How to Discover Sensitive Endpoints, Files, Data, Folders Bug Bounty
All bughunters want to find a P1 bug. But P1 bugs are not easy to find! Is that a true approach? I belive that if […]
BugBounty
Complete Bug Bounty Cheat Sheet
Everthing about Bug Bounty you need to know is here. XSS•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/xss.md• https://github.com/ismailtasdelen/xss-payload-list SQLi•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/sqli.md SSRF•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/ssrf.md• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery CRLF•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/crlf.md • https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection CSV-Injection•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/csvinjection.md• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection Command Injection• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20InjectionDirectory Traversal• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal […]
SSRF exploitation via URL Scheme
SSRF exploitation via URL Scheme 1-File:Allows an attacker to fetch the content of a file on the server file://path/to/filefile:///etc/passwdfile://\/\/etc/passwdssrf.php?url=file:///etc/passwd 2-HTTP:Allows an attacker to fetch any […]