many APIs are vulnerable to 'JSON Patch' where you have access to the op, you can add, remove, replace, move, copy

example :

{ 'op': 'replace', 'path': '/role', 'value': 'admin' },

more info :
datatracker.ietf.org/doc/html/rfc69…
jsonpatch.com

#BugBounty #bugbountytips

LFI on the app root. #bugbounty

403JUMP

403JUMP is a tool designed for penetration testers and bug bounty hunters to audit the security of web applications. It aims to bypass HTTP 403 (Forbidden) pages using various techniques.

github.com/trap-bytes/403…

#cybersecurity #infosec #pentest #bugbounty

It's really nice to have a triaged report on your birthday 😊
#BugBounty

Just got a reward for a high vulnerability submitted on YesWeHack ⠵ -- Information Disclosure (CWE-200). #YesWeRHackers #bugbounty 🥂

6 Tools for Hackers

#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #oscp #cybersecurity awareness #bugbounty #bugbounty tips

🧨GraphQL Hacking Checklist
anmolksachan.github.io/graphql/

#bughunt ing #cybersecurity #bugbounty tips #bughunt #bugbounty #bugbounty tips

Tip = Always Check js files manually- Not Automation
#BugBounty #bugbountytips bugcrowd

Advanced SQL Injection for AWAE
#BugBounty #bugbountytips
#SQLi
github.com/shreyaschavhan…

Monday 🔥❤️ HackerOne #BugBounty

In love with Web cache deception bugs

#BugBounty #bugcorwd

Offensive Linux Security Tools

#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #oscp #cybersecurity awareness #bugbounty #bugbounty tips

Excited to share my journey on discovering my first Remote Code Execution (RCE)!
Check out the article here: mchklt.medium.com/how-i-found-my…

#BugBounty #bugbountytips #cybersecuritytips #CyberSecurity

I made a nuclei template for checking

x-forwarded-host
x-forwarded-for

reflections in the response!
This may lead to SSRF or XSS or caching vulns!

link: github.com/SirBugs/Priv8-…

#bugbounty #nuclei #nuclei templates

CVE-2024-34351 : Server-Side Request Forgery on Next.js

github.com/vercel/next.js…
assetnote.io/resources/rese…

POC:

POST /x HTTP/2
Host: attacker*com
Content-Length: 2
Next-Action: xxxx

{}
#BugBounty #bugbountytips

[New bug bounty] Earn up to $15,000 with Aviator

You will be rewarded based on these tiers:

- Critical: $10,000 - $15,000
- High: $3,000 - $5,000
- Medium: $1,000 - $2,000
- Low: $500

Start the #bugbounty hunt right now!

You can now bypass CSP on any website that allows https://*.facebook.com in a default or script-src 🔥🌊?

PoC: <script src=graph.facebook.com/?id=1337%26cal…></script>

Exploitation is only possible using a novel technique we published:

octagon.net/blog/2022/05/2… #bugbountytip #BugBounty

Well, it feels good as a person who lives in a 3rd country lol 😂

#BugBounty

SSRFmap by Swissky  is a modular SSRF scanner written in Python3 😎

It is capable of identifying all types of SSRF vulnerabilities!

Including the ones found in popular services like Redis Server, Github, Zabbix!

github.com/swisskyrepo/SS…

#bugbountytips #BugBounty