bug-bounty-tips

Bug Bounty Hint- Google Dork

September 28, 2022 localghost 0

Bug Bounty Hint! You can try following Google Dork to find Open Redirect or XSS endpoints Site:*.example.com inurl:return return_to return_uri redirect redirect_to redirect_uri page site […]

SSRF Parameters For Bug Bounty

July 23, 2022 localghost 0

1.?host=2.?redirect=3.?uri=4.?path=5.?continue=6.?url=7.?window=8.?next=9.?data=10.?image-source=11.?n=12.?to=13.?follow=14.?u=15.?go=16.?fetch=17.?source=18.?img-src= To apply this, use BurpSuite then intercept a request then send a request to spider because visitining all the page and finally go to […]

bug-bounty-tips

Top SQL Injection Parameters

April 8, 2022 localghost 0

First of all find parameter with google dorking and after that try all parameters. ?id={payload} ?page=={payload} ?dir={payload} ?search={payload} ?category={payload} ?class={payload} ?file={payload} ?url={payload} ?news={payload} ?item={payload} Good […]

XSS SSRF CRLF CSV-Injection Command Injection LFI Open-Redirect RCE Crypto Template Injection XSLT Content Injection LDAP Injection NoSQL Injection CSRF Injection GraphQL Injection IDOR ISCM LaTex Injection OAuth XPATH Injection Bypass Upload Tricky

Complete Bug Bounty Cheat Sheet

October 30, 2021 localghost 0

Everthing about Bug Bounty you need to know is here. XSS•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/xss.md• https://github.com/ismailtasdelen/xss-payload-list SQLi•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/sqli.md SSRF•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/ssrf.md• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery CRLF•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/crlf.md • https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection CSV-Injection•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/csvinjection.md• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection Command Injection• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20InjectionDirectory Traversal• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal […]

XXE Dorks,XXE vuln

WHERE TO LOOK FOR XXE?

October 2, 2021 localghost 0

Find XXE Vulnerability, XXE Dorks 1-Functionality that parses SVG files 2-Functionality that parses sitemap.xml files 3-SAML Authentication 4-HTML parsing 5-SOAP APIs 6-XML APIs Good Lock#bugbounty […]

SSRF exploitation via URL Scheme

October 2, 2021 localghost 0

SSRF exploitation via URL Scheme 1-File:Allows an attacker to fetch the content of a file on the server file://path/to/filefile:///etc/passwdfile://\/\/etc/passwdssrf.php?url=file:///etc/passwd 2-HTTP:Allows an attacker to fetch any […]