Brut Security pinned ยซ๐ฅ Exclusive ZoomEye Offer for Brut Security Members โ
ZoomEye is giving Brut Security members 5% off any membership plan โ monthly or yearly โ through our special link. ๐ How it works: โฆ Click our link: https://www.zoomeye.ai/pricing?aff=INVITE-2SW2-FC96โฆยป
Hey Hunter's,
DarkShadow here back again, just look at this...
IP Abuse Reports for 127.0.0.1
abuseipdb.com/check/127.0.0.1
DarkShadow here back again, just look at this...
IP Abuse Reports for 127.0.0.1
abuseipdb.com/check/127.0.0.1
๐6โค1๐ค1๐ซก1
Hey Hunter's,
DarkShadow here back again, just look at this crazy one! I see someone find this crazy DOS๐ฅ
Show your love Guy's โค๏ธ
DarkShadow here back again, just look at this crazy one! I see someone find this crazy DOS๐ฅ
Many GraphQL endpoints allow complex queries without auth. If protections like depth limits are missing.
Server will try to resolve it = CPU spike or crash (DOS).
Show your love Guy's โค๏ธ
โค11๐ฟ9๐ค2
โ
To detect Credit & Debit Card Number Leakage use this Nuclei Template - https://github.com/projectdiscovery/nuclei-templates/blob/main/http/miscellaneous/credit-card-number-detect.yaml
1๐9๐4โค1
Hey Hunter's,
DarkShadow here back again, just dropping a unique XSS method which execute in response header.
XSS in Facebook Response header๐ฅ
show your love Guy's โค๏ธ๐ฅ
#bugbountytips #xss
DarkShadow here back again, just dropping a unique XSS method which execute in response header.
XSS in Facebook Response header๐ฅ
Tip: Always check XSS in redirection parameters.
show your love Guy's โค๏ธ๐ฅ
#bugbountytips #xss
โค18๐ฅ6๐5๐ฟ3
Hey Hunter's,
DarkShadow here back again, just dropping a unique method to bypass waf for XSS ๐ฅ
Waf Blocked โ
javascript:alert()
Waf welcome โ
javascript:new Function
#bugbountytips #xss
DarkShadow here back again, just dropping a unique method to bypass waf for XSS ๐ฅ
Waf Blocked โ
javascript:alert()
Waf welcome โ
javascript:new Function
document.body.style.background="red"โ๏ธ If waf Blocked additional functions then try to change the background color๐ฅ
#bugbountytips #xss
๐10โค7๐4
Shodan.io $5 Lifetime Membership sale is live for the next 24 hours: account.shodan.io/billing/member
Go Grab it Now โจ
Go Grab it Now โจ
๐14๐1๐ฟ1
Brut Security pinned ยซShodan.io $5 Lifetime Membership sale is live for the next 24 hours: account.shodan.io/billing/member Go Grab it Now โจยป
Hunter's, DarkShadow here!
One liner for finding files
#bugbountytips
One liner for finding files
subfinder -d domain.com -silent | \
while read host; do \
for path in /config.js /config.json /app/config.js /settings.json /database.json /firebase.json /.env /.env.production /api_keys.json /credentials.json /secrets.json /google-services.json /package.json /package-lock.json /composer.json /pom.xml /docker-compose.yml /manifest.json /service-worker.js; do \
echo "$host$path"; \
done; \
done | httpx -mc 200#bugbountytips
โค29๐จโ๐ป3๐ฟ3๐ฅ2
Hunter's, the vulnerability was SSRF loading AWS cloud access.
and effects:
IITE โ Institute of Information Technology & Education: Access to confidential student information, assessment data, and internal records.
MUHS โ Maharashtra University of Health Sciences: Exposure of examination content, student records, and academic documents.
GSEB โ Gujarat Secondary & Higher Secondary Education Board: Exposure of sensitive student records, exam papers, hall tickets, and related educational data.
RGUHS โ Rajiv Gandhi University of Health Sciences: Access to examination papers, student records, and other confidential academic information.
And don't forget to follow me ๐๐ผ x.com/darkshadow2bd
#ssrf
and effects:
IITE โ Institute of Information Technology & Education: Access to confidential student information, assessment data, and internal records.
MUHS โ Maharashtra University of Health Sciences: Exposure of examination content, student records, and academic documents.
GSEB โ Gujarat Secondary & Higher Secondary Education Board: Exposure of sensitive student records, exam papers, hall tickets, and related educational data.
RGUHS โ Rajiv Gandhi University of Health Sciences: Access to examination papers, student records, and other confidential academic information.
i have a video POC wanna see how i was able exploit this bug!?
And don't forget to follow me ๐๐ผ x.com/darkshadow2bd
#ssrf
๐10๐3๐ซก2๐ฅ1
This media is not supported in your browser
VIEW IN TELEGRAM
โค9๐2๐1
โจList of Awesome Red Team / Red Teaming Resources. This list is for anyone wishing to learn about Red Teaming but do not have a starting point.
https://github.com/0xMrNiko/Awesome-Red-Teaming
https://github.com/0xMrNiko/Awesome-Red-Teaming
GitHub
GitHub - 0xMrNiko/Awesome-Red-Teaming: List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learnโฆ
List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. - 0xMrNiko/Awesome-Red-Teaming
โค8๐ค1
Hey Hunter's,
DarkShadow here back again, just look at this one crazy boolean SQLi.
Sometimes .json files load SQLi. So, it's not necessary that only php file parameters we hunt.
#sqli #bugbountytips
DarkShadow here back again, just look at this one crazy boolean SQLi.
Tip: never forget to test boolean SQLi even it is a .json file parameter
Sometimes .json files load SQLi. So, it's not necessary that only php file parameters we hunt.
#sqli #bugbountytips
๐ฅ12โค6๐3๐ฟ3๐ค2๐ณ1๐จโ๐ป1