CLI Tools for admin
#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #oscp #cybersecurity awareness #bugbounty #bugbounty tips
If you are trying to access an endpoint and get 403
try this
/api/docs/index.html ==> 403 Forbidden
/api/Docs/index.html ==> 200 Ok
By:Zayed 🇵🇸
#BugBounty #bugbountytips
Sql Injection
Payload : -10'XOR(if(now()=sysdate(),sleep(20),0))XOR'Z
Credit:Lu3ky13 ⚡️⚡️
#bugbountytips #BugBounty
💡Some applications will only block basic XSS payloads containing tags <script>, <img> etc..
Use portswigger XSS cheatsheet
portswigger.net/web-security/c…
❌alert()
✅prompt(document.domain)
Double , triple encode as well
(HTML,URL,base64,etc...)
#BugBounty #bugbountytips
🚨Open Redirect Bypasses🚨
Join Telegram for More t.me/brutsecurity/3…
#bugbounty #bugbounty tips #ethicalhacking #cybersecurity
Bypass open redirection whitelisted using chinese dots: 👀🔓🔍
%E3%80%82
Tip: Keep eyes on SSO redirects 😉🔀
credit: elsec
#bugbounty #bugbounty tips
what a nice day, 500 reputation on hackerone and google swag arrived:)
#bugbounty #hackerone #googlevrp
Google Dorking with ease.
Dorki.io - dorki.io
#bugbounty #ethicalhacking #recon #osint #hackforgood #infosec
Sql Injection
Payload : -10'XOR(if(now()=sysdate(),sleep(20),0))XOR'Z
#bugbountytips #BugBounty #SqlInjection
First day on a new private program and a very interesting account takeover. This may be a duplicate, but let's hope and see the first reply!🙏
Read comments for a full bug description and how the takeover was made⤵️
#BugBounty #bugbountytips
Yay, I was awarded a $500 bounty on HackerOne! hackerone.com/divyansh2401 #TogetherWeHitHarder #bugbounty
Hey Hackers! 👋
Share & Bookmark these BugBounty Writeups!
Credit Links:
- writeups.io
- pentester.land/writeups
- infosecwriteups.com/tagged/bug-bou…
- github.com/fardeen-ahmed/…
#Hacking #infosec #Pentesting #redteam #bugbountytips #cybersecuritytips #BugBounty
Hey hey hey, hello kids, tun4hunt is back in business after 100 years 😂😂😂
Tip: An application that accepts an email address during registration might not accept it when updating the profile, be careful 👀
#bugbounty #bounty #pentest #redteam #bugbounty tips #vulnerabilities
Added a new 'Search' feature in iScan.today. Now you can search for any keyword in the already scanned docker layers.
Using this you can scan a docker hub account and then manually search for keywords instantly.
#buildinpublic #bugbounty #iScanToday