diff --git a/Local File Inclusion.md b/Local File Inclusion.md new file mode 100644 index 0000000..0f70829 --- /dev/null +++ b/Local File Inclusion.md @@ -0,0 +1 @@ +# Soon! \ No newline at end of file diff --git a/NoSQL Injection.md b/NoSQL Injection.md new file mode 100644 index 0000000..0f70829 --- /dev/null +++ b/NoSQL Injection.md @@ -0,0 +1 @@ +# Soon! \ No newline at end of file diff --git a/Open Redirect.md b/Open Redirect.md new file mode 100644 index 0000000..4dda42f --- /dev/null +++ b/Open Redirect.md @@ -0,0 +1,66 @@ +## Filter Bypass + +1. Using a whitelisted domain or keyword +``` +target.com.evil.com +``` + +2. Using "//" to bypass "http" blacklisted keyword +``` +//evil.com +``` + +3. Using "https:" to bypass "//" blacklisted keyword +``` +https:evil.com +``` + +4. Using "\/\/" to bypass "//" blacklisted keyword (Browsers see \/\/ as //) +``` +\/\/evil.com/ +/\/evil.com/ +``` + +5. Using "%E3%80%82" to bypass "." blacklisted character +``` +/?redir=evil。com +/?redir=evil%E3%80%82com +``` + +6. Using null byte "%00" to bypass blacklist filter +``` +//evil%00.com +``` + +7. Using parameter pollution +``` +?next=target.com&next=evil.com +``` + +8. Using "@" character, browser will redirect to anything after the "@" +``` +target.com@evil.com +target.com%40evil.com +``` + +9. Creating folder as their domain +``` +http://www.yoursite.com/http://www.theirsite.com/ +http://www.yoursite.com/folder/www.folder.com +``` + +10. Using "?" characted, browser will translate it to "/?" +``` +http://www.yoursite.com?http://www.theirsite.com/ +http://www.yoursite.com?folder/www.folder.com +``` + +11. Host/Split Unicode Normalization +``` +https://evil.c℀.example.com +``` + +12. Using parsing +``` +http://ⓔⓥⓘⓛ.ⓒⓞⓜ +``` \ No newline at end of file diff --git a/README.md b/README.md index ac2a391..c1b2cdd 100644 --- a/README.md +++ b/README.md @@ -3,17 +3,22 @@ These are my bug bounty notes that I have gathered from various sources, you can ## List - [Business Logic Errors](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Business%20Logic%20Errors.md) +- SQL Injection (SOON) +- NoSQL Injection (SOON) +- Local File Inclusion (SOON) - [Cross Site Request Forgery (CSRF)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Request%20Forgery.md) - [Cross Site Scripting (XSS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md) +- [Open Redirect](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Open%20Redirect.md) +- [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md) - [Denial of Service (DoS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md) - [Exposed Source Code](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md) - [Host Header Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md) -- [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md) - [Web Cache Poisoning](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md) ## List Bypass - [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md) - [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md) +- [Bypass 304](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20304.md) - [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md) - [Bypass File Upload](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20File%20Upload.md) - [Bypass Rate Limit](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Rate%20Limit.md) diff --git a/SQL Injection.md b/SQL Injection.md new file mode 100644 index 0000000..0f70829 --- /dev/null +++ b/SQL Injection.md @@ -0,0 +1 @@ +# Soon! \ No newline at end of file