Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-21 18:53:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update bugbountytips.md

Browse source 
Added tip  #7
This commit is contained in:
Kuromatae 2019-10-28 14:30:57 +01:00 committed by GitHub
parent d22d26a0d8
commit 62b8a6623b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
cheatsheets/bugbountytips.md
View file

@ -29,3 +29,10 @@ Look for *hackathon-related* assets. What I mean by this is sometimes companies
**Tip #6**
Keep all your directory brute force results so when a CVE like Drupalgeddon2 comes out, you can look for previously found instances (cat dirsearch/reports/*/* | grep INSTALL.mysql.txt | grep 200 | less)/
**Tip #7**
When you have a form, always try to change the request method from POST to GET in order to improve the CVSS score.
For example, demonstrating a CSRF can be exploited simply by using \[img\] tag is better than having to send a link to the victim.