elsec
@adrielsec
🙋♂️Ethical Hacker🪓👨💻
ID:65976419
https://linktr.ee/elsec 15-08-2009 20:57:15
6,0K Tweets
3,0K Followers
229 Following
IDOR + ATO Account Takeover via Reset Password
- a logged in area;
- intercept password change request;
- change username to another;
- if u have successfully changed user pass, u have an IDOR + ATO;
Impact: Critical
#bugbounty #bugbounty tips #bugbounty tip
Found Jolokia endpoint?
/actuator/jolokia/
Try LFI (local file inclusion) (misconfig)
PoC: xxxx[.]com/actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd
#bugbounty #bugbounty tips #bugbounty tip #lfi
App running moodle?🔥
Ex URL: https://xxx/mod/lti/auth.php
We can test an openredirect payload in the redirect_uri parameter
?redirect_uri=//example.com
Ref OWASP: cheatsheetseries.owasp.org/cheatsheets/Un…
#bugbounty #bugbounty tip #bugbounty tips
Bypass open redirection whitelisted using chinese dots:
%E3%80%82
Tip: Keep eyes on SSO redirects
#bugbounty #bugbounty tips #bugbounty tip
PoC + Nuclei + Query CVE-2024-25600 Unauth RCE - WordPress Bricks <= 1.9.6 CVSS 9.8
Query Fofa: body='/wp-content/themes/bricks/'
PoC: github.com/Chocapikk/CVE-…
Nuclei: github.com/Christbowel/CV…
#bugbounty #bugbounty tip #bugbounty tips
Password reset link hijacked via host header poisoning:
Requested password reset, intercepted with Burp, added under Host (X-Forwarded-Host: xxx.com)
#bugbounty #bugbounty tips #bugbounty tip
Payload XSS (cross-site scripting) on login page:
');\\</script><script>alert(document.cookie)</script>('%[email protected]
#bugbounty #bugbounty tips #bugbounty tip
PoC CVE-2023-6553 RCE Unauth Backup Migration plugin < 1.3.7, via /includes/backup-heart.php. According to official Wordpress statistics, 50k sites running WordPress still use the vulnerable version.
github.com/Chocapikk/CVE-…
#bugbounty #bugbounty tip #bugbounty tips #hacking
PoC CVE-2023-27524 Insecure Default Configuration in Apache Superset Leads to RCE (Remote Code Execution) + Shodan Dork:
github.com/horizon3ai/CVE…
Shodan Dork: http.favicon.hash:1582430156
#bugbounty #bugbounty tips #bugbounty tip
PoC CVE-2023-46214 Splunk Enterprise RCE (Remote Code Execution)
github.com/nathan31337/Sp…
blog.hrncirik.net/cve-2023-46214…
#bugbounty #bugbounty tip #bugbounty tips
PoC CVE-2023-3452 RCE / RFI Unauthenticated
Wordpress Plugin Canto < 3.0.5
github.com/leoanggal1/CVE…
#bugbounty #bugbounty tips #bugbounty tip
PoC Privilege Escalation in Ubuntu/Kali Linux (CVE-2023-2640 and CVE-2023-32629)
Code is available at: gist.github.com/win3zz/aa1ac16…
For more details, refer to the original research article: wiz.io/blog/ubuntu-ov…
#hacking #bugbounty #bugbounty tip #bugbounty tips #ubuntu
XSS (dalfox)
Open redirect (Oralyzer)
SSRF (headers interactsh, param values with ffuf)
CRLF (crlfuzz)
LFI (ffuf)
SQLi (SQLMap, ghauri)
SSTI (ffuf)
SSL (testssl)
Broken Links (katana)
Prototype Pollution (ppfuzz)
4XX Bypasser (byp4xx)
#bugbounty #bugbounty tips #bugbounty tip
Confluence Broken Access Control CVE-2023-22515
PoC: yuvvi21.medium.com/confluence-cve…
Nuclei template: github.com/projectdiscove…
Exploit: github.com/Chocapikk/CVE-…
#bugbounty #bugbounty tip #bugbounty tips