I submitted my first critical vulnerability and awarded $3500 on @Hacker0x01. Bug: Default WordPress Installation lead to RCE. Tip:.cat subdomains.txt | httpx -title -fr.Result: [WordPress > Installation].Watch on your Targets🙂. Thanks to @voorivex and @dollarisho_com

RT @Muntrive: امشب با @Sharo_k_h روش کار کردیم و دوباره عالله شد. جدا ازین کلی چیز میزه باحال راجبه مرورگر یاد گرفتم ازش که واقعا میتونم بگ….

🚀 New Tool Alert!.Easily parse _buildManifest.js files from Next.js web apps 🔍. 🛠 Try it online: 💻 Source code: #BugBounty #JS #NextJS #WebSecurity

اینم از جمعه ما🥳

۳ تا cve ساده که قبلا زده بودم اگه دوست داشتید حتما بخونید. مرسی از علی جان بابت وقتی که برا ما میذاره🙏❤️.@soltanali0

RT @Ali_4fg: 🧵 Bug Bounty Methodology 🧵. After reading countless write-ups and checklists, I created my own methodology that has helped me….

I have created a chrome extension for extract endpoints and urls from js files. You can use it for modern web app which this tool watch for new js files that loaded (lazyload). #BugBounty #tools #PenTest.

You can remove `var` word from payload and write all payload in one line. If you use the payloads in the URL, remember to url encode the + into ( %2B ). Get payloads from my github ✌️🔥:.

XSS without parentheses:. If you’re within the JavaScript context, such as event handlers or the javascript: scheme, you can define variables to bypass WAF. Note: Define the closing parenthesis “)” before the opening parenthesis “(”. @garethheyes @PortSwigger #bugbountytip #xss

JsFuck ❌.FuckJS ✅. We also bypassed a very strict Cloudflare WAF with @ehsan_nkd @0xb0hl00l . Hint: When you face a WAF that allows you to use `javascript:` scheme but blocks every payload that you know, DEFINE variables!. #HiveCommunity.#BugBounty #hackerone #XSS

Discovered an XSS vulnerability but Imperva WAF blocked it?.Try this XSS payload to bypass Imperva's protection. <details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle=&#x0000000000061;lert&#x000000028;origin&#x000029;>. #bugbounty #bypass_imperva #xss #hacking

XSS Tip:. If you have two parameter reflections in a JavaScript context and can't close the script tag or break the string with ( " ), you can use a backslash ( \ ) to escape the ( " ) of the first reflection and inject your JavaScript payload in the second reflection.

My new tool:. A tool for extract money😆.

A very simple tool to compare 2 file and return unique diff. Alternative to comm command in linux.