Ayrix Bytes
@ayrixbytes
948 subscribers
8.82K photos
209 links
@ImAyrix
Download Telegram
About
Blog
Apps
Platform
Join
Ayrix Bytes
948 subscribers
Ayrix Bytes
خیلی وقتا حالشو نداشتم و به بقیه گفتم «خودتونو با بقیه مقایسه نکنید» اما این نظر واقعیم نبود آخرش یروز یجا می‌شینم کامل میگم چقدر موافق مقایسه کردن ام...
👍186
2.92K viewsAmirabbas Ataei
Ayrix Bytes
تازگیا وقتی میخوام از chatgpt سوال بپرسم دوتا سشن باز میکنم، تو یکیش بهش میگم فلان سوال رو دارم یا فلان چیزو میخوام یاد بگیرم بهترین پرامپت چیه واسش؟ جواب خودشو تو سشن دوم می‌فرستم واسش و نتیجه جالبه.
👍4415😈5🔥2🆒2
2.35K viewsAmirabbas Ataei
Ayrix Bytes
دوباره یدونه ازین باگا زدم که فقط دوست دارم بدونم برنامه نویس اون پشت چیکار کرده بود اصلا؟😐
Please open Telegram to view this post
VIEW IN TELEGRAM
21🔥22😁5🙉2❤‍🔥1
3.42K viewsAmirabbas Ataei
Ayrix Bytes
ساده اما کاربردی.

جاهایی که با JS ریدایرکت می‌شید، این Event Listenerهارو فعال کنید.
خیلی وقتا خیلی سریع تر از سرچ کردن توی کد و.. میرسید بالاسر فانکشنی که داره ریدایرکت میکنه.

در نهایت هم ممکنه به DOM XSS برسید.

Dev Tools ➡️ Source ➡️ Event Listener Breakpoints

✍️وقتی دیباگر فعال شد دونه دونه Call Stack‌ها رو چک کنید.
Please open Telegram to view this post
VIEW IN TELEGRAM
👍278🔥2
2.23K viewsAmirabbas Ataei, edited  
Ayrix Bytes
آقا بی‌زحمت برید به مقاله امید رای بدید، دمتون گرم❤️
مقاله امید: OAuth Non-Happy Path to ATO

https://portswigger.net/polls/top-10-web-hacking-techniques-2024
👍192👎2🔥1👀1
1.66K viewsAmirabbas Ataei
Ayrix Bytes
اومدم بشینم کار کنم که به لطف مملکت خوبمون برق رفت.

چند روز پیش یه DOM-XSS زدم، فانکشن هایی که توی برنامه بود رو اینجا کپی پیست کردم که دقیقا همون باشه.

شما اگه حوصله و برق دارید روش کار کنید بزنیدش.

سورس کد
32👍4🔥2👌2🌭1
2.1K viewsAmirabbas Ataei
Ayrix Bytes
https://github.com/BlackFan/content-type-research/tree/master
GitHub
GitHub - BlackFan/content-type-research: Content-Type Research
Content-Type Research. Contribute to BlackFan/content-type-research development by creating an account on GitHub.
5
1.79K viewsAmirabbas Ataei
Ayrix Bytes
https://portswigger.net/research/gotta-cache-em-all

https://nokline.github.io/bugbounty/2024/02/04/ChatGPT-ATO.html
PortSwigger Research
Gotta cache 'em all: bending the rules of web cache exploitation
Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads. However, as CDNs became more popular, new discrepancies between propriet
🔥5
2.13K viewsAmirabbas Ataei
Ayrix Bytes
Forwarded from digMeMore (Yasho)
حاج امید و حاج امیر این مدت رنده کردن، این فقط یکی از باگاییه که اخیرا زدن، هدفشون هم یه تک وب‌سایت بود و کلی هم قدمت داشت، narrow recon شون واقعا قوی بود، تکنیک اکسپلویتشون هم خفن بود، کلا عشق کردم، خلاصه مبارکتون باشه ❤️

لینک توییت:
https://x.com/voorivex/status/1888283506821697614?s=46&t=t4dmnMSh7dUAGaohytE6mQ
👍20🔥93
1.77K viewsAmirabbas Ataei
Ayrix Bytes
https://x.com/amirmsafari/status/1890816005422686400?s=46

https://blog.voorivex.team/css-data-exfiltration-to-steal-oauth-token

🔥🔥🔥🔥🔥
Please open Telegram to view this post
VIEW IN TELEGRAM
Voorivex Team
CSS Data Exfiltration to Steal OAuth Token
A DOMPurify-allowed style tag chained with a Google Ads sandbox reflection turned a harmless HTMLi into an OAuth-token leak. $9,700 in bounties, full exploit code.
🔥12👍1
2.75K viewsAmirabbas Ataei
Ayrix Bytes
سال نو همتون مبارک، امیدوارم سال جدیدتون پر تجربه‌های خوب و خوش باشه ❤️‍🔥
Please open Telegram to view this post
VIEW IN TELEGRAM
❤‍🔥557🤝2👍1🔥1
2.41K viewsAmirabbas Ataei
Ayrix Bytes
https://x.com/ImAyrix/status/1908537673364759030?t=-g-Vqsg2HnVlYyP2su2GkA&s=19
👍15🤝1
2.14K viewsAmirabbas Ataei
Ayrix Bytes
Puny-code 0-Click-Account-Takeover
https://blog.voorivex.team/puny-code-0-click-account-takeover
Voorivex Team
Puny-Code, 0-Click Account Takeover
A parser disagreement between SMTP servers and MySQL casts puny-coded characters back to ASCII — turning a forgot-password flow into a 0-click account takeover.
8
2.13K viewsAmirAbbas Ataei
Ayrix Bytes
https://x.com/AmirMSafari/status/1916915937661620711

https://x.com/slonser_/status/1933563335347249343
https://blog.slonser.info/posts/make-self-xss-great-again/
X (formerly Twitter)
slonser (@slonser_) on X
My new research
Escalation of Self-XSS to XSS using modern browser capabilities.
https://t.co/aYKhHAeCcq
7
2.01K viewsAmirAbbas Ataei
Ayrix Bytes
https://x.com/YShahinzadeh/status/1954258737423614164

https://blog.voorivex.team/hacking-veeam-several-cves-and-30k-bounties
X (formerly Twitter)
Yasho (@YShahinzadeh) on X
I’m a web guy, so I usually don’t work on non-web applications since my mind doesn’t do binary. With the help of my friend for reverse engineering, I managed to uncover some CVEs. It was very challenging for me, hope you like it:

https://t.co/xRRCoO8JFP
18
1.69K viewsAmirAbbas Ataei
Ayrix Bytes
https://blog.voorivex.team/0-click-mass-account-takeover-via-android-app-access-to-all-zendesk-tickets
10👎31👍1🔥1
1.6K viewsAmirAbbas Ataei
Ayrix Bytes
https://x.com/amirmsafari/status/1979944122522738700?s=46&t=t4dmnMSh7dUAGaohytE6mQ
X (formerly Twitter)
AmirMohammad Safari (@AmirMSafari) on X
If a CSPT bug can't be exploited on the same origin, you can pivot it to another one. Cloudflare Image Transform can act as a cross‑origin gadget to reach more sensitive endpoints on different origins - you can read more about it here ;)

https://t.co/jOQOkpdHVJ
👍4
1.31K viewsAmirAbbas Ataei
Ayrix Bytes
https://x.com/BourAbdelhadi/status/1992622964077179229?s=20

https://github.com/bscript/rep
X (formerly Twitter)
Bour Abdelhadi (@BourAbdelhadi) on X
Hey everyone! I’ve been building rep+, a lightweight HTTP Repeater inside Chrome DevTools. No proxy setup or certificates. Just open DevTools and start poking requests. It also has built-in AI for explanations and attack ideas. I’ll share one rep+ feature…
🔥61
3.89K viewsAmirAbbas Ataei
Ayrix Bytes
https://x.com/j0r1an/status/1967863046824771932
X (formerly Twitter)
Jorian (@J0R1AN) on X
While playing a challenge by @salvatoreabello, I found a pretty interesting way to exploit Dangling Markup with a strict CSP.
All you need is an <iframe>, <object> or <embed> set to about:blank, with a dangling name= attribute. This vulnerable page should…
👎5👍1
1.02K viewsAmirAbbas Ataei
Ayrix Bytes
https://x.com/galnagli/status/1996675296959812065?s=46
X (formerly Twitter)
Nagli (@galnagli) on X
This is the most reliable public detection (at this time) to indicate whether a machine is actually exploitable to CVE-2025-55182 / React2Shell without invoking the RCE and limited FP's.

it triggers an internal error and validates the vulnerable version…
1.03K viewsAmirAbbas Ataei
Ayrix Bytes
https://blog.voorivex.team/not-so-dirty-dancing-in-gis-sdk
Voorivex Team
DOM XSS to Account Takeover: Not-So-Dirty Dancing in GIS SDK
A character-strip filter on a login redirect, chained with the Google Identity Services SDK, escalated to a fully-automatic account takeover.
10
1.06K viewsAmirAbbas Ataei