IDOR in Reset Password
When the user reset his password the application make an API request to make sure that username exists. If exist, it will come back with Personal Identifying Information (PII) in the response [Full name,Email,Phone number].
By:@Maakthon
#bugbountytips
When the user reset his password the application make an API request to make sure that username exists. If exist, it will come back with Personal Identifying Information (PII) in the response [Full name,Email,Phone number].
By:@Maakthon
#bugbountytips
❤11👍4
🚨 CVE-2024-40348 🚨
👉 This is a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.
🔗 Download : https://github.com/bigb0x/CVE-2024-40348
👉 This is a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.
🔗 Download : https://github.com/bigb0x/CVE-2024-40348
🔥2❤1
Please open Telegram to view this post
VIEW IN TELEGRAM
Ko-fi
Buy Brut Security a Coffee
Become a supporter of Brut Security today!
❤2🤝1
Brut Security pinned «🤩 Hey everyone, thanks for being part of this awesome community! 🐸 If you enjoy my content and want to support me, you can buy me a coffee on Ko-fi: https://ko-fi.com/brutxninja ☕️ !»
Please open Telegram to view this post
VIEW IN TELEGRAM
Ko-fi
A Practical Guide to Starting Your Cybersecurity Career in India
Brut Security published a post on Ko-fi
❤1
actuator/env
actuator/auditevents
actuator/beans
actuator/caches
actuator/configprops
actuator/health
actuator/heapdump
actuator/info
actuator/integrationgraph
actuator/configprops
actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/hosts
#bugbountytip #bugbountytips #bugbounty
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3
If your input causes a server error (e.g. 500) when you inject a ' (for eg) but you don't get reliable results using boolean inferential injections, try these payloads which should trigger the 500 when the red condition is true.
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2
Permission Model Issues: $3,000,000 methodology
https://forums.cybershieldctf.com/showthread.php?tid=87
https://forums.cybershieldctf.com/showthread.php?tid=87
New VDP Program - https://www.sonova.com/.well-known/security.txt
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimited times.
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
#2 OTP Bypass | Response Manipulation | Bug Bounty POC | CyberTron | #bugbounty #cybersecurity
Bug Type - Improper Authentication – Generic CWE-287
## Summary:
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimited…
## Summary:
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimited…
👍2❤1😍1
Easy Account Take Over
1.Go to http://web.archive.org
2. Put the domain and search for urls
3. Type in the filter ( %40 ) and search
4. Get a lot of urls that have a parameter leaks the email and password of the users
By: @Sayed_v2
#BugBounty #bugbountytips
1.Go to http://web.archive.org
2. Put the domain and search for urls
3. Type in the filter ( %40 ) and search
4. Get a lot of urls that have a parameter leaks the email and password of the users
By: @Sayed_v2
#BugBounty #bugbountytips
🔥11👍3
you have a big js file ? no time to analyze it all
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
👍14❤1
Do you want to receive this gift with just one report and one bug?
The GC3 Vulnerability program is one of the best programs after the DOD program for reputation collection as well as gift collection
This program is similar to the large DOD and has more than 10,000 subdomains you can work on it works in two ways
The first only gives you a reputation. You can report it on the HACKERONE platform
LINK: https://vulnerability-reporting.service.security.gov.uk/
Secondly, it gives you a reputation and gifts as shown above
LINK: https://www.gov.uk/guidance/report-a-vulnerability-on-an-mod-system
#bugbounty #bugbountytips
The GC3 Vulnerability program is one of the best programs after the DOD program for reputation collection as well as gift collection
This program is similar to the large DOD and has more than 10,000 subdomains you can work on it works in two ways
The first only gives you a reputation. You can report it on the HACKERONE platform
LINK
Secondly, it gives you a reputation and gifts as shown above
LINK
#bugbounty #bugbountytips
👍3
add this file to your wordlist `.gitlab-ci.yml` , enjoy
its contain a database username and password
By:@NoRed0x
#bugbounty #bugbountytips
its contain a database username and password
By:@NoRed0x
#bugbounty #bugbountytips
❤5👍1
chrome_2PdqXXPfb9.png
128.7 KB
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤2
3 million dollars Methodology Santiago Lopez.pdf
469.9 KB
$3 million dollars Methodology! [Santiago Lopez]
❤4😭3👍1
LucasFaudman_apkscan_Scan_for_secrets,_endpoints,_and_other_sensitive.mov
3.7 MB
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8
🚨 Depix 👉 It is a free and open-source tool used for image steganography, specifically for extracting hidden data from images.
🔗Download : https://github.com/spipm/Depix
#bugbounty #bugbountytips
🔗Download : https://github.com/spipm/Depix
#bugbounty #bugbountytips
❤2🔥2