Forwarded from PentesterLand Academy - Public
یه هکر اینجوری از داون شدن کلادفلیر استفاده میکنه
https://www.instagram.com/reel/DRMy7riDYbp/?igsh=MWI1ZmpwdXk3Y256Zw==
https://www.instagram.com/reel/DRMy7riDYbp/?igsh=MWI1ZmpwdXk3Y256Zw==
❤11
اکانت intelx طرح رایگان برای دانشجوها داره
دانشگاه های ایران رو هم ساپورت میکنه
Iran: ac.ir, iau.ir
https://intelx.io/academia
@hackhaven_new
دانشگاه های ایران رو هم ساپورت میکنه
Iran: ac.ir, iau.ir
https://intelx.io/academia
@hackhaven_new
intelx.io
Academia Program for Universities - Intelligence X
Free access to Intelligence X for universities and schools. Register with your university email address and the account gets upgraded automatically.
❤6
https://github.com/mahdibland/V2RayAggregator
سابسکریپشنش رو میتونید اد کنید کانفیگ هاش سرعتشون عالیه
لینک سابسکریپشن :
https://raw.githubusercontent.com/mahdibland/ShadowsocksAggregator/master/Eternity.txt
GitHub
GitHub - mahdibland/V2RayAggregator: Collect Lots of Shadowsocks, ShadowsocksR, Trojan, Vmess from Public Sources & Filter Best…
Collect Lots of Shadowsocks, ShadowsocksR, Trojan, Vmess from Public Sources & Filter Best Nodes By Speed - mahdibland/V2RayAggregator
❤9🔥2
Forwarded from DexBlood
This media is not supported in your browser
VIEW IN TELEGRAM
File Upload: SVG → XSS → RCE
Test and Learn
Test and Learn
❤4🔥1
Forwarded from DexBlood
xss to rce.rar
1.5 KB
Just recorded a demo of a File Upload vulnerability chain: SVG → XSS → RCE!
I’ve built a simple local web app to demonstrate how an unrestricted SVG file upload can lead to Stored XSS, which then escalates to Remote Code Execution (RCE) when an admin views the uploaded content.
I’m sharing the full web app (in a .rar archive) so you can test it yourself in a safe, local environment.
Credentials:
Admin: admin / admin123
User (attacker): user / user123
I’ve built a simple local web app to demonstrate how an unrestricted SVG file upload can lead to Stored XSS, which then escalates to Remote Code Execution (RCE) when an admin views the uploaded content.
I’m sharing the full web app (in a .rar archive) so you can test it yourself in a safe, local environment.
Credentials:
Admin: admin / admin123
User (attacker): user / user123
❤6🤡2
امن ترین پیام رسان اول Simplex دومیش Signal سومی هم Session اگه نظری دیگه ای داری بگو 🫶
🌚3
https://github.com/bnoscript/rep
مثل repeater برپ میمونه اما فقط روی chrome نصب میشه و نیازی به برپ نمیشه
مثل repeater برپ میمونه اما فقط روی chrome نصب میشه و نیازی به برپ نمیشه
GitHub
GitHub - repplus/rep-chrome: rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest…
rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks - repplus/rep-chrome
❤7🔥2
Please open Telegram to view this post
VIEW IN TELEGRAM
oreobiscuit.gitbook.io
Introduction to Biscuit's Bug Bounty Playbook | Biscuit's Bug Bounty Playbook
In this Gitbook, I have gathered all the important resources, links, writeups, articles, tools, and more that you need to learn about Cyber Security, Bug Bounty, Ethical Hacking, Android Pentesting.
🔥5❤2💯1
Cloudflare hides 19.3% of all websites—but not perfectly.
CloudRip scans subdomains to find IPs not behind Cloudflare protection, exposing the real origin server:
https://hackers-arise.com/web-app-hackingtearing-back-the-cloudflare-veil-to-reveal-ips/
📌 @hackhaven_new
CloudRip scans subdomains to find IPs not behind Cloudflare protection, exposing the real origin server:
https://hackers-arise.com/web-app-hackingtearing-back-the-cloudflare-veil-to-reveal-ips/
📌 @hackhaven_new
❤🔥10