โก๏ธGoogle Dorks - Vulnerable Parameters โก๏ธ
โ๏ธXSS prone parameters:
inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example[.]com
โ๏ธOpen Redirect prone parameters
inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example[.]com
โ๏ธSQLi Prone Parameters
inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example[.]com
โ๏ธSSRF Prone Parameters
inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example[.]com
โ๏ธLFI Prone Parameters
inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example[.]com
โ๏ธRCE Prone Parameters
inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example[.]com
๐ Credit- Mike Takashi
โ๏ธXSS prone parameters:
inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example[.]com
โ๏ธOpen Redirect prone parameters
inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example[.]com
โ๏ธSQLi Prone Parameters
inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example[.]com
โ๏ธSSRF Prone Parameters
inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example[.]com
โ๏ธLFI Prone Parameters
inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example[.]com
โ๏ธRCE Prone Parameters
inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example[.]com
๐ Credit- Mike Takashi
๐13โค4๐ฅ4
Media is too big
VIEW IN TELEGRAM
๐Hacking Kia: Remotely Controlling Cars With Just a License PlateNew writeup from Specters and Sam Curry: They were finally allowed to disclose a vulnerability reported to Kia that could have allowed an attacker to remotely control nearly all vehicles made after 2013, using only the license plate.
Full Blog: https://samcurry.net/hacking-kia
Full Blog: https://samcurry.net/hacking-kia
๐3โค2
https://leak.sx
https://scylla.sh
https://intelx.io
https://4iq.com
https://leaked.site
https://hashes.org
https://leakcheck.io
https://vigilante.pw
https://leakcheck.net
https://weleakinfo.to
https://leakcorp.com
https://leakpeek.com
https://rslookup.com
https://snusbase.com
https://ghostproject.fr
https://leakedsource.ru
https://leak-lookup.com
https://nuclearleaks.com
https://private-base.info
https://haveibeensold.app
https://breachchecker.com
https://dehashed.com
https://scatteredsecrets.com
https://haveibeenpwned.com
https://haveibeenpwned.com
https://services.normshield.com
https://joe.black/leakengine.html
Please open Telegram to view this post
VIEW IN TELEGRAM
leak.sx
Leak.sx | Homepage | best source for hacking tools.
Leak.sx - The best leaked accounts website, Homepage, free combo tool, ai image generator, roblox free roblox accounts, free membership for netflix,Minecraft account generator.
๐7โค4๐ฅ3
Methods that no one tells u to find origin ip addresses!!!???
https://forums.cybershieldctf.com/search.php?action=results&sid=3e360b4b477968060184d73068b9f841
#bugbounty #bugbountytips
https://forums.cybershieldctf.com/search.php?action=results&sid=3e360b4b477968060184d73068b9f841
#bugbounty #bugbountytips
โค4๐1๐ฅ1
Brut Security
Methods that no one tells u to find origin ip addresses!!!??? https://forums.cybershieldctf.com/search.php?action=results&sid=3e360b4b477968060184d73068b9f841 #bugbounty #bugbountytips
Usually CI CD integrations are not protected by wafs and reverse proxies, so if you find any small organization's gitlab, jenkin instance etc you'll often find configurations files (from wayback machine, previous commit too +a lot of ways) , they often leak some ip addresses
๐ฅ3โค2๐1
โก ffufai is an AI-powered wrapper for the popular web fuzzer ffuf. It automatically suggests file extensions for fuzzing based on the target URL and its headers, using either OpenAI's GPT or Claude AI models.
๐https://github.com/jthack/ffufai
๐https://github.com/jthack/ffufai
๐9
Authorization bypass due to cache misconfiguration???
https://forums.cybershieldctf.com/search.php?action=getnew
#bugbounty #bugbountytips
https://forums.cybershieldctf.com/search.php?action=getnew
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ6๐3๐ฟ3โค1
Forwarded from Netlas.io
๐ฅ Improved Interaction with Private Scanner ๐ฅ
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! ๐พ
๐ Read about other changes: https://docs.netlas.io/changelog/
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! ๐พ
๐ Read about other changes: https://docs.netlas.io/changelog/
๐2
Worlds fastest unlimited single and bulk subdomain finder! Use desktop!
https://cyfare.net/apps/subfind/
https://cyfare.net/apps/subfind/
๐ฅ9
โค4