Bug Bounty - GitBook

@GitBook_s GitHub Recon - It’s Really Deep

@GitBook_s Bug Bounty Bootcamp #39: PDF SSRF and Blind Exfiltration — When Headless Browsers Become Your Data Mule

Blind SSRF exfiltration flow @GitBook_s

#SSRF: PDF iframe Injection @GitBook_s

<iframe> SSRF in generated PDFs #SSRF @GitBook_s

PHP Info Page Exposure. There's a lot of sensitive information that can be obtained from an exposed PHP Info page, from configuration secrets to exposed user session cookies. For example, when chained with XSS, this can lead to a full account takeover. #Recon #XSS #InformationDisclosure @GitBook_s

other ways to break out of an <option> tag. Default: </option></select>PAYLOAD Alternative: <input>PAYLOAD <select>PAYLOAD @GitBook_s

Expose Secrets in JS for url in $(cat js-urls.txt); do curl -s $url | grep -E -i "api_key|secret|token|apikey|auth" done Look for hardcoded API keys, JWTs, tokens — possible full account takeover or privilege escalation. @GitBook_s

@GitBook_s/ Biscuit's Bug Bounty Playbook Mains Learn Android Bug Bounty Learn Thick Client Pentesting Bug Bounty Reports & Articles Exploiting Technologies https://oreobiscuit.gitbook.io/introduction

@GitBook_s/cheatsheets https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets

@GitBook_s/Dork King (Bug Bounty Dorks) •Shodan Search •API (WSDL) •GIST github search •Apache Config Files •Install/Setup Files •Apache Struts RCE •htaccess/phpinfo() •Security Headers •Source Code PublicWWW •Search GitLab and Github •Find .php (WayBack) •Find Subdomains (Google) •Digital Ocean Space •Sub-Subdomains (Google) And more ... Link 🔗:- https://dorkking.blindf.com/ #googledork

@GitBook_s/my emotion❤️ afro > Your time will slow down with this music https://youtu.be/ULrM84EJASI?si=jZ2QKavfWn2hze8O

دوستان اندروید کار، بعدا قراره کانالش تو زمینه اندروید فعالیت کنه

@GitBook_s/blog Methods to Backdoor an AWS Account Privilege Escalation in AWS https://mystic0x1.github.io/categories/aws/

@GitBook_s Awesome Vulnerable Applications. A selection of pre-vulnerable applications, services, OS, etc. for your training or testing of various types of scanners: - Online; - Paid; - Vulnerable VMs; - Cloud Security; - SSO - Single Sign On; - Mobile Security; + OWASP Top 10; - SQL Injection; - XSS Injection; - Server Side Request Forgery; - CORS Misconfiguration; - XXE Injection; - Request Smuggling; + Technologies; - WordPress; - Node.js; - Firmware; - Uncategorized. ➡️ https://github.com/vavkamil/awesome-vulnerable-apps/

@GitBook_s Catch HTTP, DNS, SMTP and Blind XSS callbacks Generate bug bounty payloads instantly Download pre-built SSRF, XXE, SVG and PDF files Collect headers, body, IP, ASN, geo and timing evidence Built for security researchers and bounty reports https://pingback.sh/

@GitBook_s What means blind in SSTI Classic SSTI tutorials assume you can see the result. You inject {{7*7}}, the page renders 49, you confirm Jinja2, and escalate from there. Clean and satisfying. Reality is messier. Modern apps frequently suppress template rendering errors, sanitize output before display, or route the template result into an email, a PDF, a log file, or a background job — none of which you can read. The injection is real. The output is invisible. Without an out-of-band channel, you have nothing to report. https://pingback.sh/article-blind-ssti.html #bugbounty #ssti

@GitBook_s https://github.com/atxiii/small-tools-for-hunters