Bug Bounty - GitBook
前往频道在 Telegram
7 436
订阅者
-124 小时
+27 天
+16630 天
帖子存档
7 439
A company exposes an API for developers? This is not the same API which is used by mobile / web application. Always test them separately. Don't assume they implement the same security mechanisms.
#api
@GitBook_s
7 439
Mass Assignment is a real thing. Modern frameworks encourage developers to use MA without understanding the security implications. During exploitation, don't guess object's properties names, simply find a GET endpoint that returns all of them.
#api
@GitBook_s
7 439
Found SSRF? use it for:
Internal port scanning
Leverage cloud services(like 169.254.169.254)
Use http://webhook.site to reveal IP Address & HTTP Library
Download a very large file (Layer 7 DoS)
Reflective SSRF? disclose local mgmt consoles
@GitBook_s
7 439
Testing a Ruby on Rails App & noticed an HTTP parameter containing a URL? Developers sometimes use "Kernel#open" function to access URLs == Game Over. Just send a pipe as the first character and then a shell command (Command Injection by design)
Learn more about the open function: https://apidock.com/ruby/Kernel/open
#api
@GitBook_s
7 439
Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc.. Find and test all of them for AuthN problems.
#api
@GitBook
7 439
Older APIs versions tend to be more vulnerable and they lack security mechanisms. Leverage the predictable nature of REST APIs to find old versions. Saw a call to api/v3/login? Check if api/v1/login
exists as well. It might be more vulnerable.
#api
@GitBook
现已上线!2025 年 Telegram 研究 — 年度关键洞察 
