Share this page!

It's Steiner254 Profile picture
Twitter logo
Dec 20 21 tweets 6 min read
Day 1⃣8⃣/2⃣0⃣ -- [XXE - XML External Entity]
➡️ XXE - is an application-layer cybersecurity attack that exploits an XXE vulnerability to parse XML input
➡️ Below some of the best Tips & References for XXE (Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytip
1/n
 XML external entity (XXE) injection
portswigger.net/web-security/x…
2/n
 XML External Entity (XXE) Processing
owasp.org/www-community/…
3/n
 What Is an XXE (XML External Entity) Vulnerability?
hackerone.com/knowledge-cent…
4/n
 XXE Attack: Real life attacks and code examples
brightsec.com/blog/xxe-attac…
5/n
 XML External Entity (XXE) Vulnerabilities and How to Fix Them
brightsec.com/blog/xxe-vulne…
6/n
 XML external entity injection
learn.snyk.io/lessons/xxe/ja…
7/n
 How to Execute an XML External Entity Injection (XXE)
cobalt.io/blog/how-to-ex…
8/n
 Exploiting XXE Vulnerabilities In File Parsing Functionality
9/n
 FileCry - The New Age Of XXE
10/n
 XXE Lab Breakdown: Exploiting XXE using external entities to retrieve files
11/n
 XXE Lab Breakdown: Exploiting XXE to perform SSRF attacks
12/n
 XXE Lab Breakdown: Blind XXE with out-of-band interaction
13/n
 Exploiting XXE for SSRF
gupta-bless.medium.com/exploiting-xxe…
14/n
 A $7.500 BUG BOUNTY Bug explained, step by step. (BLIND XXE OOB over DNS) - REDUX by @stokfredrik
15/n
 XXE Lab Breakdown: Exploiting XXE to retrieve data by repurposing a local DTD
16/n
 XXE Lab Breakdown: Exploiting XXE via image file upload
17/n
 XXE Lab Breakdown: Exploiting XInclude to retrieve files
18/n
 XXE Lab Breakdown: Exploiting blind XXE to retrieve data via error messages
19/n
 XXE Lab Breakdown: Exploiting blind XXE to exfiltrate data using a malicious external DTD
n/n
Practice Makes Perfect!
Stay Ethical & Happy Hacking :)
See you here same time tomorrow!

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with It's Steiner254

It's Steiner254 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Steiner254

It's Steiner254 Profile picture
Dec 21
Day 2⃣0⃣/2⃣0⃣ -- [Closing/Summary Of The 20-Day BootCamp]
➡️ The 20-Day BootCamp - Understanding, Detecting, Exploiting & Preventing Different Vulnerabilities.
➡️ Below are the Days from 0⃣1⃣ to 2⃣0⃣(Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytips
#CyberSecurity
Day 0⃣1⃣

Day 0⃣2⃣

Read 21 tweets
It's Steiner254 Profile picture
Dec 21
Day 1⃣9⃣/2⃣0⃣ -- [Subdomain Takeover]
➡️ Subdomain Takeover occurs when an attacker gains control over a subdomain of a target domain.
➡️ Below are some of the best Tips & References for Subdomain Takeover (Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytip
1/n
 Top 25 Subdomain Takeover Bug Bounty Reports
corneacristian.medium.com/top-25-subdoma…
2/n
 Fastly Subdomain Takeover $2000
infosecwriteups.com/fastly-subdoma…
Read 21 tweets
It's Steiner254 Profile picture
Dec 18
Day 1⃣7⃣/2⃣0⃣ -- [ATO - Account Takeover]
➡️ ATO - is an attack whereby hackers take ownership of online accounts using stolen passwords and usernames.
➡️ Below some of the best Tips & References for ATO (Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytips
1/n
 Account Takeover Vulnerability
2/n
 Account Takeover #Lab-1 | BePractical


>> We got couple of labs here...
Read 22 tweets
It's Steiner254 Profile picture
Dec 10
Day 1⃣2⃣/2⃣0⃣ -- [RCE - Remote Code Execution]
➡️ Every Bug Bounty Hunter/Hacker wants to hit an RCE.
➡️ Below some of the best Tips & References for RCE (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips
1/n
 Simple Remote Code Execution Vulnerability Examples for Beginners
ozguralp.medium.com/simple-remote-…
2/n
 Web & Reverse Shells for testing RCE
github.com/thevillagehack…
Read 20 tweets
It's Steiner254 Profile picture
Nov 20
Day 0⃣8⃣/2⃣0⃣ -- [Hacking File Upload Functionality]
➡️ Hitting P1's - RCE, SQL Injection, SSRF, Stored XSS, LFI, XXE, IDOR e.t.c
➡️ ➰ Below some of the best Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
1/n
 File Upload Vulnerabilities Checklist
0xn3va.gitbook.io/cheat-sheets/w…
2/n
 Exif Data Not Stripped From Uploaded Images
kathan19.gitbook.io/howtohunt/exif…
Read 25 tweets
It's Steiner254 Profile picture
Nov 17
Day 0⃣7⃣/2⃣0⃣ -- [Hacking Different Web Application Functionalities]
➡️ Groups & Teams
➡️ Email Contact
➡️ Submit Feedback
➡️ ➰ Below are Functionalities, Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
o/n
➡️ Chat Box/Support/Customer Care
➡️ Comment Functionality
➡️ Subscribe/Unsubscribe
➡️ Ecommerce Platform
➡️ Search Functionality
➡️ WebSockets
➡️ User-Agents
➡️ Cookies & Sessions
➡️ JSON Web Tokens
1/n
 Blind SSRF on chatbox
hackerone.com/reports/1220688
Read 18 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(