Bug Bounty - GitBook
Ir al canal en Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Mostrar más7 428
Suscriptores
+324 horas
+37 días
+16730 días
Archivo de publicaciones
7 431
Web_Application_Security_Exploitation_and_Countermeasures_for_Modern.pdf14.16 MB
7 431
Andrew Homan
Web Application Security
Exploitation and Countermeasures for
Modern Web Applications
SECOND EDITION
2024
7 431
File Upload
Extension Splitting Cheat Sheet
🔸 qwe.php%00.png
🔸 qwe.php%0A.png
🔸 qwe.php\n.png
🔸 qwe.php\u000a.png
🔸 qwe.php\u560a.png
🔸 qwe.php%E5%98%8A.png
🔸 qwe.php;.png
🔸 qwe.php%3B.png
🔸 qwe.php\u003b.png
🔸 qwe.php\u563b.png
🔸 qwe.php%E5%98%BB.png
#Shell
@GitBook_s
7 431
APIs expose the underlying implementation of the app. Pentesters should leverage this fact to better understand users, roles, resources & correlations between them and find cool vulnerabilities & exploits. Always be curious about the API responses.
#api
@GitBook_s
7 431
Pentest for .NET apps? Found a param containing file path/name? Developers sometimes use "Path.Combine(path_1,path_2)" to create full path. Path.Combine has weird behavior: if param#2 is absolute path, then param#1 is ignored.
Leverage it to control the path
#api
@GitBook_s
7 431
BE Servers no longer responsible for protecting against XSS. APIs don't return HTML, but JSON instead. If API returns XSS payload? - E.g: {"name":"In<script>alert(21)</script>on} That's fine! The protection always needs to be on the client side
#api
@GitBook_s
7 431
Looking for BOLA (IDOR) in APIs? got 401/403 errors? AuthZ bypass tricks:
Wrap ID with an array {“id”:111} --> {“id”:[111]}
JSON wrap {“id”:111} --> {“id”:{“id”:111}}
Send ID twice URL?id=<LEGIT>&id=<VICTIM>
Send wildcard {"user_id":"*"}
In some cases, the AuthZ mechanism expects a plain string (an ID in this case), and if it receives a JSON instead it won't perform the AuthZ checks. Then, when the input goes to the data fetching component, it might be okay with a JSON instead of string(e.g: it flattens the JSON)
#api
@GitBook_s
7 431
Found an "export to PDF" feature? There's a good chance the developers use an external library to convert HTML --> PDF behind the scenes. Try to inject HTML elements and cause "Export Injection".
Learn more about Export Injection: https://medium.com/@inonst/export-injection-2eebc4f17117
#api
@GitBook_s
¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
