Please open Telegram to view this post
VIEW IN TELEGRAM
🗿5❤4🔥3
https://github.com/pdelteil/scammy-bbp This repository contains a list of all the bug bounty programs that do not value the time and effort of hackers correctly. (Before you hunt on any target it's better to have reviews from other hackers)
GitHub
GitHub - pdelteil/scammy-bbp: Self-hosted bug bounty programs that are "scammy" or unethical
Self-hosted bug bounty programs that are "scammy" or unethical - pdelteil/scammy-bbp
❤10👍1
Brut Security pinned «https://github.com/pdelteil/scammy-bbp This repository contains a list of all the bug bounty programs that do not value the time and effort of hackers correctly. (Before you hunt on any target it's better to have reviews from other hackers)»
Vulnerabilities to look for in complex applications
https://x.com/Rahim7X/status/1800824051340026051?t=XgFB06JWQuTtk4e0M6cJQg&s=19
https://x.com/Rahim7X/status/1800824051340026051?t=XgFB06JWQuTtk4e0M6cJQg&s=19
X (formerly Twitter)
Rahim (@0xRahim_) on X
Few vulnerabilities to look for while testing modern web applications. #bugbounty
1) Access control and IDOR :
pull api routes from javanoscript files and wayback javanoscript. documentation and wayback documentation.
1) Access control and IDOR :
pull api routes from javanoscript files and wayback javanoscript. documentation and wayback documentation.
👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
Intigriti
Hacking misconfigured Cloudflare R2 buckets: A complete guide
Cloudflare R2 buckets are recently becoming more popular as an alternative to AWS S3 buckets for their simplicity, integration support and zero-egress fees. Customers who opt-in to use Cloudflare R2 a...
👍3❤1
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8❤1👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
app.netlas.io
Discover, Research and Monitor any Assets Available Online
Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.
Brut Security pinned «🚨 If you're looking for accurate IoT results, then Sign Up On @Netlas 😮💨 https://app.netlas.io/ref/9cc61538/»
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6
Finding Hidden Parameter & Potential XSS with Arjun + KXSS
arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss❤13
JS Recon : WaybackURLs & HTTPX
waybackurls url | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} python lazyegg[.]py "{}" --js_urls --domains --ips > urls && cat urls | grep '\.' | sort -u | xargs -I{} httpx -silent -u {} -sc -noscript -td
👍6❤3
PRO TIP TO DETECT CSTI
- in your proxy add a match and replace rule for some keywords to make changes in the response
- in your proxy add a match and replace rule for some keywords to make changes in the response
eg : TESTCSTI = {{7*9}}CVE-2024-8698: Privelege Escalation in Keycloak, 7.7 rating❗️
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
👉 Link: https://nt.ls/LJfRK
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
👉 Link: https://nt.ls/LJfRK
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
❤1
⚡TOP 100 Vulnerabilities Step-by-Step Guide Handbook
https://github.com/Zorono/Learning-PDFs/blob/main/TOP%20100%20Vulnerabilities%20Step-by-Step%20Guide%20Handbook.pdf
https://github.com/Zorono/Learning-PDFs/blob/main/TOP%20100%20Vulnerabilities%20Step-by-Step%20Guide%20Handbook.pdf
GitHub
Learning-PDFs/TOP 100 Vulnerabilities Step-by-Step Guide Handbook.pdf at main · Zorono/Learning-PDFs
Contribute to Zorono/Learning-PDFs development by creating an account on GitHub.
❤12🐳1🗿1