Please open Telegram to view this post
VIEW IN TELEGRAM
👍3
#bugbountytips #BugBounty
Please open Telegram to view this post
VIEW IN TELEGRAM
🕊3
If you've discovered an Insecure Direct Object Reference (IDOR) vulnerability where you can modify data belonging to others, here's a strategic approach to handle it:
1. Understand the Impact:First, assess the severity of the IDOR. If it allows you to modify critical data or perform actions with significant consequences, it's a high-impact vulnerability.
2. Avoid Temptation:Even though you could exploit the IDOR to change data, it's crucial not to do so without authorization. Unauthorized modification of data is a breach of trust and could lead to legal and ethical implications.
3. Proof of Concept (PoC):Create a PoC to demonstrate the IDOR. This could be as simple as changing a user's name or email address to something obvious, like " test@example.com ".
4. Check for XSS Vulnerability:Before escalating the IDOR, check if the application is vulnerable to Cross-Site Scripting (XSS). If user input is echoed without proper sanitization and escaping, an IDOR could be escalated to an XSS attack.
5. Escalate to XSS:If an XSS vulnerability is found, exploit it to inject a malicious noscript. This could allow you to steal cookies, perform actions on behalf of the user, or even take over the user's account (Account Takeover - ATO).
Here's a simple example of how you might escalate an IDOR to an XSS attack:
- IDOR: You can change another user's name to "test".
- XSS: You find that user input is echoed without proper sanitization. So, you change the user's name to a malicious noscript, like .
6. Report the Vulnerabilities:After creating your PoCs, report the IDOR and any XSS vulnerabilities you've found to the appropriate security team. Provide clear steps on how to reproduce the issues.
Here's how you might report it:
- IDOR: "I found that I could change another user's name to any value. Here's how to reproduce it: [steps]..."
- XSS: "I found that user input is echoed without proper sanitization, allowing for XSS attacks. Here's how to reproduce it: [steps]..."
1. Understand the Impact:
2. Avoid Temptation:
3. Proof of Concept (PoC):
4. Check for XSS Vulnerability:
5. Escalate to XSS:
Here's a simple example of how you might escalate an IDOR to an XSS attack:
- XSS: You find that user input is echoed without proper sanitization. So, you change the user's name to a malicious noscript, like
<noscript>alert('XSS Attack!')</noscript>6. Report the Vulnerabilities:
Here's how you might report it:
- XSS: "I found that user input is echoed without proper sanitization, allowing for XSS attacks. Here's how to reproduce it: [steps]..."
👍6❤2
Please open Telegram to view this post
VIEW IN TELEGRAM
❤🔥15🔥5💯2👍1👏1
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4👍3🔥1🫡1
DiosProStarFordNG.txt
4.4 KB
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3
`site:linktr.ee + keyword`
Please open Telegram to view this post
VIEW IN TELEGRAM
👏5❤2👍2🔥2
Please open Telegram to view this post
VIEW IN TELEGRAM
🤣30😁1
My Fav Music While Hunting For Bugs🥰🥰🥰
https://www.youtube.com/watch?v=UdA88SmDXb4
https://www.youtube.com/watch?v=UdA88SmDXb4
YouTube
💮La Maritza but it’s my favorite part | Sylvie Vartan | 1Hour | Slowed + Reverb
🐔🎀 𝒹❀𝓃𝓉 𝒻💍𝓇𝑔𝑒𝓉 𝓉❁ 𝓁𝒾𝓀𝑒 𝒶𝓃𝒹 𝓈𝓊𝒷𝓈𝒸𝓇𝒾𝒷𝑒 🎀🐔
𝒻💮𝓁𝓁♡𝓌 𝓂𝑒 🍩𝓃 𝒾𝓃𝓈𝓉𝒶𝑔𝓇𝒶𝓂 -
https://instagram.com/unxstapable/
You can Support me if you want :) - https://www.patreon.com/unxstapable
𝒻💮𝓁𝓁♡𝓌 𝓂𝑒 🍩𝓃 𝒾𝓃𝓈𝓉𝒶𝑔𝓇𝒶𝓂 -
https://instagram.com/unxstapable/
You can Support me if you want :) - https://www.patreon.com/unxstapable
CVE-2024-22116: RCE in Zabbix, 9.9 rating 🔥
Lack of escaping for noscript parameters allows an attacker to execute arbitrary code.
Search at Netlas.io:
👉 Link: https://nt.ls/KoYW4
👉 Dork: http.favicon.hash_sha256:22b06a141c425c92951056805f46691c4cd8e7547ed90b8836a282950d4b4be2
Vendor's advisory: https://support.zabbix.com/browse/ZBX-25016
Lack of escaping for noscript parameters allows an attacker to execute arbitrary code.
Search at Netlas.io:
👉 Link: https://nt.ls/KoYW4
👉 Dork: http.favicon.hash_sha256:22b06a141c425c92951056805f46691c4cd8e7547ed90b8836a282950d4b4be2
Vendor's advisory: https://support.zabbix.com/browse/ZBX-25016
🔥2
Please open Telegram to view this post
VIEW IN TELEGRAM
❤7👍1
Brut Security
Don't Spam or else will be banned, do respect everyone. Read the criteria, if matched then share you CV or else don't.
👍1
# Google Dorks Cli
# https://github.com/six2dez/degoogle_hunter
degoogle_hunter.sh company.com
# Google dorks helper
https://dorks.faisalahmed.me/
# Code share sites
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://jsfiddle.net "company"
# GitLab/GitHub/Bitbucket
site:github.com | site:gitlab.com | site:bitbucket.org "company"
# Stackoverflow
site:stackoverflow.com "target.com"
# Project management sites
site:http://trello.com | site:*.atlassian.net "company"
# Pastebin-like sites
site:http://justpaste.it | site:http://pastebin.com "company"
# Config files
site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:env | ext:ini
# Database files
site:target.com ext:sql | ext:dbf | ext:mdb
# Backup files
site:target.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
# .git folder
inurl:"/.git" target.com -github
# Exposed documents
site:target.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
# Other files
site:target.com innoscript:index.of | ext:log | ext:php innoscript:phpinfo "published by the PHP Group" | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor | inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config | inurl:"/phpinfo.php" | inurl:".htaccess" | ext:swf
# SQL errors
site:target.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
# PHP errors
site:target.com "PHP Parse error" | "PHP Warning" | "PHP Error"
# Login pages
site:target.com inurl:signup | inurl:register | innoscript:Signup
# Open redirects
site:target.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
# Apache Struts RCE
site:target.com ext:action | ext:struts | ext:do
# Search in pastebin
site:pastebin.com target.com
# Linkedin employees
site:linkedin.com employees target.com
# Wordpress files
site:target.com inurl:wp-content | inurl:wp-includes
# Subdomains
site:*.target.com
# Sub-subdomains
site:*.*.target.com
#Find S3 Buckets
site:.s3.amazonaws.com | site:http://storage.googleapis.com | site:http://amazonaws.com "target"
# Traefik
innoscript:traefik inurl:8080/dashboard "target"
# Jenkins
innoscript:"Dashboard [Jenkins]"
# https://github.com/six2dez/degoogle_hunter
degoogle_hunter.sh company.com
# Google dorks helper
https://dorks.faisalahmed.me/
# Code share sites
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://jsfiddle.net "company"
# GitLab/GitHub/Bitbucket
site:github.com | site:gitlab.com | site:bitbucket.org "company"
# Stackoverflow
site:stackoverflow.com "target.com"
# Project management sites
site:http://trello.com | site:*.atlassian.net "company"
# Pastebin-like sites
site:http://justpaste.it | site:http://pastebin.com "company"
# Config files
site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:env | ext:ini
# Database files
site:target.com ext:sql | ext:dbf | ext:mdb
# Backup files
site:target.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
# .git folder
inurl:"/.git" target.com -github
# Exposed documents
site:target.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
# Other files
site:target.com innoscript:index.of | ext:log | ext:php innoscript:phpinfo "published by the PHP Group" | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor | inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config | inurl:"/phpinfo.php" | inurl:".htaccess" | ext:swf
# SQL errors
site:target.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
# PHP errors
site:target.com "PHP Parse error" | "PHP Warning" | "PHP Error"
# Login pages
site:target.com inurl:signup | inurl:register | innoscript:Signup
# Open redirects
site:target.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
# Apache Struts RCE
site:target.com ext:action | ext:struts | ext:do
# Search in pastebin
site:pastebin.com target.com
# Linkedin employees
site:linkedin.com employees target.com
# Wordpress files
site:target.com inurl:wp-content | inurl:wp-includes
# Subdomains
site:*.target.com
# Sub-subdomains
site:*.*.target.com
#Find S3 Buckets
site:.s3.amazonaws.com | site:http://storage.googleapis.com | site:http://amazonaws.com "target"
# Traefik
innoscript:traefik inurl:8080/dashboard "target"
# Jenkins
innoscript:"Dashboard [Jenkins]"
GitHub
GitHub - six2dez/degoogle_hunter: Simple fork from degoogle original project with bug hunting purposes
Simple fork from degoogle original project with bug hunting purposes - six2dez/degoogle_hunter
👍9❤1
".mlab.com password""access_key"
"access_token""amazonaws"
"api.googlemaps AIza""api_key"
"api_secret""apidocs"
"apikey""apiSecret"
"app_key""app_secret"
"appkey""appkeysecret"
"application_key""appsecret"
"appspot""auth"
"auth_token""authorizationToken"
"aws_access""aws_access_key_id"
"aws_key""aws_secret"
"aws_token""AWSSecretKey"
"bashrc password""bucket_password"
"client_secret""cloudfront"
"codecov_token""config"
"conn.login""connectionstring"
"consumer_key""credentials"
"database_password""db_password"
"db_username""dbpasswd"
"dbpassword""dbuser"
"dot-files"
"dotfiles""encryption_key"
"fabricApiSecret""fb_secret"
"firebase""ftp"
"gh_token""github_key"
"github_token""gitlab"
"gmail_password""gmail_username"
"herokuapp""internal"
"irc_pass""JEKYLL_GITHUB_TOKEN"
"key""keyPassword"
"ldap_password""ldap_username"
"login""mailchimp"
"mailgun""master_key"
"mydotfiles""mysql"
"node_env""npmrc _auth"
"oauth_token""pass"
"passwd""password"
"passwords""pem private"
"preprod""private_key"
"prod""pwd"
"pwds"
"rds.amazonaws.com password""redis_password"
"root_password""secret"
"secret.password""secret_access_key"
"secret_key""secret_token"
"secrets""secure"
"security_credentials""send.keys"
"send_keys"
"sendkeys""SF_USERNAME salesforce"
"sf_username""site.com" FIREBASE_API_JSON=
"site.com" vim_settings.xml"slack_api"
"slack_token""sql_password"
"ssh""ssh2_auth_password"
"sshpass""staging"
"stg""storePassword"
"stripe""swagger"
"testuser""token"
"x-api-key""xoxb "
"xoxp"[WFClient] Password= extension:ica
access_keybucket_password
dbpassworddbuser
extension:avastlic "support.avast.com"extension:bat
extension:cfgextension:env
extension:exsextension:ini
extension:json api.forecast.ioextension:json googleusercontent client_secret
extension:json mongolab.comextension:pem
extension:pem privateextension:ppk
extension:ppk privateextension:properties
extension:shextension:sls
extension:sqlextension:sql mysql dump
extension:sql mysql dump passwordextension:yaml mongolab.com
extension:zshfilename:.bash_history
filename:.bash_history DOMAIN-NAMEfilename:.bash_profile aws
filename:.bashrc mailchimpfilename:.bashrc password
filename:.cshrcfilename:.dockercfg auth
filename:.env DB_USERNAME NOT homesteadfilename:.env MAIL_HOST=smtp.gmail.com
filename:.esmtprc passwordfilename:.ftpconfig
filename:.git-credentialsfilename:.history
filename:.htpasswdfilename:.netrc password
filename:.npmrc _authfilename:.pgpass
filename:.remote-sync.jsonfilename:.s3cfg
filename:.sh_historyfilename:.tugboat NOT _tugboat
filename:_netrc passwordfilename:apikey
filename:bashfilename:bash_history
filename:bash_profilefilename:bashrc
filename:beanstalkd.ymlfilename:CCCam.cfg
filename:composer.jsonfilename:config
filename:config irc_passfilename:config.json auths
filename:config.php dbpasswdfilename:configuration.php JConfig password
filename:connectionsfilename:connections.xml
filename:constantsfilename:credentials
filename:credentials aws_access_key_idfilename:cshrc
filename:databasefilename:dbeaver-data-sources.xml
filename:deployment-config.jsonfilename:dhcpd.conf
filename:dockercfgfilename:environment
filename:express.conffilename:express.conf path:.openshift
filename:filezilla.xmlfilename:filezilla.xml Pass
filename:git-credentialsfilename:gitconfig
filename:globalfilename:history
filename:htpasswdfilename:hub oauth_token
filename:id_dsafilename:id_rsa
filename:id_rsa or filename:id_dsafilename:idea14.key
filename:known_hostsfilename:logins.json
filename:makefilefilename:master.key path:config
filename:netrcfilename:npmrc
filename:passfilename:passwd path:etc
filename:pgpassfilename:prod.exs
filename:prod.exs NOT prod.secret.exsfilename:prod.secret.exs
filename:proftpdpasswdfilename:recentservers.xml
filename:recentservers.xml Passfilename:robomongo.json
filename:s3cfgfilename:secrets.yml password
filename:server.cfgfilename:server.cfg rcon password
filename:settingsfilename:settings.py SECRET_KEY
filename:sftp-config.jsonfilename:sftp-config.json password
filename:sftp.json path:.vscodefilename:shadow
filename:shadow
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4❤2
🚨 Breaking O-Auth: 4 Days Challenge 🚨
Are you ready to put your cybersecurity skills to the test? Join us in the Breaking O-Auth: 4 Days Challenge by @Mebledy and dive deep into the world of OAuth! Over the next four days, you'll explore, exploit, and defend against real-world vulnerabilities in one of the most critical authorization frameworks on the web.
🔐 What’s in store?
- Day 1: Learn the basics and set up your vulnerable OAuth environment.
- Day 2: Identify and exploit common OAuth vulnerabilities.
- Day 3: Master advanced attack vectors and bypass techniques.
- Day 4: Secure OAuth and implement strong defense strategies.
This challenge is perfect for security enthusiasts, penetration testers, and developers looking to level up their web security game. Whether you're just starting out or a seasoned pro, there’s something here for everyone.
💥 Ready to take on the challenge? Join us and showcase your skills!
#CyberSecurity #OAuth #PenetrationTesting #InfoSec #WebSecurity #ChallengeAccepted #TechCommunity #LearningJourney #HackingChallenge #EthicalHacking #SecureCode
🔗 https://nas.io/brutsecurity/challenges/breaking-oauth-4-days-challenge
Are you ready to put your cybersecurity skills to the test? Join us in the Breaking O-Auth: 4 Days Challenge by @Mebledy and dive deep into the world of OAuth! Over the next four days, you'll explore, exploit, and defend against real-world vulnerabilities in one of the most critical authorization frameworks on the web.
🔐 What’s in store?
- Day 1: Learn the basics and set up your vulnerable OAuth environment.
- Day 2: Identify and exploit common OAuth vulnerabilities.
- Day 3: Master advanced attack vectors and bypass techniques.
- Day 4: Secure OAuth and implement strong defense strategies.
This challenge is perfect for security enthusiasts, penetration testers, and developers looking to level up their web security game. Whether you're just starting out or a seasoned pro, there’s something here for everyone.
💥 Ready to take on the challenge? Join us and showcase your skills!
#CyberSecurity #OAuth #PenetrationTesting #InfoSec #WebSecurity #ChallengeAccepted #TechCommunity #LearningJourney #HackingChallenge #EthicalHacking #SecureCode
🔗 https://nas.io/brutsecurity/challenges/breaking-oauth-4-days-challenge
nas.io
Breaking O-Auth : 4 Days Challenge
4 days • Challenge by Rahim7x
❤8👍1🔥1👌1
Brut Security pinned «🚨 Breaking O-Auth: 4 Days Challenge 🚨 Are you ready to put your cybersecurity skills to the test? Join us in the Breaking O-Auth: 4 Days Challenge by @Mebledy and dive deep into the world of OAuth! Over the next four days, you'll explore, exploit, and defend…»