Bug Bounty Tip
Want to learn HTTP Request Smuggling?
Check out this incredible Workshop with over 120 minutes of theory, videos, and practice using Docker Labs
https://gosecure.github.io/request-smuggling-workshop/#0
Want to learn HTTP Request Smuggling?
Check out this incredible Workshop with over 120 minutes of theory, videos, and practice using Docker Labs
https://gosecure.github.io/request-smuggling-workshop/#0
π14β€1
A curated list of bugbounty writeups (Bug type wise)
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
β€7π1
π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ» pinned Deleted message
Burp Suite 2023.8+ includes a feature that theoretically makes opening untrusted project files safe. If you find a bypass, you're probably eligible for a bounty - check the full details here:
https://portswigger.net/burp/releases/professional-community-2023-8
https://portswigger.net/burp/releases/professional-community-2023-8
Burp Suite Release Notes
Professional / Community 2023.8
This release introduces the ability to reuse HTTP/1 connections in Intruder, specify intermediate CA certificates when authenticating using hardware tokens and smart cards, safely open third-party pro
π10
Bug Bounty Tip
GBK Encoding / MultiByte Attack
ε = %E5%98%8A = \u560a β %0A
ε = %E5%98%8D = \u560d β %0D
εΎ = %E5%98%BE = \u563e β %3E (>)
εΌ = %E5%98%BC = \u563c β %3C (<)
ε’ = %E5%98%A2 = \u5622 β %22 (')
ε§ = %E5%98%A7 = \u5627 β %27 (")
For XSS, CRLF, WAF bypass
GBK Encoding / MultiByte Attack
ε = %E5%98%8A = \u560a β %0A
ε = %E5%98%8D = \u560d β %0D
εΎ = %E5%98%BE = \u563e β %3E (>)
εΌ = %E5%98%BC = \u563c β %3C (<)
ε’ = %E5%98%A2 = \u5622 β %22 (')
ε§ = %E5%98%A7 = \u5627 β %27 (")
For XSS, CRLF, WAF bypass
β€6π3