and CVE Tracking --- 🧮 Where to use it? 🔗 Official CVSS v3.1 Calculator (https://www.first.org/cvss/calculator/3.1) --- 🧑‍💻 In short? When you find a vulnerability, don't just say "it was dangerous", give it a number with CVSS, make it comparable and analyze it more professionally! 😎

CVSS V3 Cheat Sheet @GitBook_s
CVSS V3 Cheat Sheet @GitBook_s

#RaceCondition @GitBook_s
#RaceCondition @GitBook_s

Repost from Mr Soul
Hi world

Hi world

خوشحال میشم پیام بدید

Plz pv @inact_1
+1
Plz pv @inact_1

blind RCE payload + sleep 🤌
;if [  $( whoami | cut -c 1) = "d" ]; then sleep 10; fi

𝗛𝗔𝗖𝗞𝗧𝗥𝗜𝗖𝗞𝗦 •Generic Metodolohies & Resources •Generic Hacking •Linux Hardening •MacOS Hardening •Windows Hardening •Mobile Pentesting •Network Services Pentesting •Pentesting Web •Cloud Security •Hardware/Physical Access •Binary Exploitation •AI •Reversing & Exploiting •Crypto & Stego •TODO Link 🔗:- https://book.hacktricks.wiki/en/index.html @GitBook_s

https://pocorexp.nsa.im lists all CVEs and public exploit

https://pocorexp.nsa.im lists all CVEs and public exploit

چیز بدیه؟