“Story of Blind SQL with a typo error.” by Amyrahm https://link.medium.com/JPfCxQzF86
Читать полностью…
How to write a Bug Bounty report: http://10degres.net/how-to-write-a-bug-bounty-report/
Читать полностью…
corneacristian/data-exfiltration-over-dns-queries-via-morse-code-efc9e09f56fe" rel="nofollow">https://medium.com/@corneacristian/data-exfiltration-over-dns-queries-via-morse-code-efc9e09f56fe
Читать полностью…
Content Security Policy (CSP) Bypasses http://ghostlulz.com/content-security-policy-csp-bypasses/
Читать полностью…
https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html
Читать полностью…
https://blog.intigriti.com/2020/02/24/twitter-recap-1-bug-bounty-tips-by-the-intigriti-community/
Читать полностью…
Use path parameters if server is Apache Tomcat & running jsp pages . Like
http://site.com/test.jsp;test=<payload>
, This pages can sometimes give xss.
#bugbounty
https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023
Читать полностью…
Base Scheme Decoder
https://github.com/mufeedvh/basecrack
Top 25 IDOR Bug Bounty Reports
corneacristian/top-25-idor-bug-bounty-reports-ba8cd59ad331" rel="nofollow">https://medium.com/@corneacristian/top-25-idor-bug-bounty-reports-ba8cd59ad331
Tale of Account Takeovers (Part-1)
bathinivijaysimhareddy/tale-of-account-takeovers-part-1-b24e1f3c3187" rel="nofollow">https://medium.com/@bathinivijaysimhareddy/tale-of-account-takeovers-part-1-b24e1f3c3187
d3f4u17/fasten-your-recon-process-using-shell-scripting-359800905d2a" rel="nofollow">https://medium.com/@d3f4u17/fasten-your-recon-process-using-shell-scripting-359800905d2a
Читать полностью…
Sentive Data Exposure
Sheshasai/sentive-data-exposure-fad568b7875" rel="nofollow">https://medium.com/@Sheshasai/sentive-data-exposure-fad568b7875
“Penetration Testing Roadmap” by Knightsbr1dge https://link.medium.com/8ZZhEUqF86
Читать полностью…
Account takeover via postMessage: https://yxw21.github.io/2020/06/05/Account-Takeover-Via-PostMessage/
Читать полностью…
Everything you want to know about IOT Security ! Simplified https://medium.com/bugbountywriteup/everything-you-want-to-know-about-iot-security-simplified-7dca1b9e1c22
Читать полностью…
shahjerry33/long-string-dos-6ba8ceab3aa0" rel="nofollow">https://medium.com/@shahjerry33/long-string-dos-6ba8ceab3aa0
Читать полностью…
JSON Web Tokens vs. Session Cookies for Authentication
https://t.co/ok14MFmdvL
Remembering the Shellshock Vulnerability
https://t.co/xUGGhKSvP5
4 Uncommon Python Tricks You Should Learn
https://t.co/bOOvVe92Us
#bugbountytips
ozguralp/write-up-aws-document-signing-security-control-bypass-2b13a9c22a4d" rel="nofollow">https://medium.com/@ozguralp/write-up-aws-document-signing-security-control-bypass-2b13a9c22a4d
Читать полностью…
#WAF #ModSecurity #RCE #Payloads Detection #Bypass
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
Alway convert parameter to array you will get unexpected result, some times xss bypass
Like,
path=/abc to path["]=/abc
#bugbountytip
Google ADS Stored Xss & Html Injections 5000$
https://www.youtube.com/watch?v=O5BWtwykJJg
From Recon to Optimizing RCE Results - Simple Story with One of the Biggest ICT Company in the World
YoKoKho/from-recon-to-optimizing-rce-results-simple-story-with-one-of-the-biggest-ict-company-in-the-ea710bca487a" rel="nofollow">https://medium.com/@YoKoKho/from-recon-to-optimizing-rce-results-simple-story-with-one-of-the-biggest-ict-company-in-the-ea710bca487a
FinDir is Directory brutefocer which can be used to run 24/7 againts target and will provide you the notification on Telegram once it finds any open directory
https://github.com/m4xx101/FinDir
Finding a P2 in two minutes with Shodan.io
sw33tlie/finding-a-p2-in-two-minutes-with-shodan-io-647e86744ee6" rel="nofollow">https://medium.com/@sw33tlie/finding-a-p2-in-two-minutes-with-shodan-io-647e86744ee6
“Recon Everything” by SACHIN GROVER https://link.medium.com/ReykAnzk23
Читать полностью…
How PayPal helped me to generate XSS
pflash0x0punk/how-paypal-helped-me-to-generate-xss-9408c0931add" rel="nofollow">https://medium.com/@pflash0x0punk/how-paypal-helped-me-to-generate-xss-9408c0931add
HOW I BYPASSED 2 FACTOR AUTHENTICATION
manralhemant10/how-i-bypassed-2-factor-authentication-899750421331" rel="nofollow">https://medium.com/@manralhemant10/how-i-bypassed-2-factor-authentication-899750421331
