srikanthlamani

 ' or 1=1 -- '  order by 3-- ' union select null,null--

   1.Find Subdomains 2.Check CNAmE records of these subdomains check for Subdomain takeover use waybackurls for urls 3.use mass scan for port scanning 4.do github recon 5.on webapp 6.Check for CORS misconfiguration 7.check for email header injection on reset password function 8.check for smtp and host header injection 9.check for ifrme(for clickjacking) 10.Check for improper access control and parameter tampering 11.check for burp history for finding endpoints 12.check for csrf 13.use arjun for finding endpoints 14.check for ssrf parameters 15.check for xss and ssti 16.check for cryptography in reset password token 17.check for unicode injection in email parameter 18.check for bypassing rate limit headers: x-originating-ip:ip x-forwarded-for:ip x-remote-ip:ip x-remote-addr:ip x-client-ip:ip x-forwarded-host:ip 19.directory brute force 20.check for http request smuggling 21.check for open redirect through wayback url 22.check for social-signOn Bypass 24.check for state paramete...