#BugBounty #bugbountytips #vulnerability
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
WebLogic Server Unauthenticated RCE via GET request | CVE 2020-14882 | Brut Security
CVE 2020-14882
https://www.exploit-db.com/exploits/49479
https://www.exploit-db.com/exploits/49479
👍4
Add 'app/config/config.local.neon' to the wordlist, and maybe you will get juicy data.
By: @NoRed0x
#bugbountytips #bugbountytip
By: @NoRed0x
#bugbountytips #bugbountytip
👌5❤2👍1
#bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4❤1🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
Bug Bounty Roadmaps Collection
https://github.com/bittentech/Bug-Bounty-Beginner-Roadmap
https://github.com/1ndianl33t/Bug-Bounty-Roadmaps
https://github.com/Thunderwolfistesting/A-Comprehensive-Bug-Bounty-Roadmap-
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/bobby-lin/study-bug-bounty
https://github.com/ashutoshshah1/Ethical-hacking-Roadmap
https://github.com/krishanthan4/Ethical-Hacking-Roadmap
https://github.com/BLACKHAT-SSG/Bug-Bounty-RoadMap
https://github.com/imanikchopra/cybersecurity-roadmap-bug-bounty
👍10🔥2❤1😁1
Position for SOC leader at Director/ Associate Director level to run a SOC. Position is in Noida, CTC ~60L. Pls share any reference with priti@thecyberhire.com with a cc to talent@thecyberhire.com
🚨 New Ethical Hacking Batch Starting on 16th August! 🚨
Ready to dive into the world of ethical hacking? Our next batch kicks off on 16th August at 4 PM IST. Whether you're a student aiming to sharpen your cybersecurity skills or a professional looking to enhance your expertise, this course is designed for you!
🎓 Exclusive Offer for Students: 50% OFF (Student ID Required)
Don’t miss out on this opportunity to learn the latest in penetration testing, vulnerability assessment, and more. Secure your spot today!
👉 Register Now: https://wa.me/message/NQLPOBIAEFDBN1
Ready to dive into the world of ethical hacking? Our next batch kicks off on 16th August at 4 PM IST. Whether you're a student aiming to sharpen your cybersecurity skills or a professional looking to enhance your expertise, this course is designed for you!
🎓 Exclusive Offer for Students: 50% OFF (Student ID Required)
Don’t miss out on this opportunity to learn the latest in penetration testing, vulnerability assessment, and more. Secure your spot today!
👉 Register Now: https://wa.me/message/NQLPOBIAEFDBN1
👍1
Bug Bounty-The Unseen Struggle.pdf
349.2 KB
💻Bug Bounty Story Time 💻
❇Drop A Review After Reading It❇
❇Drop A Review After Reading It❇
🔥3
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3
#bugbountytips #BugBounty
Please open Telegram to view this post
VIEW IN TELEGRAM
🕊3
If you've discovered an Insecure Direct Object Reference (IDOR) vulnerability where you can modify data belonging to others, here's a strategic approach to handle it:
1. Understand the Impact:First, assess the severity of the IDOR. If it allows you to modify critical data or perform actions with significant consequences, it's a high-impact vulnerability.
2. Avoid Temptation:Even though you could exploit the IDOR to change data, it's crucial not to do so without authorization. Unauthorized modification of data is a breach of trust and could lead to legal and ethical implications.
3. Proof of Concept (PoC):Create a PoC to demonstrate the IDOR. This could be as simple as changing a user's name or email address to something obvious, like " test@example.com ".
4. Check for XSS Vulnerability:Before escalating the IDOR, check if the application is vulnerable to Cross-Site Scripting (XSS). If user input is echoed without proper sanitization and escaping, an IDOR could be escalated to an XSS attack.
5. Escalate to XSS:If an XSS vulnerability is found, exploit it to inject a malicious noscript. This could allow you to steal cookies, perform actions on behalf of the user, or even take over the user's account (Account Takeover - ATO).
Here's a simple example of how you might escalate an IDOR to an XSS attack:
- IDOR: You can change another user's name to "test".
- XSS: You find that user input is echoed without proper sanitization. So, you change the user's name to a malicious noscript, like .
6. Report the Vulnerabilities:After creating your PoCs, report the IDOR and any XSS vulnerabilities you've found to the appropriate security team. Provide clear steps on how to reproduce the issues.
Here's how you might report it:
- IDOR: "I found that I could change another user's name to any value. Here's how to reproduce it: [steps]..."
- XSS: "I found that user input is echoed without proper sanitization, allowing for XSS attacks. Here's how to reproduce it: [steps]..."
1. Understand the Impact:
2. Avoid Temptation:
3. Proof of Concept (PoC):
4. Check for XSS Vulnerability:
5. Escalate to XSS:
Here's a simple example of how you might escalate an IDOR to an XSS attack:
- XSS: You find that user input is echoed without proper sanitization. So, you change the user's name to a malicious noscript, like
<noscript>alert('XSS Attack!')</noscript>6. Report the Vulnerabilities:
Here's how you might report it:
- XSS: "I found that user input is echoed without proper sanitization, allowing for XSS attacks. Here's how to reproduce it: [steps]..."
👍6❤2