en
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

Open in Telegram
7 461
Subscribers
+424 hours
+357 days
+17030 days
Posts Archive
Cookie Based Authentication Vulnerabilities-tg@gitbook_s.pdf0.37 KB

Quickest way to find Open S3/GCP/Azure Buckets gau target.com | grep -E "s3.amazonaws.com|storage.googleapis.com|blob.core.windows.net" Scrape JS/URLs and grep for exposed cloud storage links. Many P1 bugs hide here @GitBook_s

Use subfinder + dnsx to detect potential subdomain takeover candidates with unresolvable records (NXDOMAIN). subfinder -d target.com -silent | dnsx -a -resp | grep -i "NXDOMAIN" @GitBook_s

@GitBook_s/SSO — Single Sign On

😊 reaction 🧐

Note: these are HQ file

basic-authentication-@gitbook_s.png4.31 KB

session-authentication-@gibook_s.png6.85 KB

token-authentication-@gitbook_s.png6.02 KB

jwt-authentication-@gitbook_s.png7.99 KB

oauth-@gitbook_s.png10.10 KB

photo content

OAuth — Open Authorization
OAuth — Open Authorization

| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄|            İf you like GitBook                give reaction |______________|                \ (•◡•) /                     \      /                      ——                    |     |                   |_   |_

| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄| İf you like GitBook give reaction |______________| \ (•◡•) / \ / —— | | |_ |_

| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄| İf you like GitBook give reaction |______________| \ (•◡•) / \ / —— | | |_ |_

JWT Authentication
JWT Authentication