Hey Hunter's,
DarkShadow is hare back again!
Well this is Not releted any POC or Method, This is a burp suite Ai extension which is really really awesome. So don't forget to try it 💀
https://github.com/six2dez/burp-ai-agent
#bugbountytip #tool
DarkShadow is hare back again!
Well this is Not releted any POC or Method, This is a burp suite Ai extension which is really really awesome. So don't forget to try it 💀
https://github.com/six2dez/burp-ai-agent
#bugbountytip #tool
❤19
Xnip2026-02-05_00-59-55.png
643.3 KB
Hey Hunter’s,
DarkShadow is here back again, dropping a SSFR bypass method.
if you ever test SSRF, and there any parameter passing url with a fixed endpoint then try like:
burpcollab.com/anything/endpoint/../../
#ssrf #bugbountytips
DarkShadow is here back again, dropping a SSFR bypass method.
if you ever test SSRF, and there any parameter passing url with a fixed endpoint then try like:
burpcollab.com/anything/endpoint/../../
#ssrf #bugbountytips
❤6🗿3
Media is too big
VIEW IN TELEGRAM
#AD
⭕️ WordPress Testing Tool + Auto Upload (2026)
• Extracts usernames using multiple methods
• Tests ~395 passwords per user with smart patterns
• Intelligent WP detection with multi-login support
• WAF-aware headers
• 100 concurrent threads for fast scanning
• Multi-language support
⚡️ Covers one site completely before moving to the next for maximum results.
🐶 DM: @Mm_fit
⚠️ Limited access for 3 users only
Channel: https://t.me/cve0day
#AD
⭕️ WordPress Testing Tool + Auto Upload (2026)
• Extracts usernames using multiple methods
• Tests ~395 passwords per user with smart patterns
• Intelligent WP detection with multi-login support
• WAF-aware headers
• 100 concurrent threads for fast scanning
• Multi-language support
⚡️ Covers one site completely before moving to the next for maximum results.
🐶 DM: @Mm_fit
⚠️ Limited access for 3 users only
Channel: https://t.me/cve0day
#AD
1🔥9❤4👏3
Hey Hunter's,
DarkShadow is here back again!
OpenCode RCE POC (CVE-2026-22182)
in this CVE the interesting part is, you can execute arbitrary command on the Ai agent but not using any traditional prompting just pure command injection in json💀
So guy's if you really enjoy to read POCs then show your love in react ❤️
#bugbountytips #rce #cve
DarkShadow is here back again!
OpenCode RCE POC (CVE-2026-22182)
in this CVE the interesting part is, you can execute arbitrary command on the Ai agent but not using any traditional prompting just pure command injection in json💀
So guy's if you really enjoy to read POCs then show your love in react ❤️
#bugbountytips #rce #cve
❤11🔥8
This media is not supported in your browser
VIEW IN TELEGRAM
Hey Hunter’s,
DarkShadow is here back again!
Laravel-livewire RCE (CVE-2025-54068) - Video POC
Here is the Exploit Github repo: https://github.com/synacktiv/Livepyre
~credit synacktiv
#bugbountytips #rce
DarkShadow is here back again!
Laravel-livewire RCE (CVE-2025-54068) - Video POC
Here is the Exploit Github repo: https://github.com/synacktiv/Livepyre
~credit synacktiv
#bugbountytips #rce
🔥15❤2
🚨 CVE-2026-24770: RAGFlow RCE (Zip Slip) Weaponized PoC
Critical unauthenticated RCE in RAGFlow’s MinerUParser—attackers can execute arbitrary commands. 3,000+ instances are currently exposed.
🔍 Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-24770"
Dork: app="RAGFlow" 👉 ZoomEye Search Link https://www.zoomeye.ai/searchResult?q=dnVsLmN2ZT0iQ1ZFLTIwMjYtMjQ3NzAi&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260209
Critical unauthenticated RCE in RAGFlow’s MinerUParser—attackers can execute arbitrary commands. 3,000+ instances are currently exposed.
🔍 Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-24770"
Dork: app="RAGFlow" 👉 ZoomEye Search Link https://www.zoomeye.ai/searchResult?q=dnVsLmN2ZT0iQ1ZFLTIwMjYtMjQ3NzAi&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260209
❤4👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1
Brut Security pinned «👀 Please don’t forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the ⭐️ to show your support. Thanks!»
This media is not supported in your browser
VIEW IN TELEGRAM
🛡️ CVE | Cyber Vulnerabilities Exchange
A professional channel focused on verified CVEs, critical vulnerabilities, exploit research, and technical security analysis.
What you’ll get:
• Newly disclosed vulnerabilities
• Exploit research and PoCs
• Technical breakdowns and mitigation insights
• Offensive and defensive security discussions
• Practical input for pentesters and security professionals
Clear, technical, and research-driven. No noise, no exaggeration.
⚠️ Shared for educational and security awareness purposes only.
Channel: https://t.me/cve0day
A professional channel focused on verified CVEs, critical vulnerabilities, exploit research, and technical security analysis.
What you’ll get:
• Newly disclosed vulnerabilities
• Exploit research and PoCs
• Technical breakdowns and mitigation insights
• Offensive and defensive security discussions
• Practical input for pentesters and security professionals
Clear, technical, and research-driven. No noise, no exaggeration.
⚠️ Shared for educational and security awareness purposes only.
Channel: https://t.me/cve0day
❤10
Please open Telegram to view this post
VIEW IN TELEGRAM
❤13
Brut Security pinned «👉 👉 👉 👉 Please don’t forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the ⭐️ to show your support. Thanks!😋 😋 😋 »
Hey Hunter's,
DarkShadow is here back again!
💀Blind Remote Code Execution in Cookies☠
NOTE:
–in some servers use sh as default not bash, so in your payload sh payloads are perfect.
–don't forget to check the cookies while you tested any webapp, because in some cases Cookies are intersect with bash process.
–Last but seriously important, Always use burp collab for blind testing...
So guy's if you really Enjoy to read my such methods then show your love ♥️
#bugbountytips #rce #darkshadow
DarkShadow is here back again!
💀Blind Remote Code Execution in Cookies☠
NOTE:
–in some servers use sh as default not bash, so in your payload sh payloads are perfect.
–don't forget to check the cookies while you tested any webapp, because in some cases Cookies are intersect with bash process.
–Last but seriously important, Always use burp collab for blind testing...
So guy's if you really Enjoy to read my such methods then show your love ♥️
#bugbountytips #rce #darkshadow
❤8🔥3👍1