XSS filter bypass using : 'JSFuck'

#BugBounty #bugbountytips #togetherwehitharder

Want to scan for command injection vulnerabilities on auto-pilot? 😎️👇️

Commix is an open-source command injection scanner written in python to help you scan for these bugs easily!

hubs.li/Q025-9sZ0

#bugbounty tips #bugbounty

Subdominator

A powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential vulnerabilities.

github.com/RevoltSecuriti…

#bugbountytips #BugBounty

If you find Web frameworks like Symfony, add '/app_dev.php/_profiler/open?file=app/config/parameters.yml' to the wordlist, and you may get juicy data. Enjoy!'

Credit: BBR - Bug Bounty Resources 🧵

#bugbountytips #BugBounty

I hacked Cloud Computer Hackerone Triager 🧐

I got access to Cloud Computer Hackerone Triager
hackerone.com/reports/2263294

#hackerone Ganesh #bugbountytip s #bugbountytip

Stored XSS via pdf upload 🫡❤️

Tip: Upload files and check the response. Sometimes We can see the path of the uploaded file.

#BugBounty #bugbountytips

Another hit.........
#BugBounty #bugbountytip s #bugbountytip
Bug-: Sensitive Data Exposure
Tip -: Recon your target at least 2 hours a day.

#alhamdulillah #BugBounty #bugbountytips idor to information disclosure
Target/api/v1/cart?hash=ieje73838jrnrkei837
Change hash to Id=1

Use ShodanX to find #Originip IP of your Target🎯

ShodanX: shorturl.at/eruB0

#BugBounty #bugbountytips

200+ Hacking / Infosec pdfs

Like and Repost

Red Team Experts that explains the importance and details of Windows APIs❗️📷😈📷

Source: drive.google.com/drive/u/0/mobi…

Source: drive.google.com/file/d/1qUoyzw…

Credit:Joas Antonio

#infosec #Hacking #infosec urity #Malware #bugbountytips #CTF …

🔎 Recursive Fuzzing with WFUZZ 💻

wfuzz -c -z file,wordlist -R 3 --sc 301,200 target/FUZZ

#bugbounty tips #bugbounty

Just in case you still use gau...
it no longer gets any links back from Wayback Machine because of a change to their API.
Use: github.com/xnl-h4ck3r/way…

Credit: / XNL -н4cĸ3r (@[email protected])

#bugbounty tips #bugbounty

Yay, I was awarded a $750 + $250 bounty on HackerOne! hackerone.com/roberto99 #TogetherWeHitHarder #bugbounty #bugbounty tips

Tips : Always Fuzz !
/config.php.old
/config.php.bak

6 Tools for Hackers

#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #oscp #cybersecurity awareness #bugbounty #bugbounty tips

If you find Web frameworks like Symfony, add '/app_dev.php/_profiler/open?file=app/config/parameters.yml' to the wordlist, and you may get juicy data. Enjoy!'
#bugbountytip s #bugbountytip #cybersecurity #ethicalhacking

Stored XSS via cache poisoning 🧪

Tired of Akamai WAF, try this payload:

'><a nope='%26quot;x%26quot;'onmouseover='Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))'>

credit: Rachid.A

#bugbountytips #bugbountytips

bypass alert ==> [alert][0].call(this,1)

credit: BBR - Bug Bounty Resources 🧵

#bugbounty #bugbounty tips

📷 Learn SSRF 📷
[+] portswigger.net/web-security/s…
[X] book.hacktricks.xyz/.../ssrf-serve…...
[*] gowthams.gitbook.io/.../list-of...…
[-] youtube.com/watch?v=1pyoYa…
📷Tryhackme Lab:- 📷
1. tryhackme.com/r/room/ssrfqi
2. tryhackme.com/r/room/ssrfhr
#BugBounty #bugbountytips #ssrf

Hey everyone, I have found multiple HTML injection in chat bot, should I report this?
#BugBounty #bugbountytips
1. payload <img src='index.jpg' alt='@coffinxp in a Jacket' width='1000' height='600'>