Do you want to find more vulnerabilities with recon? 🤑

Open this thread (step-by-step guide)! 🧵 👇 Before we dive in, let's first cover what recon (short for 'reconnaissance') is.

Recon is the first crucial phase of any engagement and it involves mapping out (sub)domains, IP ranges, technologies and services, as well as any other publicly accessible information through several techniques

12 API hacking bug bounty tips you must try on your target! 😎

🧵 👇 1️⃣ Blind XSS via request headers

Applications log your data in various ways, including in insecure ways. Always test for blind XSS vulnerabilities by injecting your payload in common request headers, such as:
• Referrer
• X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Ip, Host (in case of a reverse proxy)
• User-Agent
• Etc.

Dive deeper into blind XSS:
intigriti.com/researchers/bl…

Master exploiting XXE vulnerabilities! 😎

A thread 🧵 👇 XML eXternal Entity (XXE) injection is a vulnerability class that stems from inadequate user input validation during XML parsing, allowing attackers to take advantage of parser misconfigurations!

This often leads to local file read, server-side request forgery, and, in severe cases, even remote code execution!

Master hacking WordPress targets in one thread! 🤑

🧵 👇 We've all come across a WordPress instance before...

It's a powerful content management system (CMS) that can be deployed for all sorts of use cases, from landing pages to blogs and e-commerce sites!

Want to master 2FA bypassing? 🤑

Let's look at several possible ways to bypass this 2FA screen! 👇 2-Factor authentication (2FA) vulnerabilities arise when the implementation of this security layer is weak or contains logic errors

Bypassing 2FA can give us unauthorized access to applications, user accounts, etc.

For that reason, you should never neglect the impact of 2FA bypasses!

Want to master AWS S3 hacking? 🤑

This thread is for you! 🧵 👇 AWS S3 (Simple Storage Service) buckets are a popular storage service often used by software companies to store data.

This is often sensitive data (such as receipts, invoices, etc.) but it can also be used to store public images such as profile pictures for example!

This is the thread I wish someone created for me when I started participating in bug bounty! 😅

Not everyone shares these methods... but

Here are a few tips to help you identify & exploit more IDOR vulnerabilities! 🤑

🧵 👇 IDOR (insecure direct object reference) vulnerabilities are present in web services that directly reference a data object without proper access controls!

The data object can be anything, from sensitive fields that are stored in databases to files stored in a storage bucket.

Ever had to analyze JavaScript files using Burpsuite? 🧐

Here are 3 web extensions to help you out and find secrets, links and other sensitive data! 🤑

A thread 🧵 👇 1️⃣ JS Miner

JS Miner is a Burpsuite Pro extension to help you analyze static files like JavaScript & JSON files found on your target for finding secrets, endpoints and other hard-coded sensitive data! 😎

Check it out on the Github! 👇
buff.ly/3J9l6bl

Ever came across a subdomain on one of your targets that returned the following error? 🧐

If you ever skipped these, you may have missed out on a lot of bounties...

Here are the top 3 tools to bypass pages behind a 401 & 403 error status code! 🤑

A thread! 🧵 👇 1️⃣ bypass-url-parser

Bypass-url-parser is a fuzzer that performs all types of checks to attempt and bypass protected pages behind a 40X status code! 😎

It features several bypass modes including an option to spoof your IP!

Bypass-url-parser is Github:
buff.ly/42XeUfq

Look at this login form 👀

There are multiple vulnerabilities present. 🤑️ But can you spot them all? 😎️

Let's cover each one of them! 🧵👇 Imagine this...

You just performed subdomain enumeration

Filtered all live hosts and got a list of URLs. You know, the usual.

In them, you spot "staging-id\.example\.com" subdomain 😏️

A quick look at the scope section, you see that this subdomain is in scope! 🤑️

Top 4 tools to automate SQL Injection vulnerabilities!

A thread! 👇 1⃣ SQLMap

You probably already know about the first scanner...

SQLMap is the most popular SQL Injection vulnerability scanner out there and is fully open-source!

SQLMap is available on GitHub 👇

github.com/sqlmapproject/…

Understanding SQL Injections!

A thread! 👇️ Let's first understand what SQL is! 😎

SQL—Structured Query Language—is a query language used to perform CRUD operations in SQL-like databases!

So suppose you need to retrieve an entry from a database, you can use an SQL query to read that specific field.

XXE exploitation 👇️ Today, we will cover how you can successfully exploit XXE vulnerabilities

If you aren't familiar with the concepts of XXE yet...

This thread is made just for you! 👇️

https://twitter.com/intigriti/status/1684887385715376128

A lot happened in the #BugBounty community last week, so let's take a look at the 5 must consumes in todays #BugBytes 1⃣ We start out with a blog from @assetnote that you've definitely already seen as they dive into the recent Critrix CVE and talk about the how of finding it! blog.assetnote.io/2023/06/29/bin…

You probably saw this before...

An XSS through your User-Agent header

But is it exploitable? 🤔️ Let's find out! 👇🧵 A common mistake new hunters make is reporting XSS where the payload is supplied inside a request header

However...this leads to a self-cross-site scripting vulnerability which is often out-of-scope! 😬️

Let's understand why and when you can actually report it!

Let's take a look at why this XSS won't execute 🤔

A thread 🧵👇 You probably came across this scenario before

Your payload gets reflected without getting encoded...

But non of the HTML entered is getting rendered!

3 Tools to help you automate file upload vulnerabilities 📁🔨 1⃣Upload Scanner

Upload Scanner is a Burpsuite extension that can help you automate file upload vulnerabilities

It's capable of uploading various files, injecting ASP, JSP, and PHP code + bypassing restrictions!

portswigger.net/bappstore/b224…

An introduction to file upload vulnerabilities 🧵👇 Let's first understand file upload vulnerabilities!

File upload vulnerabilities arise when you are able to upload files without any restrictions (or validations performed on the backend) 💡

Wondering what happened this week in #BugBounty and pentesting? Procrastinating on twitter and want to pretend to be productive? Let's check out this weeks #BugBytes PS: did you notice that the write ups and tutorials are now separated? If you're looking for more advanced security research or grow your skills!

CSRF Vulnerabilities Explained!

A mega-thread 👇🧵 Let's understand CSRF vulnerabilities first before moving on to the exploitation part.

Cross-Site Request Forgery (CSRF) vulnerabilities arise when a malicious actor is able to trick the victim's browser into conducting any unauthorized action on his behalf.

5 CSRF exploitation techniques 🧵👇 1) Basic CSRF

Let's take a look at a very straight-forward example: