#learn_bug_bounty search results
Bug Bounty Polyglot Payload qwe'" <x</{{[7*7]}} 🔸 qwe - easy to type & find in HTML 🔸 '" - JS/HTML breakout & SQLi 🔸 <x - HTML injection 🔸 </ - <script> breakout 🔸 {{[7*7]}} - CSTI (Angular/Mavo) P.S. <x is a non-existing tag. Useful when WAF/Sanitizer block popular tags
Bug Bounty Hint Test for SSRF by using the "file://" protocol. This can force the app to reveal the content of system files Example: file:///etc/passwd Use hostname "localhost" / "127.0.0.1" to check if the app is making outbound connections to itself for internal network scan
Uploaded all my Offensive Security & Reverse Engineering (OSRE) course labs (docx) to my repo found below. Most of them have very detailed instructions and should be great to get you started in Software Exploitation. 1/n #Offsec #SoftwareExploitation #RE exploitation.ashemery.com
'"`><img src=x>${{7*7}} Throw this into EVERY parameter you see :D '"` 🎉🎉🎉 SQLi testing '"` 🎉🎉🎉 JS inject '"`> 🎉🎉🎉 html tag attribute inject <img src=x> 🎉🎉🎉 html inject ${{7*7}} 🎉🎉🎉 CSTI If app uses your name later in flows for example, auto testing :3
#learn_bug_bounty #sql_injection yes and yes and yes I want to
If you want to master SQL injections, open this thread! SQL injection attacks are vulnerabilities that can allow attackers to access ANY data in a victim's database!🤯 A Thread 🧵👇
Oh wow, great job. Have been searching for something like this. Great one bro. Looking forward to more updates on the page. #learn_bug_bounty
Finding Time Based SQLi injections : Edition 2023 #kongsec adityashende17.medium.com/finding-time-b…
Bug Bounty Hint Test for SSRF by using the "file://" protocol. This can force the app to reveal the content of system files Example: file:///etc/passwd Use hostname "localhost" / "127.0.0.1" to check if the app is making outbound connections to itself for internal network scan
XSS: Arithmetic Operators & Optional Chaining To Bypass Filters & Sanitization secjuice.com/xss-arithmetic… #infosec #XSS #cybersec #bugbountytips
#learn_bug_bounty #sql_injection yes and yes and yes I want to
If you want to master SQL injections, open this thread! SQL injection attacks are vulnerabilities that can allow attackers to access ANY data in a victim's database!🤯 A Thread 🧵👇
Bug Bounty Polyglot Payload qwe'" <x</{{[7*7]}} 🔸 qwe - easy to type & find in HTML 🔸 '" - JS/HTML breakout & SQLi 🔸 <x - HTML injection 🔸 </ - <script> breakout 🔸 {{[7*7]}} - CSTI (Angular/Mavo) P.S. <x is a non-existing tag. Useful when WAF/Sanitizer block popular tags
Xss using css: <style>img{background-image:url('javascript:alert(1)')}</style> Firewall bypass: <style>*{background-image:url('\6A\61\76\61\73\63\72\69\70\74\3A\61\6C\65\72\74\28\6C\6F\63\61\74\69\6F\6E\29')}</style> #infosec #WAF #cybersec #BugBountyTip
'"`><img src=x>${{7*7}} Throw this into EVERY parameter you see :D '"` 🎉🎉🎉 SQLi testing '"` 🎉🎉🎉 JS inject '"`> 🎉🎉🎉 html tag attribute inject <img src=x> 🎉🎉🎉 html inject ${{7*7}} 🎉🎉🎉 CSTI If app uses your name later in flows for example, auto testing :3
What is your approach to finding Cross-Site Scripting vulnerabilities?
Oh wow, great job. Have been searching for something like this. Great one bro. Looking forward to more updates on the page. #learn_bug_bounty
SSTI (Server Side Template Injection) Payload List {{7*7}} ${7*7} <%= 7*7 %> ${{7*7}} #{7*7} If evaluated as 49 - target can be vulnerable to XSS or even RCE #infosec #bugbounty #cybersecuritytips
Day 1️⃣ - 2023 How to start Purple Teaming for Beginners:
How I Design My Prefect Bug Bounty Automation (1) medium.com/@poetryoflive/… Automation(2) medium.com/@poetryoflive/… Automation(3) medium.com/@poetryoflive/… #infosec #DataSecurity #Hackers #Linux #Vulnerabilities #bugbounty #bugbountytips #hacking #cissp
Uploaded all my Offensive Security & Reverse Engineering (OSRE) course labs (docx) to my repo found below. Most of them have very detailed instructions and should be great to get you started in Software Exploitation. 1/n #Offsec #SoftwareExploitation #RE exploitation.ashemery.com
Here are a couple things I always check when looking at a web application: 🧵
Use These Instead Of Alert and Prompt In XSS Payload Example : alert(1) can be encoded as This leads to bypass waf or blacklisted words at input field Check Out Below:👇
Something went wrong.
Something went wrong.
United States Trends
- 1. #FanCashDropPromotion 2,085 posts
- 2. Summer Walker 26.5K posts
- 3. Wale 39.2K posts
- 4. Good Friday 59.9K posts
- 5. #FridayVibes 5,234 posts
- 6. #NXXT_Earnings N/A
- 7. #FinallyOverIt 8,817 posts
- 8. #FridayFeeling 2,504 posts
- 9. Go Girl 26.1K posts
- 10. Happy Friyay 1,679 posts
- 11. Saylor 46.3K posts
- 12. SINGSA LATAI EP3 75.9K posts
- 13. Doug McMillon N/A
- 14. Bubba 12.1K posts
- 15. Bill Clinton 63.9K posts
- 16. Meek 6,693 posts
- 17. Thomas Crooks 42K posts
- 18. Robbed You 5,457 posts
- 19. Red Friday 4,016 posts
- 20. $BTC 124K posts