Amal Murali amalmurali47

## check_all.js
// Paste into Firebug or Chrome Dev Tools console
// when viewing a page with multiple checkboxes.

(function(d) {
  var input = d.querySelectorAll('input[type="checkbox"]');
  var i = input.length;

  while (i--) {
    input[i].checked = true;
  }

## gist:9077238
<?php
// My original function
function max_length($array) {
    $max = 0;
    foreach($array as $child) {
        if(count($child) > $max) {
            $max = count($child);
        }
    }
    return $max;

## bucket-disclose.sh
#!/bin/bash

# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

## README.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                amalmurali47
                / README.md
            
            
              Created
              March 10, 2021 17:40
                — forked from TheBinitGhimire/README.md
            
              
                [Facebook Bug Bounty] Dangling DNS Records on surf-test.xwf.internet.org! - $500
              
          
    Dangling DNS Records on surf-test.xwf.internet.org! - $500

Vulnerability Discovery

In this GitHub Gist, I have included my script (main.sh), which I used in discovering this vulnerability.
The script performs sub-domain enumeration over the Internet.org domain using assetfinder, subfinder, sublist3r and amass, and then checks for sub-domains which are further pointing to Amazon EC2 hostnames, and stores all of the results in multiple text files.
I didn't perform any form of manual work in discovering this vulnerability, and my workflow was fully automated with the help of Bash scripting using different tools.
After retrieving the results as mentioned earlier, you can simply perform a Nmap scan for all ports across the sub-domainss with Amazon EC2 hostnames, and if no ports are up, you can try reporting the vulnerability to the vendor (i.e. in this case, it's Facebook.).

  
## selenium_google_metadata_ssrf.py
require 'selenium-webdriver'

@host = "http://metadata.google.internal/computeMetadata/v1/instance/"

  def setup
    @driver = Selenium::WebDriver.for(
      :remote,
      url: 'https://SELENIUM_URL/wd/hub',
      desired_capabilities: :chrome)
  end
	// Paste into Firebug or Chrome Dev Tools console
	// when viewing a page with multiple checkboxes.

	(function(d) {
	var input = d.querySelectorAll('input[type="checkbox"]');
	var i = input.length;

	while (i--) {
	input[i].checked = true;
	}
	<?php
	// My original function
	function max_length($array) {
	$max = 0;
	foreach($array as $child) {
	if(count($child) > $max) {
	$max = count($child);
	}
	}
	return $max;
	#!/bin/bash

	# Written by Frans Rosén (twitter.com/fransrosen)
	_debug="$2" #turn on debug
	_timeout="20"
	#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
	_aws_key="AKIA..."
	H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
	H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
	require 'selenium-webdriver'

	@host = "http://metadata.google.internal/computeMetadata/v1/instance/"

	def setup
	@driver = Selenium::WebDriver.for(
	:remote,
	url: 'https://SELENIUM_URL/wd/hub',
	desired_capabilities: :chrome)
	end