Bug Bounty
Source: AwesomeXSS/Database at master · s0md3v/AwesomeXSS · GitHub Payload: * polyglot: gist.github.com
Open Redirection Twitter Open Redirection https://twitter.com/teams/authorize?target_screen_name=&authorize_callback=//www.fb.com Description: This payload will redirect from twitter.com to www.fb.com XSS i='[url=javascript://%0aalert`1`] …
www.youtube.com Payload: i='[url=javascript://%0aalert`1`] click me![/url]'
Cross-site Scripting (XSS) - DOM (CWE-79) Open Redirect (CWE-601) Server-Side Request Forgery (SSRF) (CWE-918) Report1: medium.com (今後続く)
脆弱性を探す前に、サブドメインが多ければ多いほど脆弱性が潜んでいる可能性が高いといわれています。 今回は、サブドメインを見つけてくれるツールをご紹介します。 1. 「Sublist3r」 2. 「dirsearch」 3. 「relative-url-extractor」 4. 「LinkFinder」 5…
CRLF Injection (CWE-93)Code Injection (CWE-94)Command Injection - Generic (CWE-77)Cross-site Scripting (XSS) - DOM (CWE-79)Cross-site Scripting (XSS) - Generic (CWE-79)Cross-site Scripting (XSS) - Reflected (CWE-79)Cross-site Scripting (XS…
Business Logic Errors (CWE-840)Cleartext Storage of Sensitive Information (CWE-312)Cleartext Transmission of Sensitive Information (CWE-319)Denial of Service (CWE-400)Deserialization of Untrusted Data (CWE-502)Information Disclosure (CWE-2…
Array Index Underflow (CWE-129)Buffer Over-read (CWE-126)Buffer Under-read (CWE-127)Buffer Underflow (CWE-124)Classic Buffer Overflow (CWE-120)Double Free (CWE-415)Heap Overflow (CWE-122)Improper Null Termination (CWE-170)Incorrect Calcula…
Cryptographic Issues - Generic (CWE-310)Improper Certificate Validation (CWE-295)Improper Following of a Certificate's Chain of Trust (CWE-296)Inadequate Encryption Strength (CWE-326)Key Exchange without Entity Authentication (CWE-322)Miss…
Brute Force (CWE-307)Forced Browsing (CWE-425)Improper Access Control - Generic (CWE-284)Improper Authentication - Generic (CWE-287)Information Disclosure (CWE-200)Information Exposure Through Debug Information (CWE-215)Information Exposur…
Brute Force (CWE-307)Cleartext Transmission of Sensitive Information (CWE-319)Client-Side Enforcement of Server-Side Security (CWE-602)Command Injection - Generic (CWE-77)Cross-Site Request Forgery (CSRF) (CWE-352)Cross-site Scripting (XSS…
・2013年 Cleartext Storage of Sensitive Information (CWE-312)Cleartext Transmission of Sensitive Information (CWE-319)Command Injection - Generic (CWE-77)Cross-Site Request Forgery (CSRF) (CWE-352)Cross-site Scripting (XSS) - DOM (CWE-79)C…
こちらの方の動画をご覧ください。 www.youtube.com No1zyさんのブログ: no1zy.hatenablog.com
