Guax1

48 posts

Guax1

@gu4x1_

aoba

Katılım Kasım 2021

103 Takip Edilen3 Takipçiler

Guax1 retweetledi

Md Ismail Šojal 🕷️@0x0SojalSec·24 Nis

Use NextJS? Recon Tip by renniepak A quick way to find "all" paths for Next.js websites: DevTools->Console console.log(__BUILD_MANIFEST.sortedPages) javascript:console.log(__BUILD_MANIFEST.sortedPages.join('\n')); #infosec #cybersec #bugbountytips

English

251

48.2K

Guax1 retweetledi

Md Ismail Šojal 🕷️@0x0SojalSec·17 Şub

Top Secret Detection Tools⚔️ Powerful tools designed to detect secret leaks • github.com/trufflesecurit… • github.com/newrelic/rusty… • github.com/Yelp/detect-se… • github.com/gitleaks/gitle… • github.com/awslabs/git-se… • github.com/tillson/git-ho… • github.com/secretlint/sec… #infosec

English

147

7.2K

Guax1 retweetledi

𝔸𝕪𝕚𝕣𝕒𝕗 ℝ𝕒𝕙𝕞𝕒𝕟@mahfujwhh·18 Şub

Open redirect to Account takeover #bugbountytips #Bughunter #BugBounty #poc #mahfujwhh

English

255

10.6K

Guax1 retweetledi

Yunus Emre Öztaş@ynsmroztas·21 Oca

if you get an error like this when you make a request "error on line 1 at column 1: Start tag expected, '<' not found" , you can get a lot of information by using curl -k -s --path-as-is -X GET https :// (domain).com/x/document(.jsp,otp,irs,php) command outside of SQL or XXE 🥰🌹 #bugbountytip #bugbountytips

English

402

28.2K

Ben Sadeghipour@NahamSec·30 Ara

Final giveaway of the year🎁: 4️⃣Hand-On Web Exploitation (Course Only hhub.io/2024holidays) 3️⃣Shodan Codes 2️⃣Caido licenses 1️⃣Hands-On Web Exploitation (Certificate+Course Bundle) To enter drop a 🫶🏼and RT

English

601

615

810

81.1K

Guax1@gu4x1_·1 Oca

@NahamSec 🫶🏼 🫶🏼

QME

Guax1 retweetledi

VAIDIK PANDYA@h4x0r_fr34k·2 Kas

SSO Vulnerabilities ? here are few blogs to explore 1. medium.com/bugs-that-bite… 2. @Land2Cyber/open-redirects-in-modern-single-sign-on-sso-implementations-8f900cc6fbb4" target="_blank" rel="nofollow noopener">medium.com/@Land2Cyber/op… 3. infosecwriteups.com/forced-sso-ses… 4. 0x4kd.medium.com/google-sso-mis… 5. infosecwriteups.com/taking-down-th…

English

204

7.6K

Guax1 retweetledi

VAIDIK PANDYA@h4x0r_fr34k·28 Tem

Hacking Drupal Want to Pentest Drupal Web Applications? 1. nahoragg.medium.com/chaining-cache… (Cache Poisioning to XSS) 2.@augustusphyras/ultimate-drupal-security-checklist-15d0425b04a4" target="_blank" rel="nofollow noopener">medium.com/@augustusphyra… (Prevention Chechlist) 3. @briskinfosec/drupal-core-remote-code-execution-vulnerability-cve-2019-6340-35dee6175afa" target="_blank" rel="nofollow noopener">medium.com/@briskinfosec/… (CVE-2019–6340 : RCE) 4. @knownsec404team/the-analysis-of-drupal-1-click-to-rce-ad7799b428e6" target="_blank" rel="nofollow noopener">medium.com/@knownsec404te… (1-Click RCE) 5. walk-throughs.medium.com/exploiting-dru… 6. @yasmeena_rezk/drupal-7-x-exploitation-7eb1c7cfa4dc" target="_blank" rel="nofollow noopener">medium.com/@yasmeena_rezk… 7. hackerone.com/reports/1844674

English

111

363

17.1K

Guax1 retweetledi

VAIDIK PANDYA@h4x0r_fr34k·1 Ağu

Fuzzing lists - Part 1 Wordlists for few specific Funtions you can use for Specific Purpuses. 1. Email Providers github.com/xajkep/wordlis… 2. Username Wordlist github.com/danielmiessler… 3. NoSqli github.com/cr0hn/nosqlinj… 4. Common Fuzzing github.com/orwagodfather/… 5. IIS github.com/orwagodfather/… 6. AEM github.com/orwagodfather/… 7. cgi-bin github.com/orwagodfather/… 8. .Filenames wordlists-cdn.assetnote.io/data/manual/do… 9. wp-contents github.com/random-robbie/… 10. ZIPs github.com/random-robbie/…

English

289

11.5K

Guax1 retweetledi

VAIDIK PANDYA@h4x0r_fr34k·18 Haz

Want to Learn Access Control ? 1. cobalt.io/blog/introduct… 2. infosecwriteups.com/begineers-cras… (Kind of Crash Course) 3. owasp.org/Top10/A01_2021… 4. portswigger.net/web-security/a… (Labs) 5. @insightfulrohit/all-about-broken-access-control-cf6ec98a990b" target="_blank" rel="nofollow noopener">medium.com/@insightfulroh…

English

5.8K

Guax1 retweetledi

RootMoksha Labs@RootMoksha·4 Haz

XSS payload by @Botami143 <a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> WAF / Cloudflare Bypass #bugbountytips #bugbounty

English

224

13.7K

Guax1 retweetledi

Maniesh.Neupane@pwn4arn·2 Haz

IDOR Checklist ! Credit:@hunter0x7

English

447

37K

Guax1 retweetledi

Maniesh.Neupane@pwn4arn·29 May

Upload functionality testing

English

190

16K

Guax1 retweetledi

Maniesh.Neupane@pwn4arn·28 May

Some cool bypass for the endpoints !

English

266

18.1K

Guax1 retweetledi

RootMoksha Labs@RootMoksha·7 May

Two P3 after successfully bypassing the Cloudflare WAF on a private program. A simple SVG-based payload proved effective. Payload: ⚙️ "%3cSvg%20Only%3d1%20OnLoad%3dconfirm(1)%3e" credit: @nav1n0x #bugbountytips #BugBounty

English

131

4.6K

Guax1 retweetledi

Divyansh Sharma@divyansh2401·29 Nis

Yay, I was awarded a $2,000 bounty on @Hacker0x01! hackerone.com/divyansh2401 #TogetherWeHitHarder #bugbounty #bugbountytips #bugbountytip 1. Bypassed email verification with IP-Rotator Extension. 2. Created an account with divyansh@target.com. 3. Auto Joined their organization.

English

351

23.6K

Guax1 retweetledi

RootMoksha Labs@RootMoksha·27 Nis

File upload checklist by @coffinxp7 #BugBounty #bugbountytips

English

118

4.2K

Guax1 retweetledi

elSec@adrielsec·31 Oca

bypass XSS Cloudflare WAF Encoded Payload "><track/onerror='confirm\%601\%60'> Clean Payload "><track/onerror='confirm`1`'> HTML entity and URL encoding: " --> " > --> > < --> < ' --> ' ` --> \%60 #bugbounty #bugbountytip #bugbountytips

English

260

14.6K

Guax1 retweetledi

RootMoksha Labs@RootMoksha·15 Mar

XSS to Exfiltrate Data from PDFs 👇 Credit:medium.com/r3d-buck3t/xss… #bugbountytips #bugbounty

English

170

6.2K

Guax1 retweetledi

RootMoksha Labs@RootMoksha·23 Şub

WAF bypass: By adding 'Content-Encoding: any_random_text' to the request header, you can deceive some WAFs, allowing your payload to slip through undetected. By:@jayesh25 #bugbountytips #bugbounty

English

111

468

21.6K

Keşfet

@NahamSec @Botami143 @hunter0x7 @nav1n0x @Hacker0x01 @coffinxp7 @jayesh25 @elonmusk