Bug Bounty - GitBook
前往频道在 Telegram
7 426
订阅者
-324 小时
+207 天
+16130 天
帖子存档
7 425
Sometimes IDOR isn't just about changing 123 to 124
Try changing types.
If there’s an endpoint /api/reset_password that takes {"user_id": 123}
Try :
{"user_id": true}
{"user_id": []}
{"user_id": 0}
{"user_id": “123 “}
true might match the first record in the database which might be admin
http://GitBook_s.t.me
7 425
وحشتِ تنهایی از همصحبتِ بد خوشترست
سر به صحرا مینهم چون عاقلی پیدا شود
تخم در هر شورهزاری ریختن بیحاصل است
صبر دارم تا زمین قابلی پیدا شود
گوهر خود را مزن صائب به سنگ ناقصان
باش تا جوهرشناس کاملی پیدا شود
از غزلیات صائب - شماره ۲۶۶۰
7 425
7 425
8Best #firefox addons for #Hacking
-HackBar
-Cookies Manager+
-User-Agent Switcher
-Tamper Data
-FoxyProxy Standard
-Wappalyzer:
-HttpRequester
-RESTClient:
-Tampermonkey
-XSS Me
-SQL Inject Me
-iMacros
-FirePHP
7 425
🔗 Webhooks online
http://GitBook_s.t.me
A selection of useful services for testing HTTP requests
🔗webhook.link
🔗webhook.site
🔗 webhook-test.com
🔗 webhook.cool
🔗webhookrelay
Example:
curl -X POST https://gitbook-s.webhook.cool -H "Content-Type: application/json" -d '{"hello": "world", "is_true": true}'
#webhook #http #web
7 425
🔗 Webhooks online
A selection of useful services for testing HTTP requests
🔗webhook.link
🔗webhook.site
🔗 webhook-test.com
🔗 webhook.cool
🔗webhookrelay
Example:
curl -X POST https://gitbook-s.webhook.cool -H "Content-Type: application/json" -d '{"hello": "world", "is_true": true}'
@GitBook_s
#webhook #http #web
7 425
& DNS resources
More info here
https://blog.detectify.com/industry-insights/bypassing-cloudflare-waf-with-the-origin-server-ip-address/
#WAF
@GitBook_s
7 425
What is bug bounty methodology?
your unique approach to a target(step-by-step process).
GitBook_s
7 425
Hi guys
I have a question
Who knows the difference between brute force and spray ?
Answer in direct
现已上线!2025 年 Telegram 研究 — 年度关键洞察 
