Ayrix Bytes – Telegram

Ayrix Bytes

948 subscribers

8.82K photos

209 links

Download Telegram

About

Blog

Apps

Platform

948 subscribers

ساده اما کاربردی.

جاهایی که با JS ریدایرکت می‌شید، این Event Listenerهارو فعال کنید.
خیلی وقتا خیلی سریع تر از سرچ کردن توی کد و.. میرسید بالاسر فانکشنی که داره ریدایرکت میکنه.

در نهایت هم ممکنه به DOM XSS برسید.

Dev Tools ➡️ Source ➡️ Event Listener Breakpoints

✍️وقتی دیباگر فعال شد دونه دونه Call Stack‌ها رو چک کنید.

Please open Telegram to view this post

VIEW IN TELEGRAM

👍27❤8🔥2

2.23K viewsAmirabbas Ataei, edited 08:54

آقا بی‌زحمت برید به مقاله امید رای بدید، دمتون گرم❤️
مقاله امید: OAuth Non-Happy Path to ATO

https://portswigger.net/polls/top-10-web-hacking-techniques-2024

👍19❤2👎2🔥1👀1

1.66K viewsAmirabbas Ataei, 17:09

اومدم بشینم کار کنم که به لطف مملکت خوبمون برق رفت.

چند روز پیش یه DOM-XSS زدم، فانکشن هایی که توی برنامه بود رو اینجا کپی پیست کردم که دقیقا همون باشه.

شما اگه حوصله و برق دارید روش کار کنید بزنیدش.

سورس کد

❤32👍4🔥2👌2🌭1

2.1K viewsAmirabbas Ataei, 06:04

https://github.com/BlackFan/content-type-research/tree/master

GitHub - BlackFan/content-type-research: Content-Type Research

Content-Type Research. Contribute to BlackFan/content-type-research development by creating an account on GitHub.

❤5

1.79K viewsAmirabbas Ataei, 16:12

https://portswigger.net/research/gotta-cache-em-all

https://nokline.github.io/bugbounty/2024/02/04/ChatGPT-ATO.html

PortSwigger Research

Gotta cache 'em all: bending the rules of web cache exploitation

Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads. However, as CDNs became more popular, new discrepancies between propriet

🔥5

2.13K viewsAmirabbas Ataei, 18:04

Forwarded from digMeMore (Yasho)

حاج امید و حاج امیر این مدت رنده کردن، این فقط یکی از باگاییه که اخیرا زدن، هدفشون هم یه تک وب‌سایت بود و کلی هم قدمت داشت، narrow recon شون واقعا قوی بود، تکنیک اکسپلویتشون هم خفن بود، کلا عشق کردم، خلاصه مبارکتون باشه ❤️

لینک توییت:
https://x.com/voorivex/status/1888283506821697614?s=46&t=t4dmnMSh7dUAGaohytE6mQ

👍20🔥9❤3

1.77K viewsAmirabbas Ataei, 18:36

https://x.com/amirmsafari/status/1890816005422686400?s=46

https://blog.voorivex.team/css-data-exfiltration-to-steal-oauth-token

🔥

🔥

🔥

🔥

🔥

Please open Telegram to view this post

VIEW IN TELEGRAM

CSS Data Exfiltration to Steal OAuth Token

A DOMPurify-allowed style tag chained with a Google Ads sandbox reflection turned a harmless HTMLi into an OAuth-token leak. $9,700 in bounties, full exploit code.

🔥12👍1

2.75K viewsAmirabbas Ataei, 13:39

سال نو همتون مبارک، امیدوارم سال جدیدتون پر تجربه‌های خوب و خوش باشه ❤️‍🔥

Please open Telegram to view this post

VIEW IN TELEGRAM

❤‍🔥55❤7🤝2👍1🔥1

2.41K viewsAmirabbas Ataei, 09:09

https://x.com/ImAyrix/status/1908537673364759030?t=-g-Vqsg2HnVlYyP2su2GkA&s=19

👍15🤝1

2.14K viewsAmirabbas Ataei, 15:13

Puny-code 0-Click-Account-Takeover
https://blog.voorivex.team/puny-code-0-click-account-takeover

Puny-Code, 0-Click Account Takeover

A parser disagreement between SMTP servers and MySQL casts puny-coded characters back to ASCII — turning a forgot-password flow into a 0-click account takeover.

❤8

2.13K viewsAmirAbbas Ataei, 19:52

https://x.com/AmirMSafari/status/1916915937661620711

https://x.com/slonser_/status/1933563335347249343
https://blog.slonser.info/posts/make-self-xss-great-again/

X (formerly Twitter)

slonser (@slonser_) on X

My new research
Escalation of Self-XSS to XSS using modern browser capabilities.
https://t.co/aYKhHAeCcq

❤7

2.01K viewsAmirAbbas Ataei, 10:41

https://x.com/YShahinzadeh/status/1954258737423614164

https://blog.voorivex.team/hacking-veeam-several-cves-and-30k-bounties

X (formerly Twitter)

Yasho (@YShahinzadeh) on X

I’m a web guy, so I usually don’t work on non-web applications since my mind doesn’t do binary. With the help of my friend for reverse engineering, I managed to uncover some CVEs. It was very challenging for me, hope you like it:

https://t.co/xRRCoO8JFP

❤18

1.69K viewsAmirAbbas Ataei, 06:59

https://blog.voorivex.team/0-click-mass-account-takeover-via-android-app-access-to-all-zendesk-tickets

❤10👎3⚡1👍1🔥1

1.6K viewsAmirAbbas Ataei, 19:48

https://x.com/amirmsafari/status/1979944122522738700?s=46&t=t4dmnMSh7dUAGaohytE6mQ

X (formerly Twitter)

AmirMohammad Safari (@AmirMSafari) on X

If a CSPT bug can't be exploited on the same origin, you can pivot it to another one. Cloudflare Image Transform can act as a cross‑origin gadget to reach more sensitive endpoints on different origins - you can read more about it here ;)

https://t.co/jOQOkpdHVJ

👍4

1.31K viewsAmirAbbas Ataei, 07:16

https://x.com/BourAbdelhadi/status/1992622964077179229?s=20

https://github.com/bscript/rep

X (formerly Twitter)

Bour Abdelhadi (@BourAbdelhadi) on X

Hey everyone! I’ve been building rep+, a lightweight HTTP Repeater inside Chrome DevTools. No proxy setup or certificates. Just open DevTools and start poking requests. It also has built-in AI for explanations and attack ideas. I’ll share one rep+ feature…

🔥6❤1

3.89K viewsAmirAbbas Ataei, 08:40

https://x.com/j0r1an/status/1967863046824771932

X (formerly Twitter)

Jorian (@J0R1AN) on X

While playing a challenge by @salvatoreabello, I found a pretty interesting way to exploit Dangling Markup with a strict CSP.
All you need is an <iframe>, <object> or <embed> set to about:blank, with a dangling name= attribute. This vulnerable page should…

👎5👍1

1.02K viewsAmirAbbas Ataei, 13:22

https://x.com/galnagli/status/1996675296959812065?s=46

X (formerly Twitter)

Nagli (@galnagli) on X

This is the most reliable public detection (at this time) to indicate whether a machine is actually exploitable to CVE-2025-55182 / React2Shell without invoking the RCE and limited FP's.

it triggers an internal error and validates the vulnerable version…

1.03K viewsAmirAbbas Ataei, 09:39

https://blog.voorivex.team/not-so-dirty-dancing-in-gis-sdk

DOM XSS to Account Takeover: Not-So-Dirty Dancing in GIS SDK

A character-strip filter on a login redirect, chained with the Google Identity Services SDK, escalated to a fully-automatic account takeover.

❤10

1.06K viewsAmirAbbas Ataei, 17:36

https://bugbountydaily.com/

Bug Bounty Daily

The ultimate reading list for bug bounty hunters. Discover curated articles and resources, track your progress, and stay ahead in cybersecurity.

❤7

3.42K viewsAmirAbbas Ataei, 13:07

Please open Telegram to view this post

VIEW IN TELEGRAM

10:16

پرایوت وردلیست:
https://x.com/ImAyrix/status/1998448300530479270

X (formerly Twitter)

Amirabbas Ataei (@ImAyrix) on X

For the past year, I've been using a private wordlist generated from actual bug bounty reports.

I grabbed disclosed report texts by simply appending .json to the report URLs (as shown below) and fed them into fallparams to mine parameters from the included…

❤17🔥3🤣2

3.76K viewsAmirAbbas Ataei, 17:43