From 62b8a6623bc4984cd850d4703c65717456252694 Mon Sep 17 00:00:00 2001 From: Kuromatae Date: Mon, 28 Oct 2019 14:30:57 +0100 Subject: [PATCH] Update bugbountytips.md Added tip #7 --- cheatsheets/bugbountytips.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cheatsheets/bugbountytips.md b/cheatsheets/bugbountytips.md index ae268db..d678d96 100644 --- a/cheatsheets/bugbountytips.md +++ b/cheatsheets/bugbountytips.md @@ -29,3 +29,10 @@ Look for *hackathon-related* assets. What I mean by this is sometimes companies **Tip #6** Keep all your directory brute force results so when a CVE like Drupalgeddon2 comes out, you can look for previously found instances (cat dirsearch/reports/*/* | grep INSTALL.mysql.txt | grep 200 | less)/ + + + +**Tip #7** + +When you have a form, always try to change the request method from POST to GET in order to improve the CVSS score. +For example, demonstrating a CSRF can be exploited simply by using \[img\] tag is better than having to send a link to the victim.