KAsh Security

379 posts

KAsh Security

@KAshSecurity

Joined Eylül 2021

626 Following399 Followers

KAsh Security retweeted

7h3h4ckv157@7h3h4ckv157·21 May

MOBEXLER 📍 A Mobile Application Penetration Testing Platform github.com/enciphers-team… NB: Content Sharing != Content Stealing #Hacking #infosecurity #infosec #Pentesting #redteam #pwn #CyberSecurity #CTF #CyberSecurity #ArtificialIntelligence #CyberSecurityAwareness

English

200

13.6K

KAsh Security retweeted

Will Gates@WllGates·3 May

Bypass open redirection whitelisted using chinese dots: 👀🔓🔍 %E3%80%82 Tip: Keep eyes on SSO redirects 😉🔀 credit: @adrielsec #bugbounty #bugbountytips

English

263

15.3K

KAsh Security retweeted

RootMoksha Labs@RootMoksha·3 May

If you are trying to access an endpoint and get 403 try this /api/docs/index.html ==> 403 Forbidden /api/Docs/index.html ==> 200 Ok By:@D0L0RESH4Z3 #BugBounty #bugbountytips

English

150

5.7K

KAsh Security retweeted

Bug Bounty Insights 🪄@bbr_bug·25 Nis

Web App pentesting checklist is here.

English

3.4K

KAsh Security retweeted

Bug Bounty Insights 🪄@bbr_bug·28 Nis

Here are XSS Payloads To Bypass Firewall Credit/source- @Pwn4arn

English

111

5.4K

KAsh Security retweeted

Gudetama@gudetama_bf·26 Nis

English

181

11.8K

KAsh Security retweeted

Coffin@lostsec_·26 Nis

POSSIBLE HEADER INJECTION POINT WHERE YOU CAN TEST PAYLOADS :) #BugBounty #bugbountytips

English

144

7.2K

KAsh Security retweeted

RootMoksha Labs@RootMoksha·26 Nis

Looking for another way to call "alert(1)" for #XSS? Add this one to your list: 'a'.replace.call`1${/./}${alert}`/ By:@grumpzsux #bugbountytips #bugbounty

English

2.8K

KAsh Security retweeted

Divyansh Sharma@divyansh2401·26 Nis

Found an Email Verification Bypass. Tip: There is IP-based rate limiting so I used IP-Rotator Burp Extension and Bypassed the Rate Limting. #BugBounty #bugbountytip #bugbountytips #togetherwehitharder

English

199

16.9K

KAsh Security retweeted

N$🌟@nav1n0x·26 Nis

Another day, another #SQLInjection. This time, it's in the User-Agent header, leading a full database takeover. Keep testing SQLi on everything and everywhere... #SQL #SQLinjection #BugBounty.

English

131

937

78.9K

KAsh Security retweeted

Coffin@lostsec_·25 Nis

ADVANCE CRLF INJECTION ;)

English

KAsh Security retweeted

Coffin@lostsec_·25 Nis

BUG HUNTING METHODOLOGY BY COFFIN ;)

English

121

540

34.5K

KAsh Security retweeted

Justin Gardner@Rhynorater·10 Ağu

I've made over 100k on SSRF vulnerabilities. They aren't always as simple as pointing it at localhost or AWS Metadata service. Here are some tricks I've picked up over the past 5 years of web app testing:

English

950

3.3K

449.4K

KAsh Security retweeted

N$🌟@nav1n0x·23 Nis

I just added an extra property 'is-site-admin':true, and voilà, I became one of the site admins.🤣🤣🤣🤟🤟#bugbounty

English

620

53.9K

KAsh Security retweeted

Américo@americosmjr·6 Oca

If your target scope is small: Dive into the main JavaScript files. I spotted an open redirect in just 5 minutes this way, earning just €100 Tools I use: • Hakrawler for extracting JavaScript files. • LinkFinder for endpoint discovery in JS files. Check the links bellow ↓

English

355

24.9K

KAsh Security@KAshSecurity·1 Ara

@aroly @albinowax Found anything?

English

KAsh Security retweeted

VAIDIK PANDYA@h4x0r_fr34k·21 Kas

Daily Notes : Day 34 Phone Number Parameter Explotation It's possible to add strings at the end the phone number that could be used to exploit common injections (XSS, SQLi, SSRF etc…. ) Check Link and image Reference: book.hacktricks.xyz/pentesting-web…