Bug Bounty - GitBook
Ir al canal en Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Mostrar más7 470
Suscriptores
+1024 horas
+417 días
+18130 días
Archivo de publicaciones
7 471
#BugBountyTips
If server only allows GET and POST method, then try adding “X-HTTP-Method -Override: PUT to achieve RCE via PUT method.
Source: https://twitter.com/rvismit
7 471
■■■■■ HTTP Method Override – what it is and how a pentester can use it.
https://www.sidechannel.blog/en/http-method-override-what-it-is-and-how-a-pentester-can-use-it/
7 471
■■■■□ CSP bypass on PortSwigger.net using Google script resources joaxcar.com.
https://hackerone.com/reports/2279346
Blog: https://joaxcar.com/blog/2024/02/19/csp-bypass-on-portswigger-net-using-google-script-resources/
7 471
■■■□□ Subdomain Fuzzing worth 35k bounty.
https://medium.com/@HX007/subdomain-fuzzing-worth-35k-bounty-daebcb56d9bc
7 471
■■■■■ DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 2.
https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-2/
7 471
⚙️ A simple web-based tool that lists all Content Security Policy issues on your target to help you figure out which missing directives or policies can help you bypass CSP!
https://csp-evaluator.withgoogle.com/
7 471
■■□□□ Bypassing HTTP Strict Transport Security.
https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security.pdf
7 471
■■■□□ Subhunter - A Fast Subdomain Takeover Tool.
https://www.kitploit.com/2024/05/subhunter-fast-subdomain-takeover-tool.html
https://github.com/umutcamliyurt/Subhunter
7 471
■■■■■ Advanced SQL Injection 💉 for AWAE.
Goal is to master SQL Injection Discovery, Detection and Exploitation.
https://github.com/shreyaschavhan/advanced-sql-injection-for-awae
7 471
■■■□□ A python script that finds endpoints in JavaScript files.
https://github.com/GerbenJavado/LinkFinder
7 471
■■■■□ Burp Plugin to Bypass WAFs through the insertion of Junk Data.
https://github.com/assetnote/nowafpls
7 471
■■■■□ Active Directory Cheat Sheet.
https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
7 471
■■■□□ Burp's Collaborator can be used to generate custom DNS records.
https://x.com/Burp_Suite/status/1813203103052611701
7 471
■■■■■ A Security Tool 🔫 for Bug Bounty, Pentest and Red Teaming.
https://github.com/zan8in/afrog/
