Mar 2, 2022This article for training my skillCre : https://medium.com/@fcwdbrqmr/400-bounty-again-using-google-dorks-6dc8e438f017 I often use google dork while pentesting any target I hope everyone know how to use Google Dorks. You guys know that google dorking is playing main role in Hacking Let start Choose a target and start subdomain enumeration with httpx After done with my subdomain enumeration…Bug Bounty2 min readBug Bounty2 min read
Feb 27, 2022BUG BOUNTY CHECK LIST BY C1C1h2e1 Dec 21, 2019·11 min read I just want to write a check list for myself. This article includes various vulnerability discovery method bypass methods. I hope you can read it carefully . Twitter @C1h2e11 Wechat : baiheming123456 RECON Most of my recon ideas come from nahamsec, he is really good …Bug Bounty12 min readBug Bounty12 min read
Feb 10, 2022Full account takeover(AT0)-A tale of two bugsI willl collect some ideas Cre:Full Account takeover (ATO) — a tale of two bugs 🐛 | by Kwadwo Amoako | Feb, 2022 | Medium An account takeover (ATO) is when an attacker gains access to the data 2. An API base Insercure Direct Object Reference (IDOR) , which occurs…Bug Bounty Writeup2 min readBug Bounty Writeup2 min read
Feb 7, 2022RCE in .tgz file uploadCre: Machevalia’s Blog -I will collect some methods RCE occurs after a file upload it is due to either A lack of filtering in the file types that can be uploaded 2.Error in that filtering process for the web form where the file is being uploaded Many web applications filter…Bug Bounty2 min readBug Bounty2 min read
Jan 27, 2022Tìm những bug trên SymfonyCre:How I was able to find multiple vulnerabilities of a Symfony Web Framework web application | by Abid Ahmad | Jan, 2022 | Medium Hello . Today I’ll explain how I found multiple vulnerabilites on a web app that used the Symfony Web Framwork where Symfony prolier/debug mode was enabled …Bug Bounty3 min readBug Bounty3 min read
Jan 21, 2022Top 10 web hacking techniques of 2021 — PortSwigger (updating)OK , mình sẽ từ từ dịch hết tất cả các method , các bạn có thể có thể xem bản gốc ở đây : “‘Top 10 web hacking techniques of 2021 — PortSwigger’” Mình dịch blog này , chủ yếu sẽ làm quen với các kỹ thuật exploit mới…Bug Bounty3 min readBug Bounty3 min read
Jan 20, 2022Lập trình JAVAHãy tự làm, đừng trông đợi ai đó sẽ đem kinh nghiệm đến choPentesting1 min readPentesting1 min read
Jan 20, 2022EXPLOIT API với auth tokenEXPLOIT API với auth token Chủ đề hôm nay là exploit endpoint API sử dụng Authtoken. Không phải là tìm nó Nhiều người chúng ta tìm thấy authtoken trong quá trình tiến trình recon nhưng không biết cách impact của nó và thường bị từ chối. …3 min read3 min read
Jan 20, 2022SQL injectionUsing burp suite: Bắt request sử dụng burpsuite. gửi request cho burp scanner. Duy trì tiến trình active scan Sau khi kết thúc thì tìm kiếm thử sql Chèn payload thông thường Dùng SQLmap để tiế hành exploit1 min read1 min read
Feb 19, 2021Duplicate reportHello everyone ,today I will show you my duplicate report. Bug: Bypass authentication Target is test.com beacause I dont have permisson to disclose My target is web shopping as shopify so I have admin page to control my shop Everything is okay, until I have to signup password for payment…1 min read1 min read
