Decompiled an Android app and discovered an endpoint vulnerable to SQLi.
Don't overlook mobile apps. they can be a goldmine for juicy things
#bugbounty #bugbounty tips
Admin Panel Takeover.. Self Hosted programโฆ ATO is lub โค๏ธ
And then I found IDOR in whole panel ๐.
#BugBounty #ethicalhacking
I just added an extra property 'is-site-admin':true, and voilร , I became one of the site admins.๐คฃ๐คฃ๐คฃ๐ค๐ค #bugbounty
๐ขa XSS payload, Cuneiform-alphabet based ! ๐='',๐บ=!๐+๐,๐=!๐บ+๐,๐บ=๐+{},๐=๐บ[๐++], ๐=๐บ[๐ซ=๐],๐=++๐ซ+๐,๐น=๐บ[๐ซ+๐],๐บ[๐น+=๐บ[๐] +(๐บ.๐+๐บ)[๐]+๐[๐]+๐+๐+๐บ[๐ซ]+๐น+๐+๐บ[๐] +๐][๐น](๐[๐]+๐[๐ซ]+๐บ[๐]+๐+๐+'(๐)')()
#bugbounty #bugbounty tips
Yeay, I was awarded for a valid submission on HackenProof hackenproof.com #hackenproofed #bugbounty
OSI Layers and Attacks
#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #linux #cybersecurity awareness #bugbounty #bugbounty tips
Every month, I always check my target for new features because new features are possible for bugs.
#bugbounty #bugbounty tips
Files Containing Juicy Info inurl:'/.vscode/sftp.json'
#bugbounty #bugbounty tips #bugbounty tip #cybersecurity #ethicalhacking
Network Security Illustrated
#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #linux #cybersecurity awareness #bugbounty #bugbounty tips
After 6 hours, found this insane IDOR!
Tip: Never skip JavaScript files, even if they look unimportant.. Many hackers do, apparently :D
#BugBounty #bugbountytip s #bugbountytip
Basic XSS Encoding Tips โฌ
1) alert = window['al'+'ert']
2) bypass () with ``
3) replace space with /
4) encode symbols:
< = %3c
> = %3e
' = %22
[ = %5b
] = %5d
` = %60
Example Payload:
%3csvg/onload=window%5b'al'+'ert'%5d`1337`%3e
#bugbounty #bugbounty tips #hackthebox
OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion
github.com/OWASP/OFFAT
#bugbounty #pentesting #redteam