⚡️Google Dorks - Vulnerable Parameters ⚡️
⛔️XSS prone parameters:
inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example[.]com
⛔️Open Redirect prone parameters
inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example[.]com
⛔️SQLi Prone Parameters
inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example[.]com
⛔️SSRF Prone Parameters
inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example[.]com
⛔️LFI Prone Parameters
inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example[.]com
⛔️RCE Prone Parameters
inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example[.]com
🔆 Credit- Mike Takashi
⛔️XSS prone parameters:
inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:example[.]com
⛔️Open Redirect prone parameters
inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:example[.]com
⛔️SQLi Prone Parameters
inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:example[.]com
⛔️SSRF Prone Parameters
inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:example[.]com
⛔️LFI Prone Parameters
inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:example[.]com
⛔️RCE Prone Parameters
inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:example[.]com
🔆 Credit- Mike Takashi
👍13❤4🔥4
Media is too big
VIEW IN TELEGRAM
🔖Hacking Kia: Remotely Controlling Cars With Just a License PlateNew writeup from Specters and Sam Curry: They were finally allowed to disclose a vulnerability reported to Kia that could have allowed an attacker to remotely control nearly all vehicles made after 2013, using only the license plate.
Full Blog: https://samcurry.net/hacking-kia
Full Blog: https://samcurry.net/hacking-kia
👍3❤2
https://leak.sx
http://scylla.sh
https://intelx.io
https://4iq.com
https://leaked.site
https://hashes.org
https://leakcheck.io
https://vigilante.pw
https://leakcheck.net
https://weleakinfo.to
https://leakcorp.com
https://leakpeek.com
https://rslookup.com
https://snusbase.com
https://ghostproject.fr
https://leakedsource.ru
https://leak-lookup.com
https://nuclearleaks.com
https://private-base.info
https://haveibeensold.app
https://breachchecker.com
https://dehashed.com
http://scatteredsecrets.com
https://haveibeenpwned.com
https://haveibeenpwned.com
https://services.normshield.com
https://joe.black/leakengine.html
Please open Telegram to view this post
VIEW IN TELEGRAM
leak.sx
Leak.sx | Homepage | best source for hacking tools.
Leak.sx - The best leaked accounts website, Homepage, free combo tool, ai image generator, roblox free roblox accounts, free membership for netflix,Minecraft account generator.
👍7❤4🔥3
Methods that no one tells u to find origin ip addresses!!!???
https://forums.cybershieldctf.com/search.php?action=results&sid=3e360b4b477968060184d73068b9f841
#bugbounty #bugbountytips
https://forums.cybershieldctf.com/search.php?action=results&sid=3e360b4b477968060184d73068b9f841
#bugbounty #bugbountytips
❤4👍1🔥1
Brut Security
Methods that no one tells u to find origin ip addresses!!!??? https://forums.cybershieldctf.com/search.php?action=results&sid=3e360b4b477968060184d73068b9f841 #bugbounty #bugbountytips
Usually CI CD integrations are not protected by wafs and reverse proxies, so if you find any small organization's gitlab, jenkin instance etc you'll often find configurations files (from wayback machine, previous commit too +a lot of ways) , they often leak some ip addresses
🔥3❤2👍1
⚡ ffufai is an AI-powered wrapper for the popular web fuzzer ffuf. It automatically suggests file extensions for fuzzing based on the target URL and its headers, using either OpenAI's GPT or Claude AI models.
🔗https://github.com/jthack/ffufai
🔗https://github.com/jthack/ffufai
👍9
Authorization bypass due to cache misconfiguration???
https://forums.cybershieldctf.com/search.php?action=getnew
#bugbounty #bugbountytips
https://forums.cybershieldctf.com/search.php?action=getnew
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6👍3🗿3❤1
Forwarded from Netlas.io
🔥 Improved Interaction with Private Scanner 🔥
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! 👾
👉 Read about other changes: https://docs.netlas.io/changelog/
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! 👾
👉 Read about other changes: https://docs.netlas.io/changelog/
👍2
Worlds fastest unlimited single and bulk subdomain finder! Use desktop!
https://cyfare.net/apps/subfind/
https://cyfare.net/apps/subfind/
🔥9
❤4
⚡Top Hacking / Cyber Security Related Posts
🪪By Daniel Kelley
🔗https://gold-marten-204.notion.site/2d292e0b941146ef858a125bf1cb0eb3
🪪By Daniel Kelley
🔗https://gold-marten-204.notion.site/2d292e0b941146ef858a125bf1cb0eb3
❤5👍3
CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 rating❗️
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua noscripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
👉 Link: https://nt.ls/1G7ul
👉 Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua noscripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
👉 Link: https://nt.ls/1G7ul
👉 Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
👍6❤1