fixes and posts
This commit is contained in:
parent
30ae58d906
commit
063cef6968
@ -1,8 +1,13 @@
|
|||||||
+++
|
+++
|
||||||
title = 'BugBounty 101: Email Subscriptions'
|
title = 'BugBounty l0l: Email Subscriptions'
|
||||||
date = 2024-12-18
|
date = 2024-12-18
|
||||||
|
image = 'https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Ffluentcrm.com%2Fwp-content%2Fuploads%2F2022%2F08%2FScreenshot_18-2.jpg&f=1&nofb=1&ipt=858152baa98a508508a431682741b98b40e1ccecde013176cd08d3072cfea690&ipo=images'
|
||||||
+++
|
+++
|
||||||
|
|
||||||
|
## Spam
|
||||||
|
|
||||||
|
![](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Ffluentcrm.com%2Fwp-content%2Fuploads%2F2022%2F08%2FScreenshot_18-2.jpg&f=1&nofb=1&ipt=858152baa98a508508a431682741b98b40e1ccecde013176cd08d3072cfea690&ipo=images)
|
||||||
|
|
||||||
The most common vuln in email subscription that I've seen is spamming:
|
The most common vuln in email subscription that I've seen is spamming:
|
||||||
|
|
||||||
If you found any email subscription form, try to spam yourself by subscribing multiple times:
|
If you found any email subscription form, try to spam yourself by subscribing multiple times:
|
||||||
@ -16,6 +21,31 @@ email+random2@example.com
|
|||||||
|
|
||||||
Why company don't want it? It's possible to use this vuln to make all their emails appear in spam folder by-default by spamming innocent users which will report it as spam.
|
Why company don't want it? It's possible to use this vuln to make all their emails appear in spam folder by-default by spamming innocent users which will report it as spam.
|
||||||
|
|
||||||
|
### No CSRF and captcha
|
||||||
|
|
||||||
|
If you can subscribe via cURL copied command and rate limit is low, then you can get bounty for that depending on the bugbounty rules.
|
||||||
|
|
||||||
|
To do that - select request in devTools/Burp and copy as cURL command. Edit email and send request.
|
||||||
|
|
||||||
|
|
||||||
|
## HTML Injection
|
||||||
|
|
||||||
|
If you can inject HTML into additional email subscription fields (like name) (those fields oftem have characters limit), than you can create legitemate looking spam/scam/phishing email with like:
|
||||||
|
```html
|
||||||
|
# Base payload
|
||||||
|
<h1><a href=https://blog.ca.sual.in>YOU WIN LOTTERY
|
||||||
|
# use bit.ly to make link more shorter
|
||||||
|
<h1><a href=https://bit.ly/random>YOU WIN LOTTERY
|
||||||
|
# In some browsers/email clients you may not need https declaration
|
||||||
|
<h1><a href=blog.ca.sual.in>YOU WIN LOTTERY
|
||||||
|
# You can close </a></h1> tags so it would be more legal
|
||||||
|
```
|
||||||
|
|
||||||
|
Needless to say, if you are not character limited, then you can rewrite email to your liking
|
||||||
|
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
Other email hacks:
|
Other email hacks:
|
||||||
https://book.hacktricks.xyz/pentesting-web/email-injections
|
https://book.hacktricks.xyz/pentesting-web/email-injections
|
||||||
|
|
||||||
|
97
content/productivity/HowTo_social_media.md
Normal file
97
content/productivity/HowTo_social_media.md
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
+++
|
||||||
|
title = 'HowTo Social Media'
|
||||||
|
date = 2024-12-29
|
||||||
|
image = 'https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.imgflip.com%2F6f06pd.png&f=1&nofb=1&ipt=2f81db32331e1bc7c8b953df2d8146a98d1a9de456f8b5cc98c7e67f4a5b557e&ipo=images'
|
||||||
|
+++
|
||||||
|
|
||||||
|
## Privacy
|
||||||
|
|
||||||
|
Nowadays if you got asked:
|
||||||
|
> *"Can I have your Facebook account?"*
|
||||||
|
![](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.wikia.nocookie.net%2Fthe-mr-incredible-becoming-memes%2Fimages%2Fc%2Fc4%2FPhase_1.webp%2Frevision%2Flatest%3Fcb%3D20220823112208&f=1&nofb=1&ipt=6b996cf013dfeabfebfa935c49391b06d7a049a3887657f39b35b6cb6e16527b&ipo=images)
|
||||||
|
|
||||||
|
is a fancy way of saying:
|
||||||
|
> *"Can I get access to information about all people you are relate to, all your interest (profession, hobbies, music...), your home location and how you live your life, pretty please? OwO"*
|
||||||
|
![](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.imgflip.com%2F6f06pd.png&f=1&nofb=1&ipt=2f81db32331e1bc7c8b953df2d8146a98d1a9de456f8b5cc98c7e67f4a5b557e&ipo=images)
|
||||||
|
|
||||||
|
<!-- And our privacy even not the worst part (not worst, because you are the one, who willingly share all information about yourself with people/companies all around the world). The worst part is that your productivity and mental health also suffer greatly. -->
|
||||||
|
|
||||||
|
Oh wait, you even don't need anything to share with other people! Fancy algorithms will determine it by what you like, watch and search (tiktok, instagram...) and then use it to get maximum profit out of you as a consumer.
|
||||||
|
|
||||||
|
Ooh... Wait... It even don't need to be social media anymore, it is also marketplaces (amazon, aliexpress...) who knows anything about you.
|
||||||
|
|
||||||
|
And our privacy even not the worst part (thou **really bad**). The worst part is that your productivity and mental health also suffer greatly.
|
||||||
|
|
||||||
|
## Addiction
|
||||||
|
|
||||||
|
People today are consumers. We are thrilled to get our next dose of dophamine by:
|
||||||
|
- watching tik-tok,
|
||||||
|
- ~doom~ scrolling social media,
|
||||||
|
- searching your ideal product you want to ~not~ buy in marketplace.
|
||||||
|
|
||||||
|
But in fact we are just wasting our time and energy. Don't understimate energy wasted on this.
|
||||||
|
|
||||||
|
![](https://static.wikia.nocookie.net/mullet-madjack/images/1/15/Show.png)
|
||||||
|
|
||||||
|
<p style="text-align: center;">🎶 Playing: <a href=https://inv.nadeko.net/watch?v=QolTRBNWiPc>MULLET MADJACK OST - In Gods Image</a> 🎶</p>
|
||||||
|
|
||||||
|
> I like how it's pictured in game `MULLET MADJACK`
|
||||||
|
(and game have the style, definitely recomended to try).
|
||||||
|
|
||||||
|
### Attention span
|
||||||
|
|
||||||
|
TODO
|
||||||
|
|
||||||
|
NOTIFICATIONS TODO
|
||||||
|
|
||||||
|
## Considirations
|
||||||
|
|
||||||
|
### "But i will miss out how my friends are doing and what is happening in a world!"
|
||||||
|
|
||||||
|
You will not miss out things if you delete yourself out of social media.
|
||||||
|
|
||||||
|
If it's important enough you will learn it from people near you.
|
||||||
|
|
||||||
|
If it's important to you, you will learn it by yourself.
|
||||||
|
|
||||||
|
### "But I use it (youtube/tiktok) for educational purposes!"
|
||||||
|
|
||||||
|
TODO
|
||||||
|
"We are what we consume of"
|
||||||
|
and thus we need to get rid of tik-toks, yt shorts ultimately.
|
||||||
|
and watch choisen type of content that will benefitting for us
|
||||||
|
|
||||||
|
|
||||||
|
### "But I like to get notifications about TODO"
|
||||||
|
|
||||||
|
TODO
|
||||||
|
### TODO What are you talking about, i am not addicted
|
||||||
|
TODO
|
||||||
|
|
||||||
|
## TODO but i need it for my work
|
||||||
|
TODO
|
||||||
|
|
||||||
|
|
||||||
|
## TODO but loose my contacts
|
||||||
|
TODO
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## TODO What to do next in one word - like CURE
|
||||||
|
TODO
|
||||||
|
|
||||||
|
{{< spoiler Examples >}}
|
||||||
|
TODO
|
||||||
|
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
I forgot to remove it from template
|
||||||
|
|
||||||
|
{{< /spoiler >}}
|
||||||
|
|
||||||
|
{{< source >}}
|
||||||
|
https://www.youtube.com/watch?v=f9W7pTqxh58&list=PLusAca3pUpLfhWIzQPQiFt-tX2G17PCz4&index=13
|
||||||
|
https://www.youtube.com/watch?v=XHAV87e0hLY
|
||||||
|
{{< /source >}}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user