Tips Notes
Tips Notes
4) CLICK EVERYTHING
7) CREATE TWO LIST OF ALL KNOWN OBJECT IDS FOR 2 DIFF. ACCOUNT
10) IF THE USERS HAVE ROLE= THEN TRY TO PUT ROLE=* OR ROLE= !0
35)
## SSRF
3)
## XXE
1) IDENTIFY XML INPUTS: LOOK FOR ANY FUNCTIONALITY THAT ACCEPTS XML INPUT,
SUCH AS- FILE UPLOAD, SOAP REQUESTS, REST APIS
2) IF XML DATA IS REFLECTED IN HTTP RESPONSE , TEST WITH BASIC XML ENTITY
11)
4) IF YOU CAN APPEND EXTRA VALUE TO `redirect_url=` YOU CAN TRY THIS
TECHNIQUE:
`https://www.example.com &@foo.evil-user.com#@evil.com/
1) FROM PASSWORD-RESET IT HAVE OPTIONS FOR RAW EMAIL VIEW , TRY DANGLING AT
HOST HEAER
19)
## AUTHENTICATION BYPASS:
## 2FA BYPASS
2)
## XXE INJECTION
3)
https://cardholder2.ebtedge-at.com/chp/index.html
https://codeconnect.fisglobal.com/app/home
https://cmethos.fisglobal.com/
https://cuinfomanagercert.fisglobal.com/register.aspx
https://dev-developer.fisglobal.com/
https://cardnav-coop-uat.efunds.com/mcs/signin.html#/signup
https://corporate.worldpay.com/
https://demo.access.worldpay.com/
https://dashboard.worldpay.com/
https://cuinfomanager.fisglobal.com/register.aspx
https://ddsms.worldpay.com/Consent/#/dashboard