اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
Bug Bounty - GitBook
رفتن به کانال در Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
نمایش بیشتر7 428
مشترکین
-324 ساعت
+207 روز
+27230 روز
آرشیو پست ها
7 429
![XSS WAF Bypass by multi-char HTML entities fj translates to fj >⃒ translates to > + [?] <⃒ translates to < + [?]](data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDACgcHiMeGSgjISMtKygwPGRBPDc3PHtYXUlkkYCZlo+AjIqgtObDoKrarYqMyP/L2u71////m8H////6/+b9//j/2wBDASstLTw1PHZBQXb4pYyl+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj/wAARCAAWACgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDX5/yKOfX9DRz/AJFKP88UAGT/AJFGf84oz9fypc0AANFGaKAEwfakG7PUUUUALz6j8qWiigAooooA/9k=)
XSS WAF Bypass by multi-char HTML entities
fj translates to fj
>⃒ translates to > + [?]
<⃒ translates to < + [?]
[?] - Unicode symbol
@GitBook_s
7 429
Due to Telegram's copyright law, I want to create a private channel to send files there. Do you agree?
7 429
How to Perform Session Hijack with XSS + Session Fixation When the Session Cookie is HttpOnly
Steps:
1) Create a session cookie with an unauthenticated session value on the /login path using JavaScript.
2) Force the user to log out.
3) When the user logs back in, they will use the unauthenticated session.
Details:
The attacker creates a session cookie on another browser, then injects that session into the victim's account by overriding the existing HttpOnly cookie with a similar cookie name but a different value on a different path.
sess=aaaa; path=/login; expires=Fri, 17 Jun 2024 10:00:00When the login form is submitted, it will contain two cookies. The one created with JavaScript on the /login path will be first, followed by the HttpOnly cookie on the different path /.
Cookie: sess=aaaa; sess=bbbb;Since the website has a Session Fixation bug, no new session will be generated when the user logs in. Because there are two session cookies, only the first one from the attacker (sess=aaaa) will be used, and the logged-in user will be attached to it. The final step is to use the unauthenticated session that was previously created on the attacker's browser for all website actions from the attacker's side. @GitBook_s
7 429
@GitBook_s
... finding XSS is very learnable. You do not need to be a JavaScript expert. You just need to know where to look and what to inject.
XSS Testing Checklist: 12 Important Test Cases Every Security Tester Should Know
#BugBounty #xss
7 429
🔥 Recon is not about running tools.
Recon is about discovering opportunities others overlook.
