Forwarded from Brut Security
javanoscript:(function(){var noscripts=document.getElementsByTagName("noscript"),regex=/(?<=(\"|\'|\`))\/[a-zA-Z0–9_?&=\/\-\#\.]*(?=(\"|\'|\`))/g;const results=new Set;for(var i=0;i<noscripts.length;i++){var t=noscripts[i].src;""!=t&&fetch(t).then(function(t){return t.text()}).then(function(t){var e=t.matchAll(regex);for(let r of e)results.add(r[0])}).catch(function(t){console.log("An error occurred: ",t)})}var pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const match of matches)results.add(match[0]);function writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();Please open Telegram to view this post
VIEW IN TELEGRAM
❤3👍2
Forwarded from GitBook - Bug Bounty
Try the Full-Width version of the commonly used symbols for XSS/WAF/SQL filter bypass.
🔹< - %EF%BC%9C (\uff1c)
🔹> - %EF%BC%9E (\uff1e)
🔹\ - %EF%BC%BC (\uff3c)
🔹/ - %EF%BC%8F (\uff0f)
🔹' - %EF%BC%87 (\uff07)
🔹" - %EF%BC%82 (\uff02)
🔹< - %EF%BC%9C (\uff1c)
🔹> - %EF%BC%9E (\uff1e)
🔹\ - %EF%BC%BC (\uff3c)
🔹/ - %EF%BC%8F (\uff0f)
🔹' - %EF%BC%87 (\uff07)
🔹" - %EF%BC%82 (\uff02)
❤2🔥2
Please open Telegram to view this post
VIEW IN TELEGRAM
Fetch all relative URLs in next.js websites 🗡
const manifest = window.__BUILD_MANIFEST || {};const routes = Object.keys(manifest).filter(route => !route.startsWith("_")).sort();routes
Please open Telegram to view this post
VIEW IN TELEGRAM