Tired of switching tabs for OSINT and recon? Just join our Discord and type sudo help to unlock powerful tools in seconds!

✅ IP & Domain Lookup
✅ Email & Phone OSINT
✅ Subdomain Enumeration
✅ Reverse Image Search
✅ URL & Virus Scanners
✅ Temp Email, QR Tools, and more

🌟 You can create and play your own CTF in a minute , right inside Discord!

Try it out now — it’s fast, simple, and all in one chat.
🔗 https://discord.gg/u7uMFV833h

#ctf #bugbounty #osint #cybersecurity #discordtools #infosec

🫩

🚨 CVE-2025-61481 (CVSS 10.0) : Critical MikroTik Flaw Exposes Router Admin Credentials Over Unencrypted HTTP WebFig. It affects RouterOS v.7.14.2 and SwitchOS v.2.18.

👇Dork:
HUNTER : https://product.name="MikroTik RouterOS"||https://product.name="MikroTik SwOS"

CVE-2025-54236: Improper Input Validation in Magento (Adobe Commerce), 9.1 rating 🔥

A critical vulnerability disclosed in a recent advisory allows attackers to perform RCE. Exploitation attempts have already been recorded!

Search at Netlas.io:
👉 Link: https://nt.ls/Edck5
👉 Dork: tag.name:"magento" AND http.headers.server:"Apache"

Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-88.html

Hey Hunters,
DarkShadow here back again, dropping an

interesting XSS input sanitization bypass method.

You might have noticed that most websites currently use input sanitization by blocking certain tags and events, right!? Not really 😅

Okay, so first, have a look at some example tags that could trigger XSS:

script, img, a, iframe, object, video, audio, form, meta

The website blocks these keywords if they appear inside tags like < > or </ > and replaces them with nothing — basically, null or an empty string "".

So, if you try a payload like:

<script>alert(1)</script>

It will be replaced with:

alert(1)

Now, think a bit more deeply — what if you write a payload like this:

<script <img>> alert(1) </script </img>>

In this payload, look at the first part:

<script <img>>

Here, <img> is a full image tag, and it will definitely be removed by the sanitization filter. But what about <script<?

You can see the <script> tag isn’t written properly yet — it’s <script followed by <, so it doesn’t match the sanitization logic exactly.

Now, the interesting part is when the <img> tag gets removed from <script <img>>. After that, we’re left with <script>!

That means the transformation is like this:

<script <img>> → remove <img> → <script>

</script </img>> → remove </img> → </script>

And finally, we get a valid payload:

<script>alert(1)</script>

So guys, if you really like reading DarkShadow’s methodologies, show your LOVE.

And don’t forget to follow me 👉🏼 x.com/darkshadow2bd

#bugbountytips #xss

Extract all endpoints from a JS File and take your bug 🐞

- Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu

- Method two
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt

#infosec #cybersec #bugbountytips

Hey Hunter's,
Darkshadow here back again!

✨Authentication bypass method:

✅Steps:
1. Target..com/carbon/server-admin/memory_info.jsp = redirect to login page [301 status]

2. Target..com/carbon/server-admin/memory_info.jsp;.jsp = gives the page content without authentication [200 status]

Payload 👉🏼 ;.jsp

Tip:
1. Find sensitive path from js file which need authentication.
2. Try to find endpoints which end with a extension like: .php, .jsp, .shtml etc.
3. Simply Fuzz every endpoint with the same extension payload like: ;.jsp ;.php ;.shtml

If any of these gives 200ok check manually. And might it's works!

Don't forget to show your loves guy's ❤️

🚨CVE-2025-64095 (CVSS 10.0) : A Critical Flaw in DNN Platform Allows Unauthenticated Website Overwrite

⚡Dorks
HUNTER : https://product.name="DotNetNuke"

Grab all the GF Patterns from different Repositories at one shot !! 🔥

*Link* : https://github.com/thecybertix/GF-Patterns

Join Our New Group-
https://t.iss.one/avascret

NEW THINGS COMING SOON 🔜

⚡️Outdated but Helpful Some MySQL tricks to break some #WAFs out there. ⚔️ by @BRuteLogic

SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`

#infosec #cybersec #bugbountytips

Hey Hunter's,
Darkshadow here back again, and Just Look at the wild thing:

User 1 Password:
protecting_my_accounts_with_long_readable_passwords123

User 2 Password:
protecting_my_accounts_with_long_readable_passwords456


If the web application using bcrypt hash algorithm then both user can login each other using there different password!

Explanation:
In bcrypt hash, only use first 72 bytes to make hash. That means, after 72 bytes every bytes  (73th, 74th ...) are ignored!

So if the any users first 72 bytes are same  (protecting_my_accounts_with_long_readable_passwords), then no matter after what he put on the password they both can login each other account.

#bugbountytips