Bug Bounty Tips(2022-10-17)

渗透技巧 1年前 (2022) admin
357 0 0

点击蓝字 关注不迷路

01

How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags

Bug Bounty Tips(2022-10-17)

https://saajanbhujel.medium.com/how-i-got-10-000-from-github-for-bypassing-filtration-of-html-tags-db31173c8b37

02

Vaf is a cross-platform very advanced and fast web fuzzer written in nim(从start来看还是比较小众的)

https://github.com/d4rckh/vaf

03

Make you scans faster  Ports Scan without CloudFlare

subfinder -silent -d HOST | filter-resolved | cf-check | sort -u | naabu -rate 40000 -silent -verify | httprobe

04

H1报告

Password Reset Link not expiring after changing the email Leads To Account Takeover

https://hackerone.com/reports/685007

05

Kubernetes Security and Observability: A Holistic Approach to Securing Containers and Cloud Native Applications

https://rbebooks.site/wp-content/uploads/2022/10/Kubernetes_Security_and_Observability_by_Amit_Gupta_and_Brendan.pdf

06

Testing 2FA

Bug Bounty Tips(2022-10-17)


07

API Security Testing Checklist

https://github.com/shieldfy/API-Security-Checklist

08

Today I have a successful cheat sheet suggestion that you can use within the scope of bug bounty

https://github.com/Neelakandan-A/BugBounty_CheatSheet

09

Where do you usually find IDOR bugs?   This writeup by @_nynan sums it up pretty well

https://medium.com/@nynan/what-i-learnt-from-reading-220-idor-bug-reports-6efbea44db7 

10

Don’t have a US phone number? 

https://www.receivesms.co/us-phone-number/3635/


最近整理资料,发现一个问题,老外有的时候一条文章发个三四次,所以就有可能出现重复的情况,ememem,毕竟这是靠人工review的。







原文始发于微信公众号(Bug Bounty Tips):Bug Bounty Tips(2022-10-17)

版权声明:admin 发表于 2022年10月18日 上午8:11。
转载请注明:Bug Bounty Tips(2022-10-17) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...