⚡️ Welcome to CyberSecPlayground! ⚡️

Your go-to hub for all things cybersecurity. Whether you're a beginner, enthusiast, or professional, this channel is dedicated to exploring:
- Cybersecurity tips and tricks
- Latest news and updates
- Tutorials and guides
- Tools and resources for ethical hacking and defense

🔐 Stay informed, stay secure!
💬 Feel free to share your thoughts, questions, and ideas. Let's build a strong and safe digital community together.

🟡 Dont Forget to BOOST channel

Follow us for regular updates: @cybersecplayground

🔗 Other CSP medias:
➕ Github
➕ Medium
➕ Youtube
➕ WebSite

1️⃣ CyberSecPlayground Forever

Sql-injection payloads & cheatsheet

GoSearch - OSINT tool for searching people's digital footprint and leaked passwords across various social networks, written in Go.

✅https://github.com/ibnaleem/gosearch

#bug_bounty #bugbounty #cybersecurity

LFI Vulnerability Testing: Key Parameters

?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}

#infosec #cybersec

CVE-2024-12912&CVE-2024-13062
:Injection and execution vulnerabilities in certain ASUS router firmware series.
📊 1.2m+ Services are found on hunter.how yearly.
🔗Hunter Link: hunter.how/list?searchVal…
👇Query
HUNTER :/product.name="ASUS AiCloud"
FOFA : product="ASUS-AiCloud"
SHODAN : product:"ASUS AiCloud"
📰Refer:securityonline.info/cve-2024-12912…
asus.com/content/asus-p…
#ASUS #hunterhow #infosec #infosecurity #OSINT #Vulnerability

403 bypass methodology !

1- using space symbols
exmaple:
/admin -> 403
/admin%09 -> 200
/admin%20 -> 200

2- use traversal
Example:
/admin -> 403
/..;/admin -> 200

you can fuzz with traversal sometimes that's end with results

Example: /..;/FUZZ

#bugbountytips

CVE-2024-53704

Zero-day vulnerability in Sonicwall: An authentication bypass in SonicOS SSLVPN

📊 15.9K+ Services are found on hunter.how yearly.

🔗 Hunter Link: hunter.how/list?searchVal…
👇Query

HUNTER :product.name="SonicOS

FOFA : product="SonicOS"

📰 Refer:securityonline.info/sonicwall-issu…


#SONICWALL #hunterhow #infosec #infosecurity #OSINT #Vulnerability

LFI Payload
(Add to your custom list)

filePath=../../../../../../../../../../../../../../windows/system32/drivers/etc/hosts

#bugbountytips

Cors bypass:
Xdomain.com --> not allowed
XXdomain.com --> not allowed
XXXdomain.com --> not allowed
....
XXXXXXXdomain.com --> allowed!

a certain number of characters appended to the whitelisted domain name would bypass the CORS.
#cors #bypass #bugbountytips

Bypass-Four03 is a powerful bash tool designed to help testers bypass HTTP 403 forbidden errors through various path and header manipulation techniques. It also includes fuzzing for HTTP methods and protocol versions, making it a versatile addition to any web security researcher's toolkit.

⏬ Link : https://github.com/nazmul-ethi/Bypass-Four03

#bypass #bugbountytip #bugbountytips #bugbounty

⚠️ CVE-2025-0282

➡️ Ivanti Connect Secure zero-day exploited in the wild

📊 3.1M+ Services are found on hunter.how yearly.

🔗 link hunter: https://hunter.how/list?searchValue=product.name%3D%22Ivanti%20Connect%20Secure%22%7C%7Cproduct.name%3D%22Ivanti%20Policy%20Secure%22%7C%7Cproduct.name%3D%22Ivanti%20Neurons%20for%20ZTA%22

👇Query
HUNTER :product.name="Ivanti Connect Secure"product.name="Ivanti Policy Secure"product.name="Ivanti Neurons for ZTA"

📰 Refer:securityonline.info/zero-day-alert…

#hunterhow #infosec #infosecurity #OSINT #Vulnerability

NucleiFuzzer is a robust automation tool designed for efficiently detecting web application vulnerabilities, including XSS, SQLi, SSRF, and Open Redirects, leveraging advanced scanning and URL enumeration techniques

➡️ github.com/0xKayala/NucleiFuzzer

⚠️ CVE-2024-53677
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

LINK 👇
https://github.com/0xPThree/struts_cve-2024-53677

➡️ Admin-Panel-Dorks
Find The Admin Panel & SQL Injection Endpoints, Using Google Dorks !!!

https://github.com/0Xnanoboy/Admin-Panel-Dorks

#fuzzing #payload #infosec

⚠️ CVE-2024-50603 (CVSS 10)

Critical Command Injection Vulnerability in Aviatrix Controller

🔥PoC : github.com

📊 10K+ Services are found on hunter.how yearly.


👇Query
HUNTER :product.name="Aviatrix Controller"

FOFA : product="aVIaTrIX-Controller"
SHODAN : title="Aviatrix Controller"

📰Refer:securityonline.info/cve-2024-50603…


#hunterhow #infosec #infosecurity #OSINT #Vulnerability

🟣 Understanding Linux System Logs

System logs, often found in /var/log directory in Linux systems, are essential for monitoring and troubleshooting system issues. Here are short notes on some common system logs:

syslog: A general-purpose system log file that contains messages from various system services and applications. It's the main log file that many other logs feed into.

auth.log: Records authentication-related messages, including successful and failed login attempts, password changes, and user authentication events.

kern.log: Logs kernel-related messages, such as hardware errors, kernel module loading, and other kernel activities.

messages: A catch-all log file that records various system messages, including system startups, shutdowns, and general system-related events.

dmesg: Displays kernel ring buffer messages, providing a real-time view of kernel-related events and hardware detection during system boot-up.

cron: Logs messages related to cron jobs and scheduled tasks, including when they run, and any errors encountered during execution.
secure: Records security-related messages, including authentication attempts, privilege escalation, and other security-related events.

apache/access.log and apache/error.log: These logs are specific to the Apache web server. access.log records HTTP access logs, while error.log logs Apache server errors and warnings.

nginx/access.log and nginx/error.log: Similar to Apache logs, these logs are specific to the Nginx web server and record access and error events.

mysql/error.log: Records errors and warnings encountered by the MySQL database server, including startup errors, query failures, and database crashes.

These logs provide valuable insights into system performance, security events, and troubleshooting information. Regularly monitoring and analyzing these logs can help maintain system health and identify potential issues before they escalate

#infosec #learning #linux

CLOUDFLARE BYPASS [XSS] PAYLOAD: ⚔️

Add to your custom list

<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>

#infosec #cybersec #bugbountytips