尝试挖一些越权漏洞
越权漏洞的一些资料
配置了burp的一些插件并实验了Goby和Xray联动
100天的计划,去了一半。今天开始一个强化计划,强化计划是一个月的时间,专注于挖洞。
100天的这种分享记录形式也暂停,改为实战记录,每天记录一下收获。
1.Finding Your Next Bug: GraphQL
1.浅谈攻防演练中的信息收集
2.渗透测试之Docker逃逸
3.从webpack开始发现的漏洞大礼包
1.Hacking 1Password | Episode 4 – Two Simple Bugs that Worth $3,300
2.Finding Your Next Bug: GraphQL
1.Rust写的Fuzzer
hackerone漏洞列表:
https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSUBDOMAINTAKEOVER.md
1.web 安全系列-15-subdomain takeover 子域劫持
https://houbb.github.io/2020/08/09/web-safe-15-subdomain-takeover
2.深入解析子域名接管(Subdomain Takeover)漏洞
https://www.secpulse.com/archives/94973.html
3.HackerOne | 子域名劫持漏洞的挖掘指南
https://www.freebuf.com/articles/web/183254.html
4.技术分析 | 我们来“劫持”个GitHub自定义域名玩吧!
https://www.freebuf.com/articles/web/171952.html
5.Domain takeover
https://book.hacktricks.xyz/pentesting-web/domain-subdomain-takeover
6.A GUIDE TO SUBDOMAIN TAKEOVERS
https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
7.Subdomain takeovers
https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers
8.How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
1.挖洞经验 | 通过域名劫持实现Azure DevOps账户劫持
https://www.freebuf.com/articles/web/242727.html
2.挖洞经验 | 看我如何通过子域名接管绕过Uber单点登录认证机制
https://www.freebuf.com/news/141630.html
3.挖洞经验 | 看我如何在前期踩点过程中发现价值$4500的漏洞
https://www.freebuf.com/articles/network/171219.html
4.挖洞经验 | 看我如何在短时间内对Shopify五万多个子域名进行劫持
https://www.freebuf.com/articles/web/186411.html
5.Exploiting Subdomain Takeover on S3
https://gupta-bless.medium.com/exploiting-subdomain-takeover-on-s3-6115730d01d7
1.Osmedeus
https://github.com/j3ssie/Osmedeus
https://github.com/shmilylty/OneForAll
3.second-order
https://github.com/mhmdiaa/second-order
4.SubOver
https://github.com/Ice3man543/SubOver
5.more
https://github.com/search?q=Subdomain+Takeover&type=
1.Live Stream Subdomain Takeovers for Bug Bounties
2.Subdomain Takeover Step by Step | Bug Bounty 2020
1.Recox-用于Web侦察的主脚本
https://hakin9.org/recox-master-script-for-web-reconnaissance/
1.ida ticks 教学视频
https://www.reverse-engineer.net/ida-pro
https://github.com/jaybosamiya/security-notes
3.ProjectDiscovery Reel
1.Absence of Token expiry leads to Unauthorized login Access
1.Bheem 侦察平台,聚合了很多的工具
https://github.com/harsh-bothra/Bheem
https://github.com/sushiwushi/bug-bounty-dorks
https://github.com/maurosoria/dirsearch
3.gin – a Git index file parser
https://github.com/KingOfBugbounty/KingOfBugBountyTips
1.The YouTube bug that allowed unlisted uploads to any channel
https://medium.com/bugbountywriteup/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a
2.Subdomain Takeovers, beyond the basics for Pentesters and Bug Bounty Hunters
3.Account Takeover(ATO) and Email verification bypass in 2mins
4.Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
https://hackerone.com/reports/530974
5.Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB
1.侦查工具 3klCon
https://github.com/eslam3kl/3klCon
1.Bug Hunting Tactics
https://speakerdeck.com/harshbothra/bug-hunting-tactics
2.Bounty Thursdays – Wordlists for content discovery and API bugs!
3.Beginner’s Guide to CTFs
https://medium.com/bugbountywriteup/beginners-guide-to-ctfs-c934a0d7f5f9
1.My bug bounty journey. The middle-class boy who wanted everything for free.
Github: https://github.com/pxiaoer/rfuss2
文章:
1.Build simple fuzzer – part 1
https://carstein.github.io/2020/04/18/writing-simple-fuzzer-1.html
2.Build simple fuzzer – part 2
https://carstein.github.io/2020/04/25/writing-simple-fuzzer-2.html
3.Build simple fuzzer – part 3
https://carstein.github.io/2020/05/02/writing-simple-fuzzer-3.html
4.Build simple fuzzer – part 4
https://carstein.github.io/2020/05/21/writing-simple-fuzzer-4.html
1.Zero-day in Sign in with Apple
https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
1.SAML Testing
2.SSTI to Local File Read
https://www.r29k.com/articles/bb/ssti
3.crtfinder v2
https://github.com/eslam3kl/crtfinder
4.Exploiting dynamic rendering engines to take control of web apps
https://r2c.dev/blog/2020/exploiting-dynamic-rendering-engines-to-take-control-of-web-apps/
https://github.com/m4ll0k/Bug-Bounty-Toolz
https://github.com/Sicks3c/Reconizer
https://github.com/1ndianl33t/Bug-Bounty-Roadmaps
1.Chaining vulnerabilities lead to account takeover
https://ahzsec.medium.com/chaining-vulnerabilities-lead-to-account-takeover-b583f0c10591
2.Unauthenticated Account Takeover Through HTTP Leak
https://medium.com/bugbountywriteup/unauthenticated-account-takeover-through-http-leak-33386bb0ba0b
3.Spear Phishing in Google Cloud
https://medium.com/@filipz0203/spear-phishing-in-google-cloud-a80fb42577fe
