Abhishek Meena - {🔥} Profile picture
Nov 3, 2022 8 tweets 5 min read Read on X
Web Cache Poisoning🌱🌵🔥
#bugbounty #infosec

The objective of web cache poisoning is to send a request that causes a harmful response that gets saved in the cache and served to other users.

Where to find 🧵(1/n) :👇 Web Cache Poisoning
🏹Basic Poisoning #bugbounty #infosec Web Cache Poisoning
🏹Seizing The cache #bugbounty #InfoSecJobs Web Cache Poisoning
🏹Selective poisoning #bugbounty #infosec Web Cache Poisoning
🏹Chaining Unkeyed Inputs #bugbounty #infosec Web Cache Poisoning
🏹Route Poisoning #bugbounty #infosec Web Cache Poisoning
🏹Hidden Route Poisoning #bugbounty #infosec Web Cache Poisoning
Thanks to all for reading this amazing thread on
Web Cache Poisoning

Hope you like these and you can follow me for more

Join my BugBountyTips Group : t.me/bugbountyresou…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Abhishek Meena - {🔥}

Abhishek Meena - {🔥} Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @aacle_

Jun 2, 2023
Some of the major vulnerabilities and related POC’s:

➡SQLi
➡XSS
➡SSRF
➡XXE
➡Path Traversal
➡Open Redirection
➡Account Takeover
➡Remote code execution
➡IDOR
➡CSRF

#hacking #bugbounty #bugbountytips

Are Found Below🧵(1/n)👇
Read 13 tweets
Feb 26, 2023
OS Command Injection 🕸️🔖

Allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application

leads to fully compromising the application and all its data.

Thread 🧵 : 👇
Anatomy for OS Command Injection attack

Two basic ways attackers deploy OS command injection
• It accepts outside input as arguments. These arguments trigger various actions and behavior.

The attack script accesses the system call (“nslookup [hostname]”) to run nslookup with the HOSTNAME appearing as an argument from the user.
Read 32 tweets
Feb 24, 2023
A JavaScript bookmarklet for extracting all webpage endpoint links on a page.

Created by @renniepak, this JavaScript code snippet can be used to extract all endpoints (starting with /) from the current webpage DOM including all external script sources embedded on webpage.

1/n
Usage (Bookmarklet)

Create a bookmarklet...

• Right-click your bookmark bar
• Click 'Add Page'
• Paste the above Javascript in the 'url' box
• Click 'Save'

...then visit the victim page in the browser and click the bookmarklet.

carbon.now.sh/?bg=rgba%2842%…
Usage (Console)

Paste the above Javascript into the console window F12 and press enter.
Read 4 tweets
Feb 9, 2023
Difference Between GET, POST, PUT, DELETE, HEAD, and PATCH Request Methods

Open The Thread 🧵 :👇🏻 GET, POST, PUT, DELETE, HEAD, and PATCH Request Methods
📌 GET:

This method is used to retrieve information from a server.

When a client sends a GET request to a server, the server returns the requested information in the response.

GET requests are typically used to retrieve data from a web server.
📌 POST:

This method is used to send data to a server.

POST requests are typically used to submit form data to a server or to upload a file.

When a client sends a POST request to a server, the data is included in the body of the request and can be processed by the server.
Read 9 tweets
Feb 8, 2023
✨Awesome Bug Bounty Tools For: 🙌👇🏻

• Subdomain Enumeration
• Content Discovery
• Exploitation
• CMS
• Git
• Frameworks Tools
• Wordlists

Open The Thread🧵:👇
▪ Subdomain Enumeration Tools List

—————————
I've opened My Bug Bounty tips Group =>
Join Link: t.me/bugbountyresou…
————————— ▪ Subdomain Enumeration Tools List
▪ Content Discovery Content Discovery
Read 10 tweets
Feb 7, 2023
⚡Security Misconfiguration 🌻

One of the top causes of website and application vulnerabilities.

It occurs when systems are not properly configured, leaving them open to attack.

Thread ( 1/10 ) : 🧵 Security Misconfiguration
💻Security Misconfiguration Occurance:

• Inadequate security hardening & improper configs in app stack/cloud services

• Enabled unnecessary features/ports/services/accounts/privileges

• Default accounts with unchanged passwords

• Error handling revealing sensitive info
• Unsecured upgrades & disabled security features

• Insecure values in app servers, frameworks, libraries, & databases

• Insufficient security headers or directives

• Outdated & vulnerable software

• Regular security assessments can help prevent misconfigurations.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(