If you liked the posts, tap the heart. That tiny click means a lot. β€οΈ
Please open Telegram to view this post
VIEW IN TELEGRAM
β€49π₯5
Please open Telegram to view this post
VIEW IN TELEGRAM
β€10
Hey Hunter's,
Darkshadow here back again!
β οΈNon-parameter LFIπ₯
if you try: target.com/../../../../../../etc/passwd
browser redirect to = target.com/etc/passwd
try url encoding:
target.com/..%2F..%2F..%2F..%2Fetc%2Fpasswd
now browser not redirect you to back directory.
#bugbountytips #fli
Darkshadow here back again!
β οΈNon-parameter LFIπ₯
if you try: target.com/../../../../../../etc/passwd
browser redirect to = target.com/etc/passwd
try url encoding:
target.com/..%2F..%2F..%2F..%2Fetc%2Fpasswd
now browser not redirect you to back directory.
#bugbountytips #fli
β€22π5πΏ5
Brut Security
https://github.com/moul/awesome-well-knownPlease open Telegram to view this post
VIEW IN TELEGRAM
π₯9β€5π1π1
Forwarded from Bug Bounty POC's
A quick way to find "all" paths for Next.js websites:
console.log(__BUILD_MANIFEST.sortedPages)
javascriptβ:console.log(__BUILD_MANIFEST.sortedPages.join('\n'));π₯19β€8
If you liked the posts, tap the heart. That tiny click means a lot. β€οΈ
Please open Telegram to view this post
VIEW IN TELEGRAM
β€30
Forwarded from Brut Security
Common Security Issues in FinanciallyOriented Web Applications
π₯6β€3
β‘Bug Bounty Tip π
β Level up your recon with GitHub's new regex search on cs.github.com! Hunt for hardcoded credentials like SSH & FTP connection strings.
π¨Example Dorks:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/
β Level up your recon with GitHub's new regex search on cs.github.com! Hunt for hardcoded credentials like SSH & FTP connection strings.
π¨Example Dorks:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/
β€21π1
If you liked the posts, tap the heart. That tiny click means a lot. β€οΈ
Please open Telegram to view this post
VIEW IN TELEGRAM
β€15
CVE-2025-42944, -42937, -42910, and other: Multiple vulnerabilities in SAP NetWeaver, 5.3 - 10.0 π₯π₯π₯
In its October bulletin, SAP published a list of 13 new vulnerabilities affecting NetWeaver, NetWeaver AS Java, and other products. These vulnerabilities include Insecure Deserialization, Information Disclosure, etc.
Search at Netlas.io:
π Link: https://nt.ls/aBHGg
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
In its October bulletin, SAP published a list of 13 new vulnerabilities affecting NetWeaver, NetWeaver AS Java, and other products. These vulnerabilities include Insecure Deserialization, Information Disclosure, etc.
Search at Netlas.io:
π Link: https://nt.ls/aBHGg
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
β€8π2
π¨ Critical zero-day tagged as CVE-2025-61882 (CVSS 9.8) affecting Oracle E-Business Suite
π₯³ Nuclei Vulnerability Detection Script:
https://github.com/rxerium/CVE-2025-61882
π’ This vulnerability is remotely exploitable without authentication.
https://github.com/rxerium/CVE-2025-61882
Please open Telegram to view this post
VIEW IN TELEGRAM
β€13π₯3
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯10β€3
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯12
Please open Telegram to view this post
VIEW IN TELEGRAM
β€9π₯4
Media is too big
VIEW IN TELEGRAM
Backdoor vs WAF π€£
As like the same think happens when WAF try to detect backdoor and the backdoor hide there self using encoding etc.π
As like the same think happens when WAF try to detect backdoor and the backdoor hide there self using encoding etc.π
π13β€2π2π€¨2
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯14π2β€1