Today we’re going to talk about how you managed to bypass rate limiting
In one of the US Department of Defense sites
But I will explain in detail about this bug in another article and ways to overcome it in detail. Do not forget to review the rest of the articles that I submit on my account here on medium .
While touring one of the US Department of Defense websites, I found the feature to participate by entering my personal email to receive notifications about any update
I put my email and intercept request using burp suite
My First Bounty (idor)
First of all, this is my first article. I benefited a lot from this platform, and I want to thank everyone who contributed to publishing articles that benefited everyone. So I would love to also participate in informing others about what I teach him.
This is a long road, my friend. Everyone has passed here and have crossed difficulties at the beginning of learning, so do not despair and keep learning.
Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly.
FCKeditor is a lightweight text editor to be used in web pages and upload file too.
1-using this dork inurl /editor/filemanager/connectors/test.html
2-you must know which programming languages was the site programmed?
then choose programming languages from Connector:
and web server too
for example website in poc that i will attach it using ASP.Net
then click on Get Folders and Files
3-you can put partition name if website host in windows server
https://target.com/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=C:/ >>>>>>(windows server)
c:/inetpub/wwwroot/target/web.config = https://target.com/web.config
if you use this payload
folders and file you will see is website folders and files
so if you…
what’s ssrf ?
Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
1-you can use this dorks to find vulnerable sites
2-after going to vulnerable page you will find filed “Custom Uploader URL: ”
3-right click then choose inspect element, click on pick an element from the page , select field Custom Uploader URL:
4-in elements “<input id=”txtCustomUrl” style=”WIDTH: 100%; BACKGROUND-COLOR: #dcdcdc” disabled=”” type=”text”>”
5-now you can put url start with…
Before I start explaining how I found this bug.I will talk about Account Takeovers Methodologies
Now let’s tell you about the steps for finding this bug
1-After creating two accounts (first as a hacker account ,second email as a victim account)
2-I go to reset password And you entered your email
3-I go to my email (hacker email ) then open link
4- I find page enter email ,password and repeat password
Today we'll talk about how to bypass rate limiting
via Bypass Captcha
This article will be brief, meaning that we will explain the rate limiting in detail and Bypass Captcha in a later lesson.
Rate limiting is a strategy for limiting network traffic. It puts a cap on how often someone can repeat an action within a certain timeframe.
Captcha is used mostly for security reasons we can use it to prevent:-
CSRF attacks, No Rate limit attacks, Brute Forcing , etc.
Let's talk today about my experience with captcha.I entered one of the hackerone programs Looking for…
Privilege escalation vulnerabilities are security issues that allow users to gain more permissions and a higher level
Hello guys,who love to hack .Today I will talk about how I got this bug. It’s easy. All you have to do is focus and take time to think
While I was roaming in bugcrowd programs, I entered one of the programs that give points and logged into that program
Then I went into the settings and then into the account data that I entered, and I created the account, in fact I was not looking for privilege escalation bug. …
Today we're going to talk about the host injection vulnerability. If you were invited to a private program, I advise you to start with this attack, as it is common and easy to discover .So let's start the fun, guys.
HTTP Host header attacks exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior.
The use of the host header is especially…
Today we'll talk about subdomain takeover vulnerability
We will talk about how to find the vulnerability in all its forms and the tools used, but in terms of exploitation, we will explain the exploitation of the subdomain takeover heroku
A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it. This can happen because either a virtual host hasn’t been published yet or a virtual host has been…