☄️Information Disclosure Dork☄️

site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)

⚠️Zomato IDOR leakage of Lakhs People Data - Video POC
🔖https://news.1rj.ru/str/brutsecurity_poc/10

⚠️A neat trick for bypassing WAF/filters while testing for OS command injection vulnerabilities.


Use shell globbing / wildcard expansion. Here is an example

cat /e*c/p*s*d is equivalent to cat /etc/passwd. But how?

Before cat runs, the shell expands the glob pattern /e*c/p*s*d to match actual files and directories in the filesystem.

/e*c: The shell interprets this as "any path starting with /e, followed by zero or more characters (*), ending with c."


/p*s*d: This matches a path or file name starting with p, followed by zero or more characters (*), then s, then zero or more characters (*), then d

✅Credit- Devansh Batham

🔖Submaker - Subdomain Wordlist Generator

⬇️https://github.com/llMNMll/Submaker

⚠️If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.

Intercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{

🛍If the server is deemed to be vulnerable, but a WAF is present:

../../../../../../e*c/p*s*d{{

✔️Credit- nav1n0x

⚡️Standoff BB Platform- https://dopescope.standoff365.com/