ru
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

Открыть в Telegram
7 429
Подписчики
+424 часа
+207 дней
+16430 день
Архив постов
Now you can view all the HTB Academy Modules for free on: https://freehtb.infy.uk/
Now you can view all the HTB Academy Modules for free on: https://freehtb.infy.uk/

#Recon @GitBook_s
#Recon @GitBook_s

Don’t forget to try test/demo card credentials on websites that use Stripe or any other payment system. If you’re lucky, you
Don’t forget to try test/demo card credentials on websites that use Stripe or any other payment system. If you’re lucky, you can get items/subscriptions for free 😀 @GitBook_s

I just feel like sharing it

BugBunty_Hunting_Guide_to_find_Vulnerabilities_by_Mahmoud_Mohamed.pdf2.72 MB

BBRecon Masterflow - 2025.pdf0.30 KB

How to test for SQL injection 👇 1) Select params for testing in: 🔹 URL query 🔹 POST body 🔹 Headers 🔹 Cookies It can be any parameter. Typically, I test integer parameters first. 2) Perform math if the tested field is an integer: 🔹 user_id=1338-1 If there is a sign of an SQL injection, you will see a result with user_id=1337. 3) Try to add symbols at the end of the parameter: 🔹 ' (single quote) 🔹 " (double quote) 🔹 ; (semicolon) Observe the response status. If you spot an error response, there might be a chance of SQL injection. 4) Try to add another symbol and see if the error disappears 🔹 login=admin (status: 200) 🔹 login=admin' (status: 500) 🔹 login=admin'' (status: 200) In SQL the escape character for a single quote is another single quote, and for a double quote is another double quote 5) Perform SQL query functions Int 🔹 user_id=1337 AND 1=1 ✅ 🔹 user_id=1337 AND 2=1 ❌ Text 🔹 login=admin' AND 'A'='A ✅ 🔹 login=admin' AND 'A'='B ❌ JSON int 🔹 {"user_id":"1337 AND 1=1"} ✅ 6) Combine SQL query functions with comments Int ✅ 🔹 user_id=1337 AND 1=1 -- Text ✅ 🔹 login=admin' AND 'A'='A' -- JSON int ✅ 🔹 {"user_id":"1337 AND 1=1 --"} JSON text ✅ 🔹 {"login":"admin' AND 'A'='A' --"} 7) Use Tools to test vulnerable params further 🔹 sqlmap 🔹 r0oth3x49/ghauri (github) Remember that you only need to obtain the database version for the initial Proof of Concept (POC). Further exploitation should be tested only with permission from the program/company 8) You can use the following DB Fiddle to experiment with SQL injection points and behavior. Edit SQL queries on the right and then click RUN to see how the SQL queries are executed and what results are displayed at the bottom. https://www.db-fiddle.com/f/mZ2ftcLLzZLbrEELn38hjQ/0 @GitBook_s

6000 scanning template

window[['a'][0] + 'lert'](1337) #XSS @GitBook_s
window[['a'][0] + 'lert'](1337) #XSS @GitBook_s

این رو هم که تعریف شو شنیدم

این رو هم داشته باشید