Hi , It's Me Maniesh Neupane(Pwn4arn).

 Common open redirection vulnerability parameter ; /{payload} ?next= ?url= ?target= ?rurl= ?dest= ?destination= ?redir= redirect_uri= ?redirect_url= ?redirect= /redirect/ cgi-bin/redirect.cgi?{} /out/ /out? ?view= /login?to= ?image_url= ?go= ?return= ?returnTo= ?return_to= ?checkout_url= Other common parameters: dest, redirect, uri, path, continue, url, window, to, out, view, dir, show, navigation, Open, url, file, val, validate, domain, callback, return, page, feed, host, port, next, data, reference, site, html

 

 Wordpress juicy endpoints ! 1) wp-admin.php 2) wp-config.php 3) wp-content/uploads 4) Wp-load 5) wp-signup.php 6) Wp-json 7) wp-includes [directory] 8) index.php 9) wp-login.php 10) wp-links-opml.php  11) wp-activate.php 12) wp-blog-header.php 13) wp-cron.php 14) wp-links.php 15) wp-mail.php 16) xmlrpc.php 17) wp-settings.php 18) wp-trackback.php 19) wp-signup.php 20) admin-bar.php 21) wp-content/debug.log 22) wp-config.bkp 23) wp-admin/admin.php 24) -wpeprivate 25:)  -wpeprivate/config.json              Thank you !       

 Networking Cheatsheet ! Amount Manipulation Testing !

What is XML external entity injection? XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure, by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks. How do XML vulnerabilities arise? While XML is an extremely popular format used by developers to transfer data between the web browser and the server, this results in XXE being a common security flaw. XML requires a parser, which is typically where vulnerabilities occur. XXE enables an entity to be defined based on the content of a file path or URL. When the XML attack payload is read by the ser

 Code Review Mindmap !           Pentesting Mindmap/Recon Methodology !   

 Two Factor Authentication ! What is 2FA 🤔 ? Let's get started , 2FA stands for 2-factor authentication. It is used as an additional layer of security for user accounts. This simply means there will be two factors for you to authenticate into your account. One is simply your credentials, and if due to some case they are compromised the additional layer(second authentication) can protect your account from getting takeover. This can be of many forms like ;    1:) Sending verification code to email. 2:) Sending OTP to email or mobile number. 3:) Third-party app-generated codes. 4:) Verification through QR codes. 5:)     SMS verification. This provides an extra layer of security for user accounts. Even if your credentials got exposed, your account can still be safe if you have your 2FA turned on. But what if this 2FA is also vulnerable. Then your account is not safe even if you have your 2FA turned on. So this vulnerability is a serious one and can be used to take over other accounts

 Let's get started ! To identify individuals in a group of people we need any unique combination of resources by which we can identify the individual. That combination can be his first name, last name, address or SSN. These all are resources that can help users to identify uniquely. This is the case with humans but if we want to identify in web- application for that web-application uses “Authentication”. Let us discuss it in detail.           What Is Authentication !             Well , It is the process of verifying the identity of a person or a device. Authentication is used by a server when the server needs to know exactly who is accessing their information or site. In authentication, the user or computer has to prove its identity to the server or client. A common example is entering a username and password when you log into the website. In the case of a web application they use different methods of authentications , it can be username password or username with the OTP sent to yo

 What Is Shodan Exactly? Shodan is a search engine for Internet-connected devices. It is different from search engines like Google and Bing because Google and Bing are great for finding websites but Shodan helps in finding different things like popular versions of Microsoft IIS, control servers for Malware, how many host are affected with the new CVEs, which countries are becoming more connected, SSL certificates of the websites etc. Difference between Shodan and Google : The major difference between Shodan and Google is that, that Shodan analyzes the internet and Google analyzes the Word Wide Web.        Description : Shodan is the most popular search engine ever seen. It has the capability to index small desktops, CCTVs, nuclear power plants etc. Nowadays shodan has become very popular in the world of penetration testing, bug bounties, digital forensics, threat hunting etc. Shodan’s Search Query Insights : Shodan gathers information by interacting with web services and this informati

              Thank you @Nahamsec

 

  Manual Approach ; Let’s start with how you can get sensitive information leak Sensitive information is as follows ; "Company name" credentials                   Keywords 👇 {User_names , password, token , Secret key , backup file , pwd, credentials, ftp, JDBC, LDAP, key , pass , pw, user_auth } GitHub Dorks for Finding Files: “company name” filename:database “company name” filename:secrets.yml “company name” filename:passwd “company name” filename:LocalSettings.php “company name” filename:config.php “company name” filename:config.inc.php “company name” filename:configuration.php “company name” filename:shadow “company name” filename:.env “company name” filename:wp-config.php “company name” filename:credentials “company name” filename:id_rsa “company name” filename:id_dsa “company name” filename:.sqlite “company name” filename:secret_token.rb “company name” filename:settings.py “company name” filename:credentials.xml GitHub Dorks for Finding information sensitive from progra

 

Pentesting Mindmap  Cyber security domain!  

Server-side request forgery ! Common injection parameters "access=", "admin=", "dbg=", "debug=", "edit=", "grant=", "test=", "alter=", "clone=", "create=", "delete=", "disable=", "enable=", "exec=", "execute=", "load=", "make=", "modify=", "rename=", "reset=", "shell=", "toggle=", "adm=", "root=", "cfg=", "dest=", "redirect=", "uri=", "path=", "continue=", "url=", "window=", "next=", "data=", "reference=", "site=", "html=", "val=", "validate=", "domain=", "callback=", "return=", "page=", "feed=", "host=", "port=", "to=", &q