{"uuid": "94c9b514-5ce1-410e-baff-5b3fcaf8f30e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26134", "type": "published-proof-of-concept", "source": "https://t.me/bhhub/792", "content": "#BugBountyTips of the Day\nJust made a quick 7min video on how to rapidly scrape API links from an OpenAPI spec and test them for broken access control issues using Burp Intruder.  I'm up to about ~24 broken access control issues with Pinterest now, so it works.\ud83d\ude1c   #bugbountytips   https://t.co/DUqecQsGr4\n---\nsome google dorks for finding sensitive files:\u2705 \u25b6\ufe0fintitle:\"index of\" \"WebServers.xml\" \u25b6\ufe0ffiletype:xls inurl:\"email.xls\" \u25b6\ufe0fintitle:\"Index of\" wp-admin \u25b6\ufe0fintitle:\"index of\" \"admin/sql/\" \u25b6\ufe0fintitle:\"index of\" \"system/config\" #bugbountytips #infosecurity\n---\n#Secret6 8 Awesome 2FA Bypass Techniques \ud83d\udddd\ufe0f  #bugbountytips \ud83e\uddf5\ud83d\udc47\ud83c\udffb  https://t.co/bxiDoWaYog\n---\npoc for new CVE-2022-26134 using shodan dork  #bugbountytips #BugBounty #bugbountytip #infosec  https://t.co/rNOHu4jGqw", "creation_timestamp": "2022-06-07T13:37:04.000000Z"}