XSS SSRF CRLF CSV-Injection Command Injection LFI Open-Redirect RCE Crypto Template Injection XSLT Content Injection LDAP Injection NoSQL Injection CSRF Injection GraphQL Injection IDOR ISCM LaTex Injection OAuth XPATH Injection Bypass Upload Tricky

Complete Bug Bounty Cheat Sheet

October 30, 2021 localghost 0

Everthing about Bug Bounty you need to know is here. XSS•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/xss.md• https://github.com/ismailtasdelen/xss-payload-list SQLi•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/sqli.md SSRF•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/ssrf.md• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery CRLF•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/crlf.md • https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection CSV-Injection•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/csvinjection.md• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection Command Injection• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20InjectionDirectory Traversal• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal […]

XXE Dorks,XXE vuln

WHERE TO LOOK FOR XXE?

October 2, 2021 localghost 0

Find XXE Vulnerability, XXE Dorks 1-Functionality that parses SVG files 2-Functionality that parses sitemap.xml files 3-SAML Authentication 4-HTML parsing 5-SOAP APIs 6-XML APIs Good Lock#bugbounty […]

SSRF exploitation via URL Scheme

October 2, 2021 localghost 0

SSRF exploitation via URL Scheme 1-File:Allows an attacker to fetch the content of a file on the server file://path/to/filefile:///etc/passwdfile://\/\/etc/passwdssrf.php?url=file:///etc/passwd 2-HTTP:Allows an attacker to fetch any […]