Want to scan for command injection vulnerabilities on auto-pilot? 😎️👇️
Commix is an open-source command injection scanner written in python to help you scan for these bugs easily!
hubs.li/Q025-9sZ0
#bugbounty tips #bugbounty
Subdominator
A powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential vulnerabilities.
github.com/RevoltSecuriti…
#bugbountytips #BugBounty
If you find Web frameworks like Symfony, add '/app_dev.php/_profiler/open?file=app/config/parameters.yml' to the wordlist, and you may get juicy data. Enjoy!'
Credit: BBR - Bug Bounty Resources 🧵
#bugbountytips #BugBounty
I hacked Cloud Computer Hackerone Triager 🧐
I got access to Cloud Computer Hackerone Triager
hackerone.com/reports/2263294
#hackerone Ganesh #bugbountytip s #bugbountytip
Stored XSS via pdf upload 🫡❤️
Tip: Upload files and check the response. Sometimes We can see the path of the uploaded file.
#BugBounty #bugbountytips
Another hit.........
#BugBounty #bugbountytip s #bugbountytip
Bug-: Sensitive Data Exposure
Tip -: Recon your target at least 2 hours a day.
#alhamdulillah #BugBounty #bugbountytips idor to information disclosure
Target/api/v1/cart?hash=ieje73838jrnrkei837
Change hash to Id=1
Use ShodanX to find #Originip IP of your Target🎯
ShodanX: shorturl.at/eruB0
#BugBounty #bugbountytips
🔎 Recursive Fuzzing with WFUZZ 💻
wfuzz -c -z file,wordlist -R 3 --sc 301,200 target/FUZZ
#bugbounty tips #bugbounty
Just in case you still use gau...
it no longer gets any links back from Wayback Machine because of a change to their API.
Use: github.com/xnl-h4ck3r/way…
Credit: / XNL -н4cĸ3r (@[email protected])
#bugbounty tips #bugbounty
Yay, I was awarded a $750 + $250 bounty on HackerOne! hackerone.com/roberto99 #TogetherWeHitHarder #bugbounty #bugbounty tips
Tips : Always Fuzz !
/config.php.old
/config.php.bak
6 Tools for Hackers
#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #oscp #cybersecurity awareness #bugbounty #bugbounty tips
If you find Web frameworks like Symfony, add '/app_dev.php/_profiler/open?file=app/config/parameters.yml' to the wordlist, and you may get juicy data. Enjoy!'
#bugbountytip s #bugbountytip #cybersecurity #ethicalhacking
Stored XSS via cache poisoning 🧪
Tired of Akamai WAF, try this payload:
'><a nope='%26quot;x%26quot;'onmouseover='Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))'>
credit: Rachid.A
#bugbountytips #bugbountytips
bypass alert ==> [alert][0].call(this,1)
credit: BBR - Bug Bounty Resources 🧵
#bugbounty #bugbounty tips
📷 Learn SSRF 📷
[+] portswigger.net/web-security/s…
[X] book.hacktricks.xyz/.../ssrf-serve…...
[*] gowthams.gitbook.io/.../list-of...…
[-] youtube.com/watch?v=1pyoYa…
📷Tryhackme Lab:- 📷
1. tryhackme.com/r/room/ssrfqi
2. tryhackme.com/r/room/ssrfhr
#BugBounty #bugbountytips #ssrf
Hey everyone, I have found multiple HTML injection in chat bot, should I report this?
#BugBounty #bugbountytips
1. payload <img src='index.jpg' alt='@coffinxp in a Jacket' width='1000' height='600'>