Some Private Notes on Bug Hunting Aashish Kunvar Anon haxo: ########By dorkerdevil ############## Hope you like it #NavinYadav bro for u n for group Hack Notes echo -e "HEAD /HTTP/1.0\n\n" | nc -vv website.com echo -e "HEAD /HTTP/1.0\n\n" | openssl s_client -quit -connect website:443 nikto -p 80 -h website -verbose whisker2.1 -p 80 -h website enum all extensions: .asp,.aspx,.css,.htc,.htr,.htw,.ida,.idc,.idq,.printer,.shtm,.xml,.xsl previous version of pages:~ extensions: .bak,.old,.orig,.txt search for common directories such as:~ /bak,/inc,/old,/script SQL connection strings:~ db= dbconn= ~:xss payloads to check:~ <script>alert(document.cookie)</script> 1.attempt different embedding method: %3cscript%3e, %253cscript%253e, %00%3cscript%
THE BEST IS YET TO COME!!!