Bug Bounty - GitBook
Открыть в Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Больше7 460
Подписчики
+524 часа
+307 дней
+17430 день
Архив постов
7 461
🔥Always remember to test the API for existence of addition headers.
X-Originaal-URL: /v1/api/endpoint_here
BOOM => Entire API routes disclosure.
Credit: @driccosec
7 461
Someone wrote a script that can be met with a server's security, it doesn't work out more about the pain of the newcomers not to have these common problems in configuring the server:
https://github.com/vernu/vps-audit
7 461
https://www.computerhope.com/
Interesting site, a lot of information about network, security, technology and ...
Of all years
From the past to now
7 461
Closing the server ping in the operating system layer (to increase security)
echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
Sysctl -p
To open the ping, just enter the value of 0 instead of 1.
7 461
🔖All You Need to Master IDOR: A Complete Resource Guide
⬇️GitHub Repositories
All these GitHub Repositories contains 1000+ Hackerone reports to read from which you can learn how bug bounty hunters did recon to find IDOR Vulnerability, I suggest read atleast 300 reports to get your own unique perspective on IDOR Vulnerability.📱 Awesome-Bugbounty-Writeups - IDOR 📱 HackerOne Reports - Top IDOR 📱 HackerOneReports - IDOR ⬇️Critical/Highest bounty through IDOR Vulnerability 🖤 IDOR - how to predict an identifier? Bug bounty case study 🖤 $5,000 YouTube IDOR - Bug Bounty Reports Explained 🖤 $28k IDOR that broke Apple Shortcuts - Apple bug bounty ⬇️All possible parameters for IDOR and real life examples of each 🖤 Bug Bounty Hunting for IDORs - Part-I 🖤 Bug Bounty Hunting for IDORs - Part-II 🖤 Bug Bounty Hunting for IDORs - Part-III ⬇️Book 📕 Bug Bounty Bootcamp - By Vickie Li
7 461
🔖Hacking GraphQL APIs
GraphQL pentesting focuses on identifying security vulnerabilities in applications that use GraphQL for data querying. Unlike REST APIs, GraphQL allows clients to request specific data, which can expose underlying issues if not properly secured. Key areas of concern include improper authorization checks, excessive data exposure, and insufficient input validation. Pentesters should look for flaws such as introspection queries revealing sensitive schema details, or complex queries leading to denial of service. Ensuring robust input validation, implementing strict authorization checks, and limiting query complexity are essential practices to secure GraphQL endpoints.🖥 Articles and Blog Posts
🔗 Hacktricks - GraphQL and Security 🔗 Five easy ways to hack GraphQL targets 🔗 Portswigger - Graphql 🔗 ApiSecurity⬇️ GitHub Resources
📱 PayloadsAllTheThings 📱 hacking graphql 📱 Awesome Graphql Security 📱 Hack-graphql⬇️Videos
🖤 NahamCon2024: GraphQL is the New PHP 🖤 Finding Your Next Bug: GraphQL 🖤 GraphQL API Pentesting⬇️Books
📕 Black Hat GraphQL 📕 Hacking APIs - Breaking Web Application ... 📕 API Security in Action
7 461
🔥Robofinder is a powerful Python script designed to search for and retrieve historical robots.txt files from Archive.org for any given website. This tool is ideal for security researchers, web archivists, and penetration testers to uncover previously accessible paths or directories that were listed in a site's robots.txt.
🔖https://github.com/Spix0r/robofinder
7 461
🔖Essential Browser Extensions for Bug Bounty Hunters
⬇️FireFox
🔍 Link Gopher 🔍 Adblock Plus 🔍 FoxyProxy Standard 🔍 Video Speed Controller 🔍 Check XSS 🔍 HackTools 🔍 Bulk URL Opener 🔍 Temp Mail 🔍 JS Beautify CSS HTML 🔍 Multi-Account Containers⬇️Chrome
🌐
TruffleHog
🌐
Code Formatter
🌐
Freedium Extension
🌐
BuiltWith
🌐
Wappalyzer
🌐
WhatRuns
🌐
Retire.js
🌐
Cookie Extractor
🌐
Wayback Machine
🌐
EXIF Data Viwer
🌐
Shodan
🌐
S3 Bucket List
🌐
Ublock Origin
🌐
Resources Saver
🌐
Dot Git
🌐
EndPointer
7 461
bypass 403 & 401 errors:
https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/403-and-401-bypasses
7 461
7 461
📖 Windows Server 2025 Administration Fundamentals: A beginner's guide to managing and administering Windows Server environments , Fourth Edition
💠 Info : https://www.packtpub.com/en-us/product/windows-server-2025-administration-fundamentals-9781836205005
7 461
PHP 8.1.0-dev RCE via User-Agentt ExploitIntroduction In some versions of PHP 8.1.0-dev, a Remote Code Execution (RCE) vulnerability was discovered through an uncommon HTTP header called User-Agentt. This vulnerability can be exploited if the application processes incoming headers without proper sanitization, allowing arbitrary system commands to be executed on the server. How Does the Vulnerability Work? The vulnerability occurs when the application uses
$_SERVER['HTTP_USER_AGENTT']unsafely, especially if the value is passed to functions like eval() or system(). If input validation is not implemented, attackers can execute unauthorized commands directly on the server. Example of Vulnerable PHP Code
<?php
$user_agent = $_SERVER['HTTP_USER_AGENTT'];
eval($user_agent);
?>
Why is this dangerous?
Because an attacker can send an HTTP request with a User-Agentt header containing malicious PHP code, which will be executed directly on the server.
How to Exploit the Vulnerability
1. Testing Delay with sleep()
GET /index.php HTTP/1.1 Host: vulnerable.com User-Agentt: zerodiumsleep(5);•If the response is delayed by 5 seconds, it confirms that the code is being executed successfully.
2. Executing a System Commandwith system()
GET /index.php HTTP/1.1 Host: vulnerable.com User-Agentt: zerodiumsystem('id');•If the server responds with user information such as:
uid=33(www-data) gid=33(www-data) groups=33(www-data)•this means RCE exploitation is successful.
3. Executing PHP via phpinfo()
GET /index.php HTTP/1.1 Host: vulnerable.com User-Agentt: zerodiumphpinfo();•This might display the current PHP configuration, which helps in understanding the target environment.
Conclusion This vulnerability is extremely dangerous because it allows direct command execution on the server, potentially leading to a full compromise. Developers must be cautious about handling external inputs and always keep their PHP versions up to date.
7 461
SQLi Time-Based Blind Finding Methods: https://medium.com/@erkankavas/sqli-time-based-blind-finding-methods-cdef02de2d0e?source=rss------bug_bounty-5
