Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Abhishek Meena Profile picture
@RadheSec
Jun 2 13 tweets 13 min read Twitter logo Read on Twitter
Some of the major vulnerabilities and related POC’s:

➡SQLi
➡XSS
➡SSRF
➡XXE
➡Path Traversal
➡Open Redirection
➡Account Takeover
➡Remote code execution
➡IDOR
➡CSRF

#hacking #bugbounty #bugbountytips

Are Found Below🧵(1/n)👇
SQLi POC’s:

#hacking #bugbounty #bugbountytips

1. medium.com/@mahitman1/hac…

2. krevetk0.medium.com/burpsuit-sqlma…
XSS POC’s:

#hacking #bugbounty #bugbountytips

🔗1.
medium.com/@jonathanbouma…
🔗2.
medium.com/@jonathanbouma…
🔗3.
medium.com/@jonathanbouma…
SSRF POC’s :

#hacking #bugbounty #bugbountytips

🔗1.
hackerone.com/reports/115748
🔗2.
medium.com/@zain.sabahat/…
🔗3.
medium.com/@alyssa.o.herr…
XXE POC’s :

#hacking #bugbounty #bugbountytips

🔗1.medium.com/@jonathanbouma…

🔗2. medium.com/@mrnikhilsri/o…

🔗3. medium.com/@canavaroxum/x…
Path Traversal POC’s :

#hacking #bugbounty #bugbountytips

🔗1.medium.com/bugbountywrite…

🔗2. medium.com/@jonathanbouma…
Open Redirection POC’s :

#hacking #bugbounty #bugbountytips

🔗1.medium.com/bugbountywrite…

🔗2.medium.com/@0xrishabh/ope…
Account Takeover POC’s :

🔗1.
medium.com/@injector.pca_…

🔗2. infosecwriteups.com/1-click-accoun…
Remote code execution POC’s :

#hacking #bugbounty #bugbountytips

🔗1.medium.com/@logicbomb_1/b…

🔗2.medium.com/bugbountywrite…

🔗3.parsiya.net/blog/2019-06-1…
IDOR POC’s :

#hacking #bugbounty #bugbountytips

🔗1.medium.com/@logicbomb_1/b…

🔗2.medium.com/@logicbomb_1/b…

🔗3.medium.com/bugbountywrite…

🔗4.infosecwriteups.com/bugbounty-how-…
CSRF POC’s :

#hacking #bugbounty #bugbountytips

🔗1.
medium.com/bugbountywrite…
🔗2.
shahmeeramir.com/methods-to-byp…
🔗3.
medium.com/bugbountywrite…
🔗4.
yasserali.com/hacking-paypal…
Join Bug Bounty Chat Room

For Discussions cover bug bounty topics like doubts, techniques, tools, methodologies, and success stories.

Hope You'll Like These 👍 Keep Happy

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Abhishek Meena

Abhishek Meena Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @RadheSec

Abhishek Meena Profile picture
Feb 26
OS Command Injection 🕸️🔖

Allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application

leads to fully compromising the application and all its data.

Thread 🧵 : 👇
Anatomy for OS Command Injection attack

Two basic ways attackers deploy OS command injection
• It accepts outside input as arguments. These arguments trigger various actions and behavior.

The attack script accesses the system call (“nslookup [hostname]”) to run nslookup with the HOSTNAME appearing as an argument from the user.
Read 32 tweets
Abhishek Meena Profile picture
Feb 24
A JavaScript bookmarklet for extracting all webpage endpoint links on a page.

Created by @renniepak, this JavaScript code snippet can be used to extract all endpoints (starting with /) from the current webpage DOM including all external script sources embedded on webpage.

1/n
Usage (Bookmarklet)

Create a bookmarklet...

• Right-click your bookmark bar
• Click 'Add Page'
• Paste the above Javascript in the 'url' box
• Click 'Save'

...then visit the victim page in the browser and click the bookmarklet.

carbon.now.sh/?bg=rgba%2842%…
Usage (Console)

Paste the above Javascript into the console window F12 and press enter.
Read 4 tweets
Abhishek Meena Profile picture
Feb 9
Difference Between GET, POST, PUT, DELETE, HEAD, and PATCH Request Methods

Open The Thread 🧵 :👇🏻 GET, POST, PUT, DELETE, HEAD, and PATCH Request Methods
📌 GET:

This method is used to retrieve information from a server.

When a client sends a GET request to a server, the server returns the requested information in the response.

GET requests are typically used to retrieve data from a web server.
📌 POST:

This method is used to send data to a server.

POST requests are typically used to submit form data to a server or to upload a file.

When a client sends a POST request to a server, the data is included in the body of the request and can be processed by the server.
Read 9 tweets
Abhishek Meena Profile picture
Feb 8
✨Awesome Bug Bounty Tools For: 🙌👇🏻

• Subdomain Enumeration
• Content Discovery
• Exploitation
• CMS
• Git
• Frameworks Tools
• Wordlists

Open The Thread🧵:👇
▪ Subdomain Enumeration Tools List

—————————
I've opened My Bug Bounty tips Group =>
Join Link: t.me/bugbountyresou…
————————— ▪ Subdomain Enumeration Tools List
▪ Content Discovery Content Discovery
Read 10 tweets
Abhishek Meena Profile picture
Feb 7
⚡Security Misconfiguration 🌻

One of the top causes of website and application vulnerabilities.

It occurs when systems are not properly configured, leaving them open to attack.

Thread ( 1/10 ) : 🧵 Security Misconfiguration
💻Security Misconfiguration Occurance:

• Inadequate security hardening & improper configs in app stack/cloud services

• Enabled unnecessary features/ports/services/accounts/privileges

• Default accounts with unchanged passwords

• Error handling revealing sensitive info
• Unsecured upgrades & disabled security features

• Insecure values in app servers, frameworks, libraries, & databases

• Insufficient security headers or directives

• Outdated & vulnerable software

• Regular security assessments can help prevent misconfigurations.
Read 11 tweets
Abhishek Meena Profile picture
Feb 6
Here's a basic API hacking checklist: 🙌

Open Thread 🧵⚡ API PenTesting
🌻 Verify input validation:

Test the API to determine if it properly validates and sanitizes inputs to prevent any malicious payloads from being processed.
🌻Test authentication mechanisms:

Test the API's authentication mechanisms to determine if they are properly implemented and secure.
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(