In this Post we will only know DIOS a little more and introduce some different and new flavors of DIOS. USAGE FOR ALL DIOS: Just put the code in place of vulnerable column and see the magic As most of you have seen this one the first DIOS: Above is a Awesome Piece of code…
How to find AngularJS XSS
Have you ever heard about publicwww? It’s a search engine for source code. So publicwww will fnd any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code. They have this list that you can search for: AdvertisingMarketingAnalyticsTechnologiesFrontendWidgetsCMS You can find it here https://publicwww.com. They also have plans and pricing if…
Steal IP Address using Image
Starting on the name of My god “Allah” the most beneficent the most merciful Today i wokeup and saw a post on grabbing the IP using SQL injection. As per my interest i checked what it was, after reading it i came up with an idea to include some htaccess shit with the whole idea…
DDOS Using SQL injection (SiDDOS)
DDOS Using SQL injection In this tutorial we will discuss how can some one DDOS a website using SQL injection. As for me its a new concept dint had much research or tutorials on it. After my own testing and the maximum information i some how collected reading SQL syntax and other limitations on connection and…
XSS Injection with SQLi
XSS Injection with SQLi (XSSQLi) XSS Injection with SQLi (XSSQLi) Well After our discussion on different types of injection and places you can find SQL injection Vulnerability, an attacker can successfully exploit and SQL injection vulnerability and get access over the database and if he is enough lucky to get access to the File System…
VPS Cheatsheet for bug hunting
I have found myself way too many times forgetting certain commands, or how to perform specific actions related to bug hunting. Solution: make a cheat sheet of all the useful commands. And I figured, you may find it useful, or maybe you already know all of them by heart in which case, good for you….
A Story of IDOR To Account Takeover
Hello Guys ! I am Pramod Yadav a Security Researcher and a Bug Hunter. This Is My First Bug Bounty Writeup. We are Going to See A Story of IDOR and How Could I Have Taken Over Your Account Through It. Before Getting into Details Let’s See What is An IDOR. What is an IDOR?…
How to find valid and impactful CSRFs
Hi , i am Febin , a security researcher. This is my first post in OBB blog, which is about the mighty CSRF attack. IMPACT OF CSRF: In a successful CSRF attack, the attacker causes the victim user to carry out an action unintentionally. For example, this might be to change the email address on…
Using {XSS} to play games on Site
Hello guys, today I’m going to teach you how to play inside any website that has an XSS flaw.This technique is more aimed at making fun videos satirizing websites or even playing with your friends… The code is very simple because it only emblems the application of the game in question and an opening of…
How to Find Contacts To Report Bugs & Security Vulnerabilities | Bug Bounty Tutorials 2020
How to Find Contacts To Report Bugs & Security Vulnerabilities | Bug Bounty Tutorials 2020 in this video tutorial I will show you how to find any contact information about any domain or company.