Notes from "How to Crush Bug Bounties in the first 12 Months" by @hakluke
๐ฅ16๐จโ๐ป1๐ฟ1
Guy's finally i made Linuxbomber.
A tool that exploit Linux environment and able to damage permanently any Linux OS even some case's it exploit hardware.
Let me know can i upload the tool in my GitHub?
Made just for educational purpose only
A tool that exploit Linux environment and able to damage permanently any Linux OS even some case's it exploit hardware.
Let me know can i upload the tool in my GitHub?
Made just for educational purpose only
๐ฅ21๐ฑ5๐4โค2๐2๐ค1
One of my student in very 1st day of the Advanced Web Pentesing session, just performed a basic automation scan and got sensitive information disclosure.
โ If you want to enroll and learn from very beginner level then DM us on https://wa.link/brutsecurity
โ If you want to enroll and learn from very beginner level then DM us on https://wa.link/brutsecurity
๐4
๐จ CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability
๐ฅPoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
๐Dorks
HUNTER : https://product.name="Jenkins"
๐ฐRefer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
https://github.com/advisories/GHSA-qcj2-99cg-mppf
๐ฅPoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
๐Dorks
HUNTER : https://product.name="Jenkins"
๐ฐRefer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
https://github.com/advisories/GHSA-qcj2-99cg-mppf
โค8
DomLoggerpp by @kevin_mizu is a simple web extension that helps you identify JavaScript DOM sinks that could lead to DOM-based vulnerabilities (such as XSS)! ๐
Check it out! ๐
๐ https://github.com/kevin-mizu/domloggerpp
Check it out! ๐
๐ https://github.com/kevin-mizu/domloggerpp
๐ฅ7๐1
This media is not supported in your browser
VIEW IN TELEGRAM
How to manually check for CL.TE Request Smuggling Vulnerabilities:
1๏ธโฃ See if a GET request accepts POST
2๏ธโฃ See if it accepts HTTP/1
3๏ธโฃ Disable "Update Content-Length"
4๏ธโฃ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5๏ธโฃ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
1๏ธโฃ See if a GET request accepts POST
2๏ธโฃ See if it accepts HTTP/1
3๏ธโฃ Disable "Update Content-Length"
4๏ธโฃ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5๏ธโฃ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
๐19โค8๐3๐ณ1
CVE-2025-7384: Critical PHP Object Injection in WordPress Plugin
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
๐ Netlas: https://nt.ls/Be3g6
โน๏ธ Advisory: https://nt.ls/RoI8t
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
๐ Netlas: https://nt.ls/Be3g6
โน๏ธ Advisory: https://nt.ls/RoI8t
๐5
๐ฅ Exclusive ZoomEye Offer for Brut Security Members
โ ZoomEye is giving Brut Security members 5% off any membership plan โ monthly or yearly โ through our special link.
๐ How it works:
โฆ Click our link: https://www.zoomeye.ai/pricing?aff=INVITE-2SW2-FC96
โฆ Get instant 5% discount on your purchase
๐ก Perfect for bug bounty hunters, pentesters, and researchers who rely on fast, deep internet asset scanning.
#bugbounty #pentesting #osint #cybersecurity #tools
โ ZoomEye is giving Brut Security members 5% off any membership plan โ monthly or yearly โ through our special link.
๐ How it works:
โฆ Click our link: https://www.zoomeye.ai/pricing?aff=INVITE-2SW2-FC96
โฆ Get instant 5% discount on your purchase
๐ก Perfect for bug bounty hunters, pentesters, and researchers who rely on fast, deep internet asset scanning.
#bugbounty #pentesting #osint #cybersecurity #tools
ZoomEye
Search Engine of Internet-Connected Devices. Create a Free Account to Get Started.
๐ฅ3โค1
Brut Security pinned ยซ๐ฅ Exclusive ZoomEye Offer for Brut Security Members โ
ZoomEye is giving Brut Security members 5% off any membership plan โ monthly or yearly โ through our special link. ๐ How it works: โฆ Click our link: https://www.zoomeye.ai/pricing?aff=INVITE-2SW2-FC96โฆยป
Hey Hunter's,
DarkShadow here back again, just look at this...
IP Abuse Reports for 127.0.0.1
abuseipdb.com/check/127.0.0.1
DarkShadow here back again, just look at this...
IP Abuse Reports for 127.0.0.1
abuseipdb.com/check/127.0.0.1
๐6โค1๐ค1๐ซก1
Hey Hunter's,
DarkShadow here back again, just look at this crazy one! I see someone find this crazy DOS๐ฅ
Show your love Guy's โค๏ธ
DarkShadow here back again, just look at this crazy one! I see someone find this crazy DOS๐ฅ
Many GraphQL endpoints allow complex queries without auth. If protections like depth limits are missing.
Server will try to resolve it = CPU spike or crash (DOS).
Show your love Guy's โค๏ธ
โค11๐ฟ9๐ค2
โ
To detect Credit & Debit Card Number Leakage use this Nuclei Template - https://github.com/projectdiscovery/nuclei-templates/blob/main/http/miscellaneous/credit-card-number-detect.yaml
1๐9๐4โค1
Hey Hunter's,
DarkShadow here back again, just dropping a unique XSS method which execute in response header.
XSS in Facebook Response header๐ฅ
show your love Guy's โค๏ธ๐ฅ
#bugbountytips #xss
DarkShadow here back again, just dropping a unique XSS method which execute in response header.
XSS in Facebook Response header๐ฅ
Tip: Always check XSS in redirection parameters.
show your love Guy's โค๏ธ๐ฅ
#bugbountytips #xss
โค18๐ฅ6๐5๐ฟ3