diff --git a/Acount takeover/ATO.md b/Acount takeover/ATO.md
index 2795d13..611a9a2 100644
--- a/Acount takeover/ATO.md
+++ b/Acount takeover/ATO.md
@@ -52,7 +52,7 @@ Occasionally, the application displays unnecessary data, such as valid OTPs, has
[ ] **password reset**
```
1. check if you are able to brute force the password reset OTP
-2. test for token predectability
+2. test for token predictability
3. test for JWT misconfigurations
4. check if the password reset endpoint is vulnerable to IDOR
5. check if the password reset endpoint is vulnerable to Host Header injection
@@ -99,7 +99,7 @@ if the application does not use auth token or you can't access the cookies becau
[ ] **IDOR to Account Takerover**
```
-1. checck if the email update endpoint is vulnerable to IDOR
+1. check if the email update endpoint is vulnerable to IDOR
2. check if the password change endpoint is vulnerable to IDOR
3. check if the password reset endpoint vulnerable to IDOR
```
@@ -144,7 +144,7 @@ when send rest account request intercept POST Request and Change Host header val
[ ] **CORS Misconfiguration to Account Takeover**
-If the page contains CORS missconfigurations you might be able to steal sensitive information from the user to takeover his account or make him change auth information for the same purpose:
+If the page contains CORS misconfigurations you might be able to steal sensitive information from the user to takeover his account or make him change auth information for the same purpose:
```
https://book.hacktricks.xyz/pentesting-web/cors-bypass
```
diff --git a/Admin panal/adminpanal.md b/Admin panal/adminpanal.md
index 349a5e3..5822cdf 100644
--- a/Admin panal/adminpanal.md
+++ b/Admin panal/adminpanal.md
@@ -1,5 +1,5 @@
-[ ] defualt credentials
-[defualt credentials](https://book.hacktricks.xyz/generic-methodologies-and-resources/brute-force#default-credentials)
+[ ] default credentials
+[default credentials](https://book.hacktricks.xyz/generic-methodologies-and-resources/brute-force#default-credentials)
```
admin:admin
admin:password
@@ -7,12 +7,12 @@ author:author
administrator:password
admin123:password
username:pass12345
-and many of defualt credentials
+and many of default credentials
```
[ ] Bypass by SQL Injection
```
-inject username or paswword with a lot of payloads:
+inject username or password with a lot of payloads:
=> error based
=> time based
```
diff --git a/Aem misconfiguration/aem.md b/Aem misconfiguration/aem.md
index 7d14e87..b68db24 100644
--- a/Aem misconfiguration/aem.md
+++ b/Aem misconfiguration/aem.md
@@ -2,7 +2,7 @@
https://www.youtube.com/watch?v=EQNBQCQMouk
##### method
- collect sub domain
-- use nuclei/nuclei-templates/technologies/tech-detect.yaml to identifiy aem
+- use nuclei/nuclei-templates/technologies/tech-detect.yaml to identify aem
- Python3 ./aem_hacker.py –u https://example — host localhost
- use https://github.com/clarkvoss/AEM-List/blob/main/paths to fuzz on path
@@ -10,7 +10,7 @@ https://www.youtube.com/watch?v=EQNBQCQMouk
- https://github.com/0ang3el/aem-hacker
- https://github.com/0ang3el/aem-rce-bundle
```
-python3 aem_hacker.py -u --host yourvpshostname =>comman usage
+python3 aem_hacker.py -u --host yourvpshostname =>common usage
python3 aem_discovery.py --file urls.txt --workers 150 =>discover url
python3 aem_enum.py --url => automate usernames and secrets grabbing
python3 aem_ssrf2rce.py --url --fakaem yourvbs
@@ -102,7 +102,7 @@ jcr:data=alert('xss+on+'%2b+document.domain+%2b+'\nby+%400ang3el+\ud83d\ude00')%
```
everything is stored in jcr repository :
- secrets (password ,encryption key , tokens)
-- cinfiguration
+- configuration
- pII
- usernames
@@ -136,7 +136,7 @@ everything is stored in jcr repository :
- /.ext.json
- /.childrenlist.json
- or guess node names :
- - comman names /content, /home, /var, /etc
+ - common names /content, /home, /var, /etc
- Dump props for each child node of jcr:root :
- /etc.json or /etc.s.json or /etc.-1.json
diff --git a/Api Authentication /Authentication.md b/Api Authentication/Authentication.md
similarity index 99%
rename from Api Authentication /Authentication.md
rename to Api Authentication/Authentication.md
index 9d2a704..fff721b 100644
--- a/Api Authentication /Authentication.md
+++ b/Api Authentication/Authentication.md
@@ -768,4 +768,4 @@ username[0]=admin
username=admin&username=admin
delete username=admin
-```
+```
\ No newline at end of file
diff --git a/Bussiness Logic/bussiness logic.md b/Bussiness Logic/bussiness logic.md
index a29f670..affda97 100644
--- a/Bussiness Logic/bussiness logic.md
+++ b/Bussiness Logic/bussiness logic.md
@@ -1,6 +1,6 @@
1. change the price with other price :100->50
-2. change the price with nagative price :100->-100
-3. change the price with other price by add nagative value: 100 ->(+-120)
+2. change the price with negative price :100->-100
+3. change the price with other price by add negative value: 100 ->(+-120)
4. change the price with other price by mult by 0.5: 100->(0.5*100)
5. Retrieving a Profile
```
@@ -198,5 +198,5 @@ from URLs or by using some internal parameters.
• Once a target parameter has been identified start doing basic brute force or guess work to fetch another user’s files from server.
```
-26. null pyloads
+26. null payloads
27. in change password try to delete current password
diff --git a/CSRF/csrf.md b/CSRF/csrf.md
index 9dba5d9..68e2fc9 100644
--- a/CSRF/csrf.md
+++ b/CSRF/csrf.md
@@ -88,7 +88,7 @@ email=....&csrftoken=.....
- steps
1- create two accounts
2- go to the first account and change email we will change
-3- go to second account and try intersept change email then drop request , copy the csrf token
+3- go to second account and try intercept change email then drop request , copy the csrf token
4- go to the first account and put csrf token(second account) and try change email is valid or not
diff --git a/Cookie Attack/cookie.md b/Cookie Attack/cookie.md
index 2e773c4..d0e8fb1 100644
--- a/Cookie Attack/cookie.md
+++ b/Cookie Attack/cookie.md
@@ -1,6 +1,6 @@
-[ ] sensetive Data Stored in Cookies
+[ ] sensitive Data Stored in Cookies
```
-check if anf pii or other sensitive infromation stored in cookies this in fromation usually includes : email,sessionID, data of birth ,mobile address ,ssn ,etc.
+check if anf pii or other sensitive information stored in cookies this information usually includes : email, sessionID, data of birth, mobile address, ssn, etc.
```
[ ] cookie length violation
@@ -24,12 +24,12 @@ some times it can be used to escalate privilege or if the application malfunctio
[ ] Mass Assignment
```
-similar to the parameter poolution, however in this , attacker tried to inject multiple user ID in same user_id parameter
+similar to the parameter pollution, however in this , attacker tried to inject multiple user ID in same user_id parameter
```
[ ] Damial of service - cookie Bomb
```
-forcing the server to process cookies larger than the resricted cookie size defined by the server may cause danial of service attack
+forcing the server to process cookies larger than the restricted cookie size defined by the server may cause danial of service attack
https://target.com/index.php?param1=xxxxxxxxxxxxxxxxxxxxxx
@@ -64,7 +64,7 @@ sqlmap -u "" --cookie="" -p "" --dbs
- the application is not retrieve data it is not vulnerability
```
-[ ] Authentication Bybass (cookie are not avalid)
+[ ] Authentication Bybass (cookie are not valid)
```
try accessing a protected resource by removing cookies
```
@@ -77,9 +77,9 @@ change the "name" value to "xss payload"
[ ] Insufficient session management
```
-1. session doesnt expire on logout
-2. long session expirey
-3. session doesnt expire on password reset /change
+1. session doesn't expire on logout
+2. long session expired
+3. session doesn't expire on password reset /change
4. concurrent session
```
@@ -87,7 +87,7 @@ change the "name" value to "xss payload"
- horizontal
```
1.assume that the application uses mult-organization models
-2.cookie are used wich organized user can access
+2.cookie are used which organized user can access
3.alter the cookie in order to access some other application
```
- vertical
@@ -98,12 +98,12 @@ change the "name" value to "xss payload"
- similarly
```
1.try if the flower users cookies can be used to access higher users function
-2.try if the cookie of organization 1 user van be used to access function of organizaion 2
+2.try if the cookie of organization 1 user van be used to access function of organization 2
```
-[ ] sesion puzzing
+[ ] session puzzling
```
-when an application utilzes the same session variable for multiple purposes , this can abused by an attacker to trick the application and perform the action as an authenticated or privileged user
+when an application utilizes the same session variable for multiple purposes , this can abused by an attacker to trick the application and perform the action as an authenticated or privileged user
```
@@ -157,7 +157,7 @@ str("-"*50),__import__('os').popen('COMMAND').read()
```
[ ] Insecure Deserialization
```
- if cookis are using serialized Objects ,try performing insecure Deserialization Checks.
+ if cookies are using serialized Objects ,try performing insecure Deserialization Checks.
portswigger laps
```
[ ] Electronic Code Book
diff --git a/File Upload/File Upload.md b/File Upload/File Upload.md
index 0da15b1..6582f18 100644
--- a/File Upload/File Upload.md
+++ b/File Upload/File Upload.md
@@ -2,7 +2,7 @@
In upload file feature, for example upload photo profile feature
## How to exploit
-read also this pdf it conayin a many of ideas
+read also this pdf it contain a many of ideas
1-https://github.com/Az0x7/vulnerability-Checklist/blob/main/File%20Upload/File-Upload.pdf by`0xAwali`
2-https://github.com/Az0x7/vulnerability-Checklist/blob/main/File%20Upload/Slides(1).pdf by`ebrahim hegazy`
@@ -60,7 +60,7 @@ Content-Type: image/gif
GIF89a;
```
-And dont forget to change the content-type to image/gif
+And don't forget to change the content-type to image/gif
4. Bypass content length validation, it can be bypassed using small payload
```
diff --git a/IDOR Vulnerability/idor.md b/IDOR Vulnerability/idor.md
index d958e7c..f365a1e 100644
--- a/IDOR Vulnerability/idor.md
+++ b/IDOR Vulnerability/idor.md
@@ -7,13 +7,13 @@ Base Steps:
```
[ ]
-[ ] image profilie
-[ ] delete acount
-[ ] infromation acount
+[ ] image profile
+[ ] delete account
+[ ] information account
[ ] VIEW & DELETE & Create api_key
[ ] allows to read any comment
[ ] change price
-[ ] chnage the coin from dollar to uaro
+[ ] change the coin from dollar to uaro
[ ] Try decode the ID, if the ID encoded using md5,base64,etc
```html
GET /GetUser/dmljdGltQG1haWwuY29t
@@ -74,7 +74,7 @@ GET /api/users/*
[ ] Never ignore encoded/hashed ID
```bash
-for hashed ID ,create multiple accounts and understand the ppattern application users to allot an iD
+for hashed ID ,create multiple accounts and understand the pattern application users to allot an iD
```
[ ] Google Dorking/public form
@@ -87,7 +87,7 @@ search all the endpoints having ID which the search engine may have already inde
use tools like arjun , paramminer
```
-[ ] Bypass object level authorization Add parameter onto the endpoit if not present by defualt
+[ ] Bypass object level authorization Add parameter onto the endpoint if not present by default
```bash
GET /api_v1/messages ->200
GET /api_v1/messages?user_id=victim_uuid ->200
@@ -125,7 +125,7 @@ GET /user_data/2341.txt -> 200
{"userid":{"userid":123}} ->200
```
-[ ] Test an outdata API version
+[ ] Test an outdated API version
```bash
GET /v3/users_data/1234 ->401
GET /v1/users_data/1234 ->200
diff --git a/RXSS/xss.md b/RXSS/xss.md
index 8ff286a..f437174 100644
--- a/RXSS/xss.md
+++ b/RXSS/xss.md
@@ -42,7 +42,7 @@ https://github.com/yavolo/eventlistener-xss-recon
- use your payloads :``
-- your report if not acceptd
+- your report if not accepted
- cat host.txt | crawler | tee -a endpoint.txt & cat host.txt | waybackurl | tee -a endpoint.txt
@@ -71,7 +71,7 @@ XSS.yaml : gist.githubusercontent.com/raoufmaklouf/7…
### third method
```
-irst of all, I enumerated all subdomains of the target.com with [subfinder](https://github.com/projectdiscovery/subfinder) and
+First of all, I enumerated all subdomains of the target.com with [subfinder](https://github.com/projectdiscovery/subfinder) and
then subdomain brute-forcing with [knockpy](https://github.com/guelfoweb/knock),
then I used [waybackurls](https://github.com/tomnomnom/waybackurls) to get parameters to test for XSS and then I used [gf](https://github.com/tomnomnom/gf) to get possible XSS parameters.
after sorting the URLs I used [KXSS](https://github.com/Emoe/kxss)
diff --git a/exif Vulnerability/exif_geo.md b/exif Vulnerability/exif_geo.md
index 8bf3d6e..5c7a1a8 100644
--- a/exif Vulnerability/exif_geo.md
+++ b/exif Vulnerability/exif_geo.md
@@ -4,12 +4,12 @@ When a user uploads an image in example.com, the uploaded image’s EXIF Geoloca
Steps to reproduce:
1. Got to Github ( https://github.com/ianare/exif-samples/tree/master/jpg)
-2. There are lot of images having resolutions (i.e 1280 * 720 ) , and also whith different MB’s .
+2. There are lot of images having resolutions (i.e 1280 * 720 ) , and also with different MB’s .
3. Go to Upload option on the website
4. Upload the image
-5. see the path of uploaded image ( Either by right click on image then copy image address OR right click, inspect the image, the URL will come in the inspect , edit it as html )
+5. see the path of uploaded image ( Either by right click on image then copy image address OR right click, inspect the image, the URL will come in the inspect, edit it as html )
6. open it (http://exif.regex.info/exif.cgi)
-7. See wheather is that still showing exif data , if it is then Report it.
+7. See weather is that still showing exif data, if it is then Report it.
# Reports (Hackerone)
diff --git a/register vulnerability/register.md b/register vulnerability/register.md
index b8dec7a..7d229c9 100644
--- a/register vulnerability/register.md
+++ b/register vulnerability/register.md
@@ -4,8 +4,8 @@
1. create first account in application with email say abc@gmail.com and password
2. logout of the account and create another account with same email and different password
3. you can even try to change email case like from abc2gmail.com to Abc@gmail.com
-4. finish the creation proccess and see that it succceed
-5. now go back and try to login with email and the new password ,you are seccess logged in
+4. finish the creation process and see that it succeed
+5. now go back and try to login with email and the new password, you are success logged in
```
[ ] Dos at name /password field in sign up page
```
@@ -16,8 +16,8 @@
[ ] no rate limit at signup page
```
-1. enter your details in signuo form and submit the form
-2. capture the signuo request and send it to intruder
+1. enter your details in signup form and submit the form
+2. capture the signup request and send it to intruder
3. add $$ to email parameter
4. in the payload add different email address
5. fire up intruder and check whether it return 200 ok
@@ -33,11 +33,11 @@ xss can be test in any of parameter
[ ] email varification can be easily bypassed with following method
```
-1. response manipulation change the bad respone with good one like false to true
+1. response manipulation change the bad response with good one like false to true
2. status code manipulation change the 403 to 200
```
-[ ] weak register implemntation
+[ ] weak register implementation
```
1. check whether the allows disposable email addresses
2. register form on non-https page
@@ -45,7 +45,7 @@ xss can be test in any of parameter
[ ] weak password policy
```
-1. check whether application allows easily guessable passsword like 123456
+1. check whether application allows easily guessable password like 123456
2. check if you can use username same as the email address
3. check if can use password same as that email address
4. improperly implemented password recovery link functionality
@@ -53,5 +53,5 @@ xss can be test in any of parameter
[ ] Path Overwrite
```
-If an application allows users to check their profile with direct path /{username} always try to signup with system reserved file names, such as index.php, signup.php, login.php, etc. In some cases what happens here is, when you signup with username: index.php, now upon visiting target.tld/index.php, your profile will comeup and occupy the index.php page of an application. Similarly, if an attacker is able to signup with username login.php, Imagine login page getting takeovered.
+If an application allows users to check their profile with direct path /{username} always try to signup with system reserved file names, such as index.php, signup.php, login.php, etc. In some cases what happens here is, when you signup with username: index.php, now upon visiting target.tld/index.php, your profile will come up and occupy the index.php page of an application. Similarly, if an attacker is able to signup with username login.php, Imagine login page getting take overed.
```
diff --git a/tips from twitter /tips_twitter.md b/tips from twitter/tips_twitter.md
similarity index 96%
rename from tips from twitter /tips_twitter.md
rename to tips from twitter/tips_twitter.md
index c5852b9..c5cce6f 100644
--- a/tips from twitter /tips_twitter.md
+++ b/tips from twitter/tips_twitter.md
@@ -35,7 +35,7 @@ Would be interested to know if this is target specific or other CloudFront websi
```
1 : Get all the URL from wayback / Gau
2 : Filter out the js file using httpx
-3 : Check Mnauly all the js file or you can use nuclei template or used @trufflesec chrome extension
+3 : Check Manually all the js file or you can use nuclei template or used @trufflesec chrome extension
```
[ ] Tip 5
```
@@ -237,9 +237,9 @@ URL that causes the cookie length to exceed request header limits for all reques
[ ] Tip 25
xss via jwt
```
-1. Make a jwt token and insert a xss paylaod.
+1. Make a jwt token and insert a xss payload.
2. The final url is like url/dest?jwt=vulnerable-jwt-token.
-(jwt= paramter was decoding the provided jwt token and show's it into the page).
+(jwt= parameter was decoding the provided jwt token and show's it into the page).
```
[ ] Tip 26
@@ -267,7 +267,7 @@ https://twitter.com/Pwn2arn/status/1609146484263641089
[ ] Tip 27
Easy P1 upside_down_face
```
-1: Collect all the Js files by using the developer tool on mozila
+1: Collect all the Js files by using the developer tool on mozilla
2: Run Link Finder Tool on that JS files which you got from dev tool or use Js Miner tool
3: Now check manually sensitive keyword js file
```
@@ -277,7 +277,7 @@ Tips for my last P1 :
```
1 - Found dev portal for developing require Basic Auth
2 - search in GitHub "domain" docker
-3- found a user try to pull the privite repository and passing the username:pass
+3- found a user try to pull the private repository and passing the username:pass
4 - Decode Base64 Basic Auth
5 - Logged in and full access on all Prod
@@ -293,7 +293,7 @@ Github leak for Aws,jira,okta etc
```
[ ] Tip 30
-soucremap js
+sourcemap js
```
https://blog.prodefense.io/little-bug-big-impact-25k-bounty-9e47773f959f
https://github.com/rarecoil/unwebpack-sourcemap
@@ -322,4 +322,3 @@ www.hackerone.com/reports/12345. Rails applications commonly use integer IDs, so
insecure direct object reference vulnerabilities because this vulnerability type is easy for developers to overlook.
```
-