π‘My Information Disclosure Methodology
-------------------------------------------------------------
(1) One-Liner Information Disclosure Finding
cat subdomains.txt | waybackurls | httpx -mc 200 -ct | grep application/json-------------------------------------------------------------
(2) One-Liner πππ©π§πππ© πππ£π¨ππ©ππ«π ππ£ππ€π§π’ππ©ππ€π£π¨ ππ§π€π’ π
π πππ‘ππ¨
echo TARGET.com | gau | grep ".js" | httpx -content-type | grep 'application/javascript' | awk '{print $1}' | nuclei -t /root/nuclei-templates/exposures/ -silent > secrets.txt-------------------------------------------------------------
Session Hijacking testing steps
Login your account
Use cookie editor extension in browser
Copy all the target cookies
Logout your account
Paste that cookies in cookie editor extension
Refresh page if you are logged in then this is a session hijacking
-------------------------------------------------------------
Websites heck broken links to find broken link-hijacking vulnerabilities
1- https://ahrefs.com/broken-link-checkerβ¦
2- https://deadlinkchecker.com
3- https://brokenlinkcheck.com
-------------------------------------------------------------
Some ways to bypass 403
1- Using space symbols
exmaple: /admin -> 403
/admin%09 -> 200
/admin%20 -> 200
2- use traversal Example:
/admin -> 403
/..;/admin -> 200
You can fuzz with traversal sometimes that end with results
Example: /..;/FUZZ
-------------------------------------------------------------
Last updated