-
I was tired of outdated XSS cheat sheets that don't touch on frameworks, html5, filter bypasses and other important stuff, so I made my own. I hope you find it as useful as I do. :) https://netsec.expert/2020/02/01/xss-in-2020.html …
#bugbountytips pic.twitter.com/Mdygq1PI9Z
-
==API TIPS== To welcome the new year, we published a daily tip on API Security & API Pentesting during the month of January 2020. Check out my new article and explore 31 tips + interesting insights about them. https://medium.com/@inonst/31-tips-api-security-pentesting-480b5998b765 …
#bugbountytips -
Look what I found on
@LinkedIn
Have fun my friends, BUG OUT.
#CyberSecurity#Security#BugBountyTip#bugbountytips#Hackers#SecurityResearcher#TheCyberSecurityHubpic.twitter.com/8oCpnkRIly
-
I just got a fancy idea to create strings in
#javascript without using dangerous characters
Inspired by @garethheyes challenge from@WebSecAcademy.#bugbountytips#xsspic.twitter.com/GiAe0REwLI
Prikaži ovu nit -
6000 hackerone disclosed reports at one place. http://sec.eddyproject.com/6000-hackerone-disclosed-reports/ …
#hacking#pentesting#bugbounty#recon#pentest#infosec#cybersecurity#itsecurity#websecurity#appsec#hacker#security#Hackers#Android#Androidhacking#bugbountytips#bugbountytip#hackerone -
#bugbountytips Some lesser known 0-click XSS vectors: <object data="data:text/html,<script>alert(5)</script>"> <iframe srcdoc="<svg onload=alert(4);>"> <object data=javascript:alert(3)> <iframe src=javascript:alert(2)> <embed src=javascript:alert(1)> -
CSP bypass for googleapis[.]com/customsearch/
#bugbountytips pic.twitter.com/dOi3IWfxxg
-
Got my first remote code execution on bug bounty program.Nothing is more beautiful than...... Tip? Just keep scanning for hidden directory until you found something else.
#bugbountytips pic.twitter.com/VWJe8wIxLs
Prikaži ovu nit -
#bugbountytips#bugbounty#infosec Awesome Payloads Server-Side Template Injection Linux - Privilege Escalationhttps://github.com/Dhamuharker/Server-Side-Template-Injection … -
Hey bug hunters! Want a look at some of the top vulnerabilities ever found on
@Dropbox ? They just released the last blog post I wrote before leaving. Enjoy!#bugbountytips https://blogs.dropbox.com/tech/2020/02/dropbox-bug-bounty-program-has-paid-out-over-1000000/ …Prikaži ovu nit -
Simple 2FA bypass tip: Account setting > Change email > Logout > Login with password via email confirm link > 2FA won't ask when the backend check for login email.(only for rare cases)
#bugbountytips -
-API TIP:26/31- Looking for BOLA (IDOR) in APIs? got 401/403 errors? AuthZ bypass tricks: * Wrap ID with an array {“id”:111} --> {“id”:[111]} * JSON wrap {“id”:111} --> {“id”:{“id”:111}} * Send ID twice URL?id=<LEGIT>&id=<VICTIM> * Send wildcard {"user_id":"*"}
#bugbountytipsPrikaži ovu nit -
#bugbountytips#bugbounty Login Page Authentication bypass: Any file name / authorize account/connect/authorize home/authorize dashboard/authorize account/authorize/pic.twitter.com/Otm5sb8DS3
-
Yes I earned $3180. Tools : Sub Scanner : https://github.com/cihanmehmet/sub.sh … Dir Scanner : https://github.com/maurosoria/dirsearch … Git Dumper : https://github.com/internetwache/GitTools/tree/master/Dumper …
#BugBounty#bugbountytips#bugbountytip#whitehat#infosecpic.twitter.com/6Qy1JEiDWM
-
Got a survey from? Don't only test for blind xss Try this once
#bugbountytips pic.twitter.com/w2jr5FMLec
-
webapp bugbounty tips : https://gowsundar.gitbook.io/book-of-bugbounty-tips/untitled-2 … https://gowsundar.gitbook.io/book-of-bugbounty-tips/untitled-3 … https://gowsundar.gitbook.io/book-of-bugbounty-tips/tips-from-jasonhaddix … https://gowsundar.gitbook.io/book-of-bugbounty-tips/tips-from-ben … https://gowsundar.gitbook.io/book-of-bugbounty-tips/tips-fro-yogoshaofficial … https://gowsundar.gitbook.io/book-of-bugbounty-tips/tips-from-user-blogs …
#bugbountytips#pentesting -
I just published "Bypassing Captcha !"
#bugbounty#bug#bounty#bugbountytips https://link.medium.com/cbkPwqpfz2 -
GET /xyz 404 NOT FOUND GET /xyz/abc 200 OK GET /xyz 403 FORBIDDEN GET /xyz/abc 200 OK Look everywhere !!!
#bugbountytips#bugbountytip -
For those who are asking How I found my last SQL injection Here is a simple POC
#bugbounty#bugbountytips#TogetherWeHitHarder#hackingpic.twitter.com/gRSPYNFjP6
Prikaži ovu nit
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.