Tweet

Steiner254

Nov 13 • 22 tweets • 6 min read

Day 0⃣4⃣/2⃣0⃣ -- [Hacking A Web Application Via Password Change Functionality]
➡️ Day 4, Hack A Web Application Via "Password Change Functionality"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips "No Resting Only Hacking!"

@InfoSecComm

1/n
All about password reset vulnerabilities by @InfoSecComm
infosecwriteups.com/all-about-pass…

2/n
Password reset poisoning and web cache poisoning
skeletonscribe.net/2013/05/practi…

3/n
SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE
forum.portswigger.net/thread/session…

4/n
CSRF on changing the password
hackerone.com/reports/204703

5/n
Weak Password Reset Implementation - Token Leakage via Host Header Poisoning
medium.com/@sathvika03/we…

6/n
Weak Password Reset Implementation - Rather than generating a new password for the user, some applications will send the user their existing password. This is a very insecure approach, as it exposes their current password over unencrypted email.

7/n
Weak Password Reset Implementation - Token is Not Invalidated After Use

8/n
Password Reset token/link is not invalidated after use

9/n
10 Password Reset Flaws
anugrahsr.github.io/posts/10-Passw…

10/n
Password link encoded in base64.

11/n
Reset password bypassing the current password.

12/n
Password Reset Link Leaked In Refer Header In Request To Third Party Sites
hackerone.com/reports/751581

13/n
Account Takeover via Host Header Injection
securiumsolutions.com/blog/host-head…

14/n
Token leakage via Host Header Injection
vulners.com/hackerone/H1:1…

15/n
Authentication vulnerabilities cheat sheet
cheatsheetseries.owasp.org/cheatsheets/Au…

16/n
Top 5 web app authentication vulnerabilities article
veracode.com/blog/secure-de…

17/n
No Rate Limiting Leading to email flooding
hackerone.com/reports/794395

18/n
Username Enumeration
hackerone.com/reports/77067

19/n
“Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality
infosecwriteups.com/bugbounty-how-…

20/n
Remote Command Execution(RCE) Vulnerability PoC

n/n
Practice Makes Perfect!
Have a lovely weekend, Don't Drink & Drive!
Happy Hacking :)
See you here same time tomorrow!

• • •

Missing some Tweet in this thread? You can try to force a refresh

This Thread may be Removed Anytime!

Twitter may remove this content at anytime! Save it as PDF for later use!

More from @steiner254

Steiner254

@steiner254

Nov 15

Day 0⃣6⃣/2⃣0⃣ -- [Delete/Deactivating An Account & Logout Vulnerabilities]
➡️ Day 6, Have You Ever Known That Deactivating & Logout Feature Can Be Hacked & Earn You Bounties?
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips

1/n
IDOR — Let’s delete any account
medium.com/@Bohr/idor-let…

2/n
0 Click account delete CSRF
hacklido.com/d/32-csrf-atta…

Read 14 tweets

Steiner254

@steiner254

Nov 14

Day 0⃣5⃣/2⃣0⃣ -- [Web Application Profile/Dashboard Hacking]
➡️ Day 5, Profile Update/Dashboard Vulnerabilities & References.
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips

1/n
IDOR on the dashboard

2/n
Instagram IDOR

Read 18 tweets

Steiner254

@steiner254

Nov 12

Day 0⃣3⃣/2⃣0⃣ -- [How To Hack A Login Page!]
➡️ Day 3, How To Hack A Login Page "Exploiting Vulnerabilities On A Login Page"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips

1/n
10 Common vulnerabilities found in the login functionality
redhuntlabs.com/blog/10-most-c…

2/n
Portswigger vulnerabilities on password based login
portswigger.net/web-security/a…

Read 20 tweets

Steiner254

@steiner254

Nov 11

Day 0⃣2⃣/2⃣0⃣ -- [Registration/SignUp Page Vulnerabilities]
➡️ Day 2, we will cover potential vulnerabilities that can affect a Registration/Sign-Up Page of a web application
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips

1/n
Registration Page Vulnerabilities
github.com/carlospolop/ha…

2/n
Registration & Takeover Vulnerabilities
book.hacktricks.xyz/pentesting-web…

Read 20 tweets

Steiner254

@steiner254

Nov 10

Day 0⃣1⃣/2⃣0⃣ -- [Bug Bounty Reconnaissance/Information Gathering]

➡️ Being Day 1, Recon is usually the first approach when handling your target.
➡️ Below are some of the Best Checklists/Bug Bounty RECON references & Tips🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips

@Jhaddix

1/n
The Bug Hunter's Methodology v4.0 - Recon Edition by @Jhaddix

@_zwink

2/n
@_zwink Target Reconnaissance & Approach

Read 23 tweets

Steiner254

@steiner254

May 2

Bug Bounty Pro Tips
If You Have Any, Please Feel Free To Add To The Thread
#bugbountytips
#bugbountytip
#cybersecuritytips
Pro Tip — Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields.

Tip for finding SSRF

To demonstrate XSS impact, don’t use alert(‘alert’). Determine whether session is stored in cookies or local storage and put that in the popup. cookie: alert(document.cookie) LocalStorage: alert(localStorage.getItem(‘access_token’))

Read 50 tweets

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Share this page!

Steiner254

People who liked this thread also liked...

Try unrolling a thread yourself!

More from @steiner254

Steiner254

Steiner254

Steiner254

Steiner254

Steiner254

Steiner254

Did Thread Reader help you today?

Don't want to be a Premium member but still want to support us?

Send Email!