1. Pre-Account Takeover
- How to Hunt:
- Register an email without verifying it.
- Register again using a different method (e.g., 'sign up with Google') with the same email.
- Check if the application links both accounts.
- Try logging in to see if you can access information from the other account.
2. Account Takeover due to Improper Rate Limiting
- How to Hunt:
- Capture the login request.
- Use tools like Burp Suite's Intruder to brute-force the login.
- Analyze the response and length to detect anomalies.
3. Account Takeover by Utilizing Sensitive Data Exposure
- How to Hunt:
- Pay attention to the request and response parts of the application.
- Look for exposed sensitive data like OTPs, hashes, or passwords.
4. Login Vulnerabilities
- Check for:
- Brute-force vulnerabilities.
- OAuth misconfigurations.
- OTP brute-forcing.
- JWT misconfigurations.
- SQL injection to bypass authentication.
- Proper validation of OTP or tokens.
5. Password Reset Vulnerabilities
- Check for:
- Brute-force vulnerabilities in password reset OTPs.
- Predictable tokens.
- JWT misconfigurations.
- IDOR vulnerabilities.
- Host header injection.
- Leaked tokens or OTPs in HTTP responses.
- Proper validation of OTP or tokens.
- HTTP parameter pollution (HPP).
6. XSS to Account Takeover
- How to Hunt:
- Try to exfiltrate cookies or auth tokens.
- Craft XSS payloads to change user email or password.
7. CSRF to Account Takeover
- Check for:
- Vulnerabilities in email update endpoints.
- Vulnerabilities in password change endpoints.
8. IDOR to Account Takeover
- Check for:
- Vulnerabilities in email update endpoints.
- Vulnerabilities in password change endpoints.
- Vulnerabilities in password reset endpoints.
9. Account Takeover by Response & Status Code Manipulation- How to Hunt:
- Look for vulnerabilities where manipulating response or status codes can lead to account takeover.
10. Account Takeover by Exploiting Weak Cryptography- Check for:
- Weak cryptographic implementations in password reset processes.
11. Password or Email Change Function- How to Hunt:
- If you see email parameters in password change requests, try changing your email to the victim's email.
12. Sign-Up Function- How to Hunt:
- Try signing up with the target email directly. - Use third-party sign-ups with phone numbers, then link the victim's email to your account.
13. Rest Token
- How to Hunt: - Try using your REST token with the target account.
- Brute 13. Rest Token- How to Hunt:
- Try using your REST token with the target account. - Brute force the REST token if it is numeric.
- Try to figure out how the tokens are generated. For example, check if they are generated based on timestamp, user ID, or email.
14. Host Header Injection- How to Hunt:
- Intercept the REST account request. - Change the Host header value from the target site to your own domain (e.g., `POST /PassRest HTTP/1.1 Host: Attacker.com`).
15. CORS Misconfiguration to Account Takeover
- How to Hunt: - Check if the application has CORS misconfigurations.
- If so, you might be able to steal sensitive information from the user to take over their account or make them change authentication information. - Refer to [CORS Bypass](https://book.hacktricks.xyz/pentesting-web/cors-bypass) for more details.
16. Account Takeover via Leaked Session Cookie
- How to Hunt: - Look for vulnerabilities where session cookies are leaked.
- Refer to [HackerOne Report 745324](https://hackerone.com/reports/745324) for more details.
17. HTTP Request Smuggling to ATO- How to Hunt:
- Look for HTTP request smuggling vulnerabilities.
- Refer to [HackerOne Reports 737140 and 740037](https://hackerone.com/reports/737140) and [HackerOne Report 740037](https://hackerone.com/reports/740037) for more details.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤11👍5
18. Bypassing Digits Origin Validation Which Leads to Account Takeover- How to Hunt:
- Look for vulnerabilities where digits origin validation can be bypassed. - Refer to [HackerOne Report 129873](https://hackerone.com/reports/129873) for more details.
19. Top ATO Reports in HackerOne
- How to Hunt: - Review top account takeover reports in HackerOne.
- Refer to [TOP ACCOUNT TAKEOVER](https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPACCOUNTTAKEOVER.md) for more details.
❤5
1. Run HxD as Admin.
2. Open (Ctrl + O) and find "sublime_text.exe".
3. Search > Replace (Ctrl + R) > Hex values
4. Enter the following: Search for: 80 79 05 00 0F 94 C2 -> Replace with C6 41 05 01 B2 00 90 Search direction: All -> Replace All (only 1 instance found for me).
5. Save (Ctrl + S) then exit HxD.
6. Run Sublime Text.
Please open Telegram to view this post
VIEW IN TELEGRAM
1👍7❤5🔥2
site:*.host.com ext:asp
site:*.host.com ext:jsp
site:*.host.com ext:aspx
site:*.host.com ext:jspx
site:*.host.com ext:do
site:*.host.com ext:action
site:*.host.com ext:php
Please open Telegram to view this post
VIEW IN TELEGRAM
❤9👍4🔥1
CVE-2024-52301: Improper Input Validation in Laravel Framework, 8.7 rating❗️
The vulnerability allows an attacker to change environment using a special crafted query string.
More then 830k instances at Netlas.io:
👉 Link: https://nt.ls/CDJgv
👉 Dork: http.headers.set_cookie:"laravel_session="
Vendor's advisory: https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
The vulnerability allows an attacker to change environment using a special crafted query string.
More then 830k instances at Netlas.io:
👉 Link: https://nt.ls/CDJgv
👉 Dork: http.headers.set_cookie:"laravel_session="
Vendor's advisory: https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
❤3👍3🔥1
Hey everyone! 🎉
A big, warm welcome to all our new members! 💕 And to our amazing long-time supporters, thank you for sticking around and making this community what it is today! 🙌
If you’ve been finding value in the bug bounty updates, cybersecurity tips, and job opportunities I share, I’d truly appreciate your support. ⭐ You can boost or give a star to Brut Security—it keeps me motivated to keep delivering the best content for you all! 💻🔒
Thanks for being such an incredible community. Your encouragement means everything!❤️ 💟
A big, warm welcome to all our new members! 💕 And to our amazing long-time supporters, thank you for sticking around and making this community what it is today! 🙌
If you’ve been finding value in the bug bounty updates, cybersecurity tips, and job opportunities I share, I’d truly appreciate your support. ⭐ You can boost or give a star to Brut Security—it keeps me motivated to keep delivering the best content for you all! 💻🔒
Thanks for being such an incredible community. Your encouragement means everything!
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤9🔥2
"http://target.com" send_keys
"http://target.com" password
"http://target.com" api_key
"http://target.com" apikey
"http://target.com" jira_password
"http://target.com" root_password
"http://target.com" access_token
"http://target.com" config
"http://target.com" client_secret
"http://target.com" user auth
Please open Telegram to view this post
VIEW IN TELEGRAM
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
👍13🔥6❤2
It’s been a while! How’s everyone doing? Let me know what resources you need in cybersecurity. Please note, no requests for pirated material.
🔥7👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
1👍12❤6🔥1
⚠️ S3 Bucket Recon ⚠️
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
GitHub
awsome-websecurity-checklist/Mindmaps/S3-Bucket Recon.png at main · securitycipher/awsome-websecurity-checklist
Contribute to securitycipher/awsome-websecurity-checklist development by creating an account on GitHub.
👍7
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤8👍1
BGPView for Reconnaissance
- Get ASN Information
- Enumerate IP Prefixes for an ASN
- Retrieve IP Address Details
- Search ASN, IP, or Domain Together
- Upstreams
- Upstreams [ IPv4 ]
- Upstreams [ IPv6 ]
- All Peers
- Extract ASN Prefixes with Peer Details
- Downstreams
- Subdomain Enumeration from ASN
- Query ASN by Organization Name
© Yasin
- Get ASN Information
curl -s "https://api.bgpview.io/asn/AS12345" | jq
- Enumerate IP Prefixes for an ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes" | jq '.data.ipv4_prefixes[] | .prefix'
- Retrieve IP Address Details
curl -s "https://api.bgpview.io/ip/8.8.8.8" | jq
- Search ASN, IP, or Domain Together
curl -s "https://api.bgpview.io/search?query=example.com" | jq '.data'
- Upstreams
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq
- Upstreams [ IPv4 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv4_upstreams[] | {asn, name, denoscription, country: .country_code}'
- Upstreams [ IPv6 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv6_upstreams[] | {asn, name, denoscription, country: .country_code}'
- All Peers
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, denoscription, country: .country_code})'
- Extract ASN Prefixes with Peer Details
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, denoscription, country: .country_code, prefix: .prefix})'
- Downstreams
curl -s "https://api.bgpview.io/asn/AS12345/downstreams" | jq
- Subdomain Enumeration from ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes"
dig -x $prefix
done
- Query ASN by Organization Name
curl -s "https://api.bgpview.io/search?query=google" | jq '.data.asns[] | {asn, name, denoscription}'
Please open Telegram to view this post
VIEW IN TELEGRAM
👍12🐳4❤2
CVE-2024-52052, -053, -054, -055, -056: Multiple vulnerabilitites in Wowza Streaming Engine, 5.1 - 9.4 rating 🔥
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
👉 Link: https://nt.ls/8BudC
👉 Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
👉 Link: https://nt.ls/8BudC
👉 Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
👍1