Please open Telegram to view this post
VIEW IN TELEGRAM
Ko-fi
A Practical Guide to Starting Your Cybersecurity Career in India
Brut Security published a post on Ko-fi
❤1
actuator/env
actuator/auditevents
actuator/beans
actuator/caches
actuator/configprops
actuator/health
actuator/heapdump
actuator/info
actuator/integrationgraph
actuator/configprops
actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/hosts
#bugbountytip #bugbountytips #bugbounty
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3
If your input causes a server error (e.g. 500) when you inject a ' (for eg) but you don't get reliable results using boolean inferential injections, try these payloads which should trigger the 500 when the red condition is true.
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2
Permission Model Issues: $3,000,000 methodology
https://forums.cybershieldctf.com/showthread.php?tid=87
https://forums.cybershieldctf.com/showthread.php?tid=87
New VDP Program - https://www.sonova.com/.well-known/security.txt
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimited times.
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
#2 OTP Bypass | Response Manipulation | Bug Bounty POC | CyberTron | #bugbounty #cybersecurity
Bug Type - Improper Authentication – Generic CWE-287
## Summary:
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimited…
## Summary:
While testing the site I found the registration OTP bypass error which lead to create new accounts
without verifying them and can generate different account from different number unlimited…
👍2❤1😍1
Easy Account Take Over
1.Go to http://web.archive.org
2. Put the domain and search for urls
3. Type in the filter ( %40 ) and search
4. Get a lot of urls that have a parameter leaks the email and password of the users
By: @Sayed_v2
#BugBounty #bugbountytips
1.Go to http://web.archive.org
2. Put the domain and search for urls
3. Type in the filter ( %40 ) and search
4. Get a lot of urls that have a parameter leaks the email and password of the users
By: @Sayed_v2
#BugBounty #bugbountytips
🔥11👍3
you have a big js file ? no time to analyze it all
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
👍14❤1
Do you want to receive this gift with just one report and one bug?
The GC3 Vulnerability program is one of the best programs after the DOD program for reputation collection as well as gift collection
This program is similar to the large DOD and has more than 10,000 subdomains you can work on it works in two ways
The first only gives you a reputation. You can report it on the HACKERONE platform
LINK: https://vulnerability-reporting.service.security.gov.uk/
Secondly, it gives you a reputation and gifts as shown above
LINK: https://www.gov.uk/guidance/report-a-vulnerability-on-an-mod-system
#bugbounty #bugbountytips
The GC3 Vulnerability program is one of the best programs after the DOD program for reputation collection as well as gift collection
This program is similar to the large DOD and has more than 10,000 subdomains you can work on it works in two ways
The first only gives you a reputation. You can report it on the HACKERONE platform
LINK
Secondly, it gives you a reputation and gifts as shown above
LINK
#bugbounty #bugbountytips
👍3
add this file to your wordlist `.gitlab-ci.yml` , enjoy
its contain a database username and password
By:@NoRed0x
#bugbounty #bugbountytips
its contain a database username and password
By:@NoRed0x
#bugbounty #bugbountytips
❤5👍1
chrome_2PdqXXPfb9.png
128.7 KB
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤2
3 million dollars Methodology Santiago Lopez.pdf
469.9 KB
$3 million dollars Methodology! [Santiago Lopez]
❤4😭3👍1
LucasFaudman_apkscan_Scan_for_secrets,_endpoints,_and_other_sensitive.mov
3.7 MB
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8
🚨 Depix 👉 It is a free and open-source tool used for image steganography, specifically for extracting hidden data from images.
🔗Download : https://github.com/spipm/Depix
#bugbounty #bugbountytips
🔗Download : https://github.com/spipm/Depix
#bugbounty #bugbountytips
❤2🔥2
Discover more subdomains during your recon by extracting subdomains from TLS certificates. Integrate Cero into your recon automation for better results.
https://github.com/glebarez/cero
https://github.com/glebarez/cero
🔥5👍2
Mastering Online Cameras Searching 📹
Intrigued by global events? Live cameras offer a solution. Millions of Internet-connected devices worldwide provide real-time views of live events, like public gatherings and conflicts💥
IoT search engines, Google dorking, and niche websites: learn how to search online cameras around the world 🔎
👉 Read now: https://netlas.io/blog/find_online_cameras/
✅ Sign Up Now on @netlas- https://app.netlas.io/ref/9cc61538/
Intrigued by global events? Live cameras offer a solution. Millions of Internet-connected devices worldwide provide real-time views of live events, like public gatherings and conflicts💥
IoT search engines, Google dorking, and niche websites: learn how to search online cameras around the world 🔎
👉 Read now: https://netlas.io/blog/find_online_cameras/
Please open Telegram to view this post
VIEW IN TELEGRAM
netlas.io
Mastering Online Camera Searches - Netlas Blog
A guide on how to find exposed webcams anywhere in the world. Techniques, tools, and best practices. Examples of searching for the most popular devices.
❤2👍2
🚀CRLFsuite - CRLF injection scanner 🚀
👉 The most powerful CRLF injection (HTTP Response Splitting) scanner.
🔗 Download : https://github.com/Raghavd3v/CRLFsuite
👉 The most powerful CRLF injection (HTTP Response Splitting) scanner.
🔗 Download : https://github.com/Raghavd3v/CRLFsuite
GitHub
GitHub - Raghavd3v/CRLFsuite: The most powerful CRLF injection (HTTP Response Splitting) scanner.
The most powerful CRLF injection (HTTP Response Splitting) scanner. - Raghavd3v/CRLFsuite
🔥6
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍14❤7