ExploitHub – Telegram

ExploitHub

6.39K subscribers

18 photos

1 video

15 files

350 links

Download Telegram

About

Blog

Apps

Platform

6.39K subscribers

■■□□□ #GoodReport #XXE via File upload (#SVG)

https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/

2.99K views17:29

■■■■□ #Iran|ian #BlackHat hacker group @Cra3ked [telegram] released an efficient #BruteForce utility to hack web logins with #PoC

https://github.com/Fr13ND3/1tinymvz.net/

3.19K views17:29

■■■□□ #GoodReport: LFI + file upload = #RCE (#CodeExecution)

https://medium.com/@armaanpathan/chain-the-bugs-to-pwn-an-organisation-lfi-unrestricted-file-upload-remote-code-execution-93dfa78ecce

Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution )

Hi everyone, After completing my OSCP certification I thought to give a try to bug bounty, as OSCP has sharpened my exploitationSkills.

3.36K views17:31

Source

Title: BugBounty types — HTML injection via email

Description: HTML injection é um ataque muito parecido com o Cross-site Scripting (XSS), enquanto no XSS o invasor pode injetar e executar códigos em…

Continue reading on Medium »

BugBounty types — HTML injection via email

HTML injection é um ataque muito parecido com o Cross-site Scripting (XSS), enquanto no XSS o invasor pode injetar e executar códigos em…

3.5K views17:33

XSS To Good XSS With ClickJacking on Subdomain Microsoft

https://link.medium.com/4EXo7G8Sk1

#XSS
#ClickJacking
#BugBounty

XSS To Good XSS With ClickJacking on Subdomain Microsoft

Bismillah hirrahman nirrahim.

3.34K viewsedited 01:39

Open-redirect on Facebook (Bypass Linkshim)

https://noobsec.org/project/2020-02-16-open-redirect-on-facebook/

3.34K views01:42

https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745

XXE on Windows system …then what ??

it’s been a while since the last Christmas that i would share this story with you guys but i didn't have time (too busy slacking off)

3.51K views01:43

Bypassing WAFs and cracking XOR with Hackvertor

https://portswigger.net/research/bypassing-wafs-and-cracking-xor-with-hackvertor

3.71K views01:44

Multiple sites for Obfuscation or JavaScript code obscurity.

http://utf-8.jp/public/aaencode.html

http://utf-8.jp/public/jjencode.html

http://www.jsfuck.com

#JS
#OBF

4.85K views01:47

Burp Extension:

https://github.com/Netflix-Skunkworks/sleepy-puppy/tree/master/burp-extension

sleepy-puppy/burp-extension at master · Netflix-Skunkworks/sleepy-puppy

Sleepy Puppy XSS Payload Management Framework. Contribute to Netflix-Skunkworks/sleepy-puppy development by creating an account on GitHub.

4.07K viewsedited 01:49

XMLHttpRequest:

https://xhr.spec.whatwg.org/

4.01K views05:52

ExploitHub pinned «XMLHttpRequest: https://xhr.spec.whatwg.org/»

05:52

“Undetectable C# & C++ Reverse Shells” by Bank Security https://link.medium.com/kIIc9Ch5b4

Undetectable C# & C++ Reverse Shells

Technical overview of different way to spawn a reverse shell on a victim machine

4.11K views02:04

■■■□□ From Recon to Optimizing RCE Results - Simple Story with One of the Biggest ICT Company in the World

https://medium.com/@YoKoKho/from-recon-to-optimizing-rce-results-simple-story-with-one-of-the-biggest-ict-company-in-the-ea710bca487a

From Recon to Optimizing RCE Results - Simple Story with One of the Biggest ICT Company in the World

How I Finally could Got into an Internal Network (and could accessing all of their internal assets) by Using Various Vulnerabilities.

4.14K views02:19

Source Code + Sensitive Information Disclosure lead to InstaMoney and SendGrind Account Takeover
https://medium.com/@denypradana/source-code-sensitive-information-disclosure-lead-to-instamoney-and-sendgrind-account-takeover-fc9adf7d8501

4.4K views02:23

https://portswigger.net/research/top-10-web-hacking-techniques-of-2019

4.99K views02:31

Fun with Amazon S3— Leaks and bucket takeover attack
https://medium.com/@woj_ciech/fun-with-amazon-s3-leaks-and-bucket-takeover-attack-ddb17da1c431

Fun with Amazon S3— Leaks and bucket takeover attack

Amazon S3 joins to the LeakLooker family, now tool looks for exposed buckets and potential takeovers.

4.41K views03:31

[ Writeup — Bugbounty Facebook ] Disclosure the verified phone number in Checkpoint.
https://medium.com/@tiendat253/writeup-bugbounty-facebook-disclosure-the-verified-phone-number-in-checkpoint-aa652faeaf21

4.34K views03:33

HOW I BYPASSED 2 FACTOR AUTHENTICATION
https://medium.com/@manralhemant10/how-i-bypassed-2-factor-authentication-899750421331

HOW I BYPASSED 2 FACTOR AUTHENTICATION

4.42K views03:33

Sentive Data Exposure
https://medium.com/@Sheshasai/sentive-data-exposure-fad568b7875

Sentive Data Exposure

hello my fellow hunters! im here to share(Sharing is caring) a new bug i found in a program let’s call it as redacted.com

4.32K views03:33

How PayPal helped me to generate XSS
https://medium.com/@pflash0x0punk/how-paypal-helped-me-to-generate-xss-9408c0931add

How PayPal helped me to generate XSS

So one day I was doing some work with my friend and visited PayPal to get a Pay with PayPal button. I logged in to PayPal and moved to…

4.6K views03:33