Rezultati pretraživanja
  1. 1. velj

    I was tired of outdated XSS cheat sheets that don't touch on frameworks, html5, filter bypasses and other important stuff, so I made my own. I hope you find it as useful as I do. :)

    6 replies 374 proslijeđena tweeta 826 korisnika označava da im se sviđa
  2. 4. velj

    ==API TIPS== To welcome the new year, we published a daily tip on API Security & API Pentesting during the month of January 2020. Check out my new article and explore 31 tips + interesting insights about them.

    132 proslijeđena tweeta 312 korisnika označava da im se sviđa
  3. 31. sij

    Look what I found on 😎 Have fun my friends, BUG OUT.

    1 reply 21 proslijeđeni tweet 28 korisnika označava da im se sviđa
  4. prije 17 sati

    full Recon

    18 proslijeđenih tweetova 42 korisnika označavaju da im se sviđa
  5. 31. sij

    Steps 0) Login in with Twitter 1) Host Header Injection [to a.cxx] 2) Generate OAuth Token's Link 3) Send link to Victim, after victim authorize 4) Verifier send to a.cxx 5) Reuse use token Account Takeover by

    40 proslijeđenih tweetova 135 korisnika označava da im se sviđa
  6. 1. velj

    I just got a fancy idea to create strings in without using dangerous characters 😃 Inspired by challenge from .

    112 proslijeđenih tweetova 384 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  7. 24. sij

    Some lesser known 0-click XSS vectors: <object data="data:text/html,<script>alert(5)</script>"> <iframe srcdoc="<svg onload=alert(4);>"> <object data=javascript:alert(3)> <iframe src=javascript:alert(2)> <embed src=javascript:alert(1)>

    52 proslijeđena tweeta 122 korisnika označavaju da im se sviđa
  8. 21. pro 2019.

    Got my first remote code execution on bug bounty program.Nothing is more beautiful than...... Tip? Just keep scanning for hidden directory until you found something else.

    20 replies 52 proslijeđena tweeta 302 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  9. 11. pro 2019.

    6000 hackerone disclosed reports at one place.

    211 proslijeđenih tweetova 247 korisnika označava da im se sviđa
  10. 11. pro 2019.

    Login Page Authentication bypass: Any file name / authorize account/connect/authorize home/authorize dashboard/authorize account/authorize/

    5 replies 76 proslijeđenih tweetova 160 korisnika označava da im se sviđa
  11. 14. sij

    CSP bypass for googleapis[.]com/customsearch/

    27 proslijeđenih tweetova 102 korisnika označavaju da im se sviđa
  12. 30. sij

    Awesome Payloads Server-Side Template Injection Linux - Privilege Escalation

    32 proslijeđena tweeta 76 korisnika označava da im se sviđa
  13. 15. pro 2019.

    Simple 2FA bypass tip: Account setting > Change email > Logout > Login with password via email confirm link > 2FA won't ask when the backend check for login email.(only for rare cases)

    42 proslijeđena tweeta 143 korisnika označavaju da im se sviđa
  14. prije 21 sat

    A couple of people asked for my 'XSS for 2020' cheatsheet in PDF format, so I went ahead and made it today. Enjoy. :)

    5 proslijeđenih tweetova 12 korisnika označava da im se sviđa
  15. 16. pro 2019.

    Got a survey from? Don't only test for blind xss Try this once

    5 replies 28 proslijeđenih tweetova 77 korisnika označava da im se sviđa
  16. 3. velj

    Hey bug hunters! Want a look at some of the top vulnerabilities ever found on ? They just released the last blog post I wrote before leaving. Enjoy!

    200 proslijeđenih tweetova 601 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  17. 4. velj

    I use my mobile phone with a termux app to find these two bugs while doing some uni stuff. Nmap syntax used to find ssl poodle: nmap -sV --version-light -Pn --script ssl-poodle -p 443

    6 proslijeđenih tweetova 39 korisnika označava da im se sviđa
  18. 30. stu 2019.

    Don’t forget to check ‘9200’ port for Elasticsearch.

    58 proslijeđenih tweetova 169 korisnika označava da im se sviđa
  19. 3. sij

    You can do anonymously LDAP search on your targets using this command: ldapsearch -h <TARGET IP> 389 -x -s base -b '' "(objectClass=*)" "*"

    1 reply 75 proslijeđenih tweetova 198 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
  20. 27. sij

    -API TIP:26/31- Looking for BOLA (IDOR) in APIs? got 401/403 errors? AuthZ bypass tricks: * Wrap ID with an array {“id”:111} --> {“id”:[111]} * JSON wrap {“id”:111} --> {“id”:{“id”:111}} * Send ID twice URL?id=<LEGIT>&id=<VICTIM> * Send wildcard {"user_id":"*"}

    87 proslijeđenih tweetova 221 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit

Nema rezultata.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.