Created an SQLMAP Addition for sending webhooks to Discord It will have the exact same options as SQLMAP just run it as ./sqlmap.sh and use -u or -f options for File and or Url with sqlmap options if you have any issues @ me or dm me. github.com/ShadowByte1/sq…

XSS Guide and Documentation for Unique Attack Vectors and bypassing WAF github.com/ShadowByte1/XSS

Was a little busy Found a few nice Bugs in the last 3 Weeks More SXSS to come

Found a significant Amount of StoredCross-Site Scripting (XSS) vulnerability in a program on HackerOne. Our organization decided to create a short video about it. You can check out the short video here: youtube.com/shorts/4wMGV2Z… H1 Profile: hackerone.com/4c1dr3aper/hac…

Always Try Every Feature Possible #xss

What is a good WP Plugin to test for Vulnerabilities, (Heaps of code / areas to test and not overly used for getting used to SCA / Static Code Analysis) Thanks

Made the most Extensive Swagger UI Xss Nuclei Template I have ever seen, it may take a while to scan everything however you will find Swagger Endpoints they didn't even know about, I found 14 Swagger XSS on one Program. works best against subdomains. #xss github.com/ShadowByte1/Sw…

Morning Everyone Check out how our ORG Hacked Foxycart and gained Credential and PII Theft against Users youtube.com/watch?v=cAXoE5… #hacking #foxycart #org

Does anyone know about PNA Exploits for XSP from remote to internal networks mostly to printers then escalate there, I assume I need a V8 Exploit to disable it via Chrome flags as an xss won't be able to disable it due to blocks and the XSP gets blocked due to prefetch requests

A neat trick for bypassing WAF/filters while testing for OS command injection vulnerabilities. Use shell globbing / wildcard expansion. Here is an example `cat /e*c/p*s*d` is equivalent to `cat /etc/passwd`. But how? Before cat runs, the shell expands the glob pattern

Been a While but we out here

Check out my boy ShadowByte's Github github.com/ShadowByte1/CV…

Anyone have malware myself and Malectrica can Reverse engineer - Preferably a challenge / ransomware, trojan or something not overly known is also preferred. Dm me or reply if you have anything.