文章预览
X上收集的好用的32个渗透测试小技巧: [ ] Tip 1 Here’s my last finding (P1) 1- register account 2- intercept request 3- here’s the response in image so in “role” parameter we have ROLE_USER So i don’t know what i can replace it to privilege my account to admin 4- open source code and look in js files 5-So in js files i user ctrl+F to search about “user_role” i found another value that’s called “admin_role” 6- so i use match and replace to replace value’s 7- boom privilege my account to admin account with full control [ ] Tip 2 اسعد الله ايامكم بكل خير هذا ثغرة في شركة مايكروسوفت كانت جدا بسيطة بسبب خطأ في اعداد سيرفر IIS Exploit: https//anywebsite.com/c:/Windows/Win.ini [ ] Tip 3 CloudFront bypass:⚔️ ">%0D%0A%0D%0A Would be interested to know if this is target specific or other CloudFront websites are vulnerable [ ] Tip 4 1 : Get all the URL from wayback / Gau 2 : Filter o
………………………………
