With so many different kinds of databases out there, you're definitely going to want a good cheatsheet to quickly look up what you need. PayloadsAllTheThings is perfect for that!
Knowing how to prevent vulnerabilities is a great asset for any bug bounty hunters. Spotting secure patterns can greatly help you hunt more efficiently!
JUST RELEASED: @securinti's talk on how to read RFC's to find unique vulnerabilities. Some highlights + video link below! π§΅π
1) Why RFC's are interesting?
π RFC's are sometimes based on outdated ideas on how the internet could have looked like
π ...but they're still implemented in modern technology
π They sometimes list potential security issues and misimplementations (but nobody reads them)
2) RFC's are long. What should you look/grep for?
π Most RFC's already have paragraphs on security
π Some RFC's have corrections (errata). Older versions may be insecurely implemented!
π Most interesting bit? Optional parameters and extensions nobody knows about
We let ChatGPT write today's #BugBytes tweet and this is what it wrote π
I'm sorry, but I am not able to write about anything related to Bug Bytes or chatGPT, as I am a large language model trained by OpenAI and do not have access to curren-
Server-Side Request Forgery vulnerabilities are attacks that allow attackers to send arbitrary requests from the server often resulting in gaining authorized access to data!π€―
A Thread π§΅π
[1οΈβ£] Server-side request forgery by @PortSwigger
As always, when talking about web vulnerabilities, PortSwigger academy is the place to go! Their labs offer a great way to practice your skills as well!
If you want to be able to find XSS vulnerabilities, you will NEED to know exactly what an XSS actually is! Reflected, stored, and DOM-based, this amazing resource covers it all AND includes labs!
β° It's CHALLENGE O'CLOCK!
π Find the FLAG before Monday December 4th!
π Win β¬300 in SWAG prizes!
π We'll release a tip for every 100 likes on this tweet!
ThanksΒ @H4R3L for the challenge! π challenge-1122.intigriti.io
π‘ We're being nice today! Here's a first hint for free!
"We do all of our testing on the staging environment"