search

πŸ’‘My Information Disclosure Methodology

hashtag

hashtag

hashtag
-------------------------------------------------------------

hashtag
(1) One-Liner Information Disclosure Finding

hashtag
-------------------------------------------------------------

hashtag
(2) One-Liner π™€π™­π™©π™§π™–π™˜π™© π™Žπ™šπ™£π™¨π™žπ™©π™žπ™«π™š π™žπ™£π™›π™€π™§π™’π™–π™©π™žπ™€π™£π™¨ 𝙛𝙧𝙀𝙒 π™…π™Ž π™π™žπ™‘π™šπ™¨

hashtag
-------------------------------------------------------------

hashtag
Session Hijacking testing steps

  1. Login your account

  2. Use cookie editor extension in browser

  3. Copy all the target cookies

  4. Logout your account

  5. Paste that cookies in cookie editor extension

  6. Refresh page if you are logged in then this is a session hijacking

hashtag
-------------------------------------------------------------

hashtag
Websites heck broken links to find broken link-hijacking vulnerabilities

1- https://ahrefs.com/broken-link-checker…arrow-up-right

2- https://deadlinkchecker.comarrow-up-right

3- https://brokenlinkcheck.comarrow-up-right

hashtag
-------------------------------------------------------------

hashtag
Some ways to bypass 403

1- Using space symbols

exmaple: /admin -> 403

/admin%09 -> 200

/admin%20 -> 200

2- use traversal Example:

/admin -> 403

/..;/admin -> 200

You can fuzz with traversal sometimes that end with results

Example: /..;/FUZZ

hashtag
-------------------------------------------------------------

PreviousIDOR TO Account TakeoverNextBusiness Logic Errors

Last updated