Good morning hacker's,
Let's start morning to hack Reddit account 😉
Let's start morning to hack Reddit account 😉
😁11🫡2
Hey Hunters,
DarkShadow here, back again dropping an old-school Reddit XSS PoC for you to check out!
Let’s break it down and understand the logic behind the vulnerability.
Vulnerable Parameter: ?dest=
What does the dest parameter do?
The dest parameter is commonly used in login flows to redirect users after successful authentication. For example:
A user tries to access a protected page.
Reddit redirects them to:
/login/?dest=/protected/resource
After login, the site redirects them to the original dest URL.
Sounds fine, right? But here’s the twist...
✅ PoC Steps (Super Simple):
Boom💥. That’s it.
Just throw that URL and watch the magic happen. No need for complex encoding or obfuscation — just a mindset shift.
keep your payloads sharp and your eyes sharper.
Don’t forget to react, share, and follow me in X
👉🏼 DarkShadow
#bugbountytips #xss
DarkShadow here, back again dropping an old-school Reddit XSS PoC for you to check out!
Let’s break it down and understand the logic behind the vulnerability.
Vulnerable Parameter: ?dest=
What does the dest parameter do?
The dest parameter is commonly used in login flows to redirect users after successful authentication. For example:
A user tries to access a protected page.
Reddit redirects them to:
/login/?dest=/protected/resource
After login, the site redirects them to the original dest URL.
Sounds fine, right? But here’s the twist...
✅ PoC Steps (Super Simple):
https://www.reddit.com/login/?dest=javascript:alert(document.domain)
Boom💥. That’s it.
Just throw that URL and watch the magic happen. No need for complex encoding or obfuscation — just a mindset shift.
keep your payloads sharp and your eyes sharper.
Don’t forget to react, share, and follow me in X
👉🏼 DarkShadow
#bugbountytips #xss
👏18👍10🔥7🗿4❤2
Who are you in the world of cybersecurity?
Anonymous Poll
42%
Beginner — currently learning cybersecurity 👀
25%
Bug bounty hunter — actually reporting vulnerabilities 🔥
7%
Red teamer — simulating real-world attacks to improve defenses 💥
15%
Professional Pentester – Working in a cybersecurity job role ✨
11%
Black hat hacker — unauthorized hacking ☠️
🔥11🐳8❤1👍1
Hey Hunter's,
DarkShadow here back again, dropping a killer trick 🌀
Before testing file upload vulnerability, test the filename parameter.
Don't forget to show your love, and follow me 👉🏼 DarkShadow
DarkShadow here back again, dropping a killer trick 🌀
Before testing file upload vulnerability, test the filename parameter.
Don't forget to show your love, and follow me 👉🏼 DarkShadow
🔥22👍7❤3👏3🐳1👨💻1🫡1
https://github.com/NazaninNazari/Origin_ReconPlease open Telegram to view this post
VIEW IN TELEGRAM
👍19🔥10
Forwarded from Brut Security 2.0
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10
CVE-2025-22157: Improper Access Control in Atlassian Jira, 7.2 rating❗️
The vulnerability allows an authenticated attackers to escalate their privileges to administrator level or gain access to restricted workflows in Jira.
Search at Netlas.io:
👉 Link: https://nt.ls/lVuft
👉 Dork: http.meta:"content=\"JIRA\""
Vendor's advisory: https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html
The vulnerability allows an authenticated attackers to escalate their privileges to administrator level or gain access to restricted workflows in Jira.
Search at Netlas.io:
👉 Link: https://nt.ls/lVuft
👉 Dork: http.meta:"content=\"JIRA\""
Vendor's advisory: https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html
🔥6👍2
The heavy recon features? Still cooking.
🔗 addons.mozilla.org/addon/brutscope-extractor
Please open Telegram to view this post
VIEW IN TELEGRAM
❤24👍5
https://github.com/sw33tLie/uff
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍3
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥22❤10👍5
Why there is no reactions🙂 ?
Do let us know what content you guys looking for👀
Do let us know what content you guys looking for
Please open Telegram to view this post
VIEW IN TELEGRAM
❤34😢5👍3🤝3😁1
🔥 Tried something new! Just dropped a quick guide on rooting Android Emulator + setting up Burp Suite for HTTPS interception.
✅ Manual setup
✅ Magisk + rootAVD
✅ Trusted Burp cert
✅ Meme vibes included 😎
📖 Read here: https://medium.com/p/how-to-root-your-android-emulator-hack-yourself-with-burp-suite-manually-like-a-legend-ef4fbe28ceab
✅ Manual setup
✅ Magisk + rootAVD
✅ Trusted Burp cert
✅ Meme vibes included 😎
📖 Read here: https://medium.com/p/how-to-root-your-android-emulator-hack-yourself-with-burp-suite-manually-like-a-legend-ef4fbe28ceab
1🔥23❤8
Hey Hunters,
DarkShadow here back again—sorry for the delay, I’ve been a little sick. Please keep me in your prayers.
The story starts from a normal endpoint. When I clicked it, it redirected me somewhere else, and after resolving something, it returned the content. To check further what’s going on, I opened the request in Burp Suite. The endpoint performed a 302 redirect to an external domain, which was out of scope.
But here’s the twist—it was still showing the content from the original website I had requested. So I thought, maybe it’s working like a proxy?
Here comes the real mastery. Most bug hunters ignore this kind of behavior, but I decided to dig deeper. And yeah, I found a file: backup.zip
I instantly unzipped it and noticed a config/ folder, and inside it—a config.php file.
Guess what?
I found MySQL database credentials, and the most interesting part? The database URL was publicly accessible—not just localhost!
I tried connecting… and boom! I was successfully connected.
But wait—this domain is out of scope, right?
That’s what I thought too… until I started reading there massive database and was shocked—
It was the target's database, exposed through their proxy server, which had the hardcoded credentials in the config file.
At that moment, I was really excited.
Then I thought: What if I create a new user with admin role?
So I did exactly that—added an admin user to the database.
Now, on the target website, there’s a normal login page (not labeled as admin login), but I tried logging in with the new credentials and guess what?
BOOM! 💥
It logged me into the admin dashboard.
And just like that, I turned an out-of-scope target into a critical in-scope auth bypass vulnerability.✅
So guys, if you enjoyed this method, don’t forget to show some love—and please, pray for me, I’m really sick right now.
And don’t forget to follow me on X (Twitter): x.com/Darkshadow2bd
#bugbountytips #infosec
DarkShadow here back again—sorry for the delay, I’ve been a little sick. Please keep me in your prayers.
Anyway, just dropping a trick on how an out-of-scope target can lead to an in-scope critical vulnerability!
The story starts from a normal endpoint. When I clicked it, it redirected me somewhere else, and after resolving something, it returned the content. To check further what’s going on, I opened the request in Burp Suite. The endpoint performed a 302 redirect to an external domain, which was out of scope.
But here’s the twist—it was still showing the content from the original website I had requested. So I thought, maybe it’s working like a proxy?
Here comes the real mastery. Most bug hunters ignore this kind of behavior, but I decided to dig deeper. And yeah, I found a file: backup.zip
I instantly unzipped it and noticed a config/ folder, and inside it—a config.php file.
Guess what?
I found MySQL database credentials, and the most interesting part? The database URL was publicly accessible—not just localhost!
I tried connecting… and boom! I was successfully connected.
But wait—this domain is out of scope, right?
That’s what I thought too… until I started reading there massive database and was shocked—
It was the target's database, exposed through their proxy server, which had the hardcoded credentials in the config file.
At that moment, I was really excited.
Then I thought: What if I create a new user with admin role?
So I did exactly that—added an admin user to the database.
Now, on the target website, there’s a normal login page (not labeled as admin login), but I tried logging in with the new credentials and guess what?
BOOM! 💥
It logged me into the admin dashboard.
And just like that, I turned an out-of-scope target into a critical in-scope auth bypass vulnerability.✅
So guys, if you enjoyed this method, don’t forget to show some love—and please, pray for me, I’m really sick right now.
And don’t forget to follow me on X (Twitter): x.com/Darkshadow2bd
#bugbountytips #infosec
👏20❤10👍5😱4
https://powerade.com.s3.amazonaws.com/index.html
guy's let's see whos explaination is better!
what is the impact after takeover a in-scop target S3 bucket?🤔
guy's let's see whos explaination is better!
what is the impact after takeover a in-scop target S3 bucket?🤔
👍11🔥5❤1🗿1
Hey Hunter's,
DarkShadow here back again...
Dropping a new POC in WordPress plugin arbitrary administrator role user creation to broken authentication lead.
Before, don't forget to share and show your love guy's.
For more follow me on my X 👉🏼 DarkShadow
DarkShadow here back again...
Dropping a new POC in WordPress plugin arbitrary administrator role user creation to broken authentication lead.
Before, don't forget to share and show your love guy's.
For more follow me on my X 👉🏼 DarkShadow
❤24👍4👏3
Follow the Brut Security channel on WhatsApp: https://whatsapp.com/channel/0029VacUEmpCnA8014ZLnm1L
WhatsApp.com
Brut Security | WhatsApp Channel
Brut Security WhatsApp Channel. We offer Cyber Security Training, Penetration Testing Services and Bug Bounty Tips to protect businesses and individuals from cyber attacks. Feel Free to DM🛡️. 59 followers
🔥4
CVE-2025-47577: Unrestricted Upload of File with Dangerous Type in TI WooCommerce Wishlist Plugin, 10.0 rating 🔥🔥🔥
Failure to check the types of uploaded files allows attackers to upload a web shell to the server and perform RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/jYyss
👉 Dork: http.body:"plugins/ti-woocommerce-wishlist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-292-unauthenticated-arbitrary-file-upload
Failure to check the types of uploaded files allows attackers to upload a web shell to the server and perform RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/jYyss
👉 Dork: http.body:"plugins/ti-woocommerce-wishlist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-292-unauthenticated-arbitrary-file-upload
😱8❤4👍2
Want a free month of Discord Nitro? Here's your chance to win!
To enter:
1️⃣ Follow me on Medium: https://medium.com/@0xbrut
2️⃣ Send a screenshot as proof to my Telegram bot
That’s it!
Don’t miss out – support me and get a shot at Nitro!
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤4🔥2🗿2😢1