๐จ Just published a new blog post on understanding the difference between Path Traversal and File Inclusion vulnerabilities. If you're interested in web application security, make sure to check it out.
#BugBounty#bugbountytips#webappsecurity
https://t.co/Y06suk7NJj
OSCP certification is finally here! This journey has been challenging yet incredibly rewarding. Special thanks to @vsachin168 sir and @_p4nk4j sir for their knowledge, guidance, and support. @offsectraining great stuff. On to the next!
#oscp#offsec#CyberSecurity
Just made another P1 discovery! Discovered that FTP Anonymous Login is allowed on the target domain, exposing numerous files and data.
Always remember to check for other open ports to uncover more potential security issues. ๐
#bugbounty#bugbountytips#p1
@MhdJulda 3.
accessible or visible to website visitors through the usual navigation or links on the site). Then i searched for its default credentials and found in their documentation.
I hope this explanation helps you.
@mveswar98 @g0ziem If the provider and service is well-known, you can easily find it through a simple Google search without going through documentations. If not, documentations are always there.
@MhdJulda 2.
deploy provider specific services, like "https://t.co/w7mn2tH3ox." I then searched for the services offered by this provider and their well-known paths, easily available on simlple search. Through brute force, I discovered a hidden login page (that is present but not easily
@MhdJulda I haven't written a blog on this, but here's more explanation of the discovery:
After collecting subdomains of the target domain, I came across a subdomain that included the name of a service provider, such as "https://t.co/tRGzoqeemL." Organizations often use this practice to
If you want to grow as a bug bounty hunter, you have to move outside of your comfort zone.
Find things you don't understand, then go read about them. Fiddle with them. Learn them.
If you get stuck you'll be left behind quickly. That's just the nature of the beast.
@K1enNT Default credentials are service or platform specific and not always "admin:admin/password". I obtained the credentials from the panel's documentation, which are "admin:changeme".