.png)
2 months ago
40 BOOK THIS SPACE FOR AD
ARTICLE AD
Salam alaykum hunters! 🕷🕸 I hope you’re doing well. This is part 2 of the journey where I’ll share my methodology for finding bugs. In part 1, I introduced the basic sites and tools that every hunter should use to get started. Today, I’ll show you how to find vulnerabilities like XSS, SQLi, and more (with tools and tips). I hope this will be helpful!
That was the division in the hacking world: There were people who were exploring it and the people who were trying to make money from it. And, generally, you stayed away from anyone who was trying to make money from it.
Jeff Moss
ENJOY THE JORNY AND MONEY WILL COMING TO YOU
You should prioritize learning. Trust me, money is just the result of doing good work. Keep this concept in mind:
70% of the time, test your knowledge on real targets30% of the time, focus on learningBalance these two things and you’ll see the results. I’m not saying money isn’t important — I’m learning and working to earn money for a better future. But if you make it your highest priority, you’ll find it hard to improve yourself.
I’ll be creating write-ups for people who want to earn some quick money (those who already have good knowledge and are looking for platforms with low competition, unlike the big platforms like HackerOne and Bugcrowd).
CustomBsqli: It’s faster than basic tools like SQLMap. It identifies and exploits blind SQL injection vulnerabilities in web applications.
Testing Site : https://t.me/lostsec/1328
http://www.dgrsantiago.gov.ar/wp-admin/admin-ajax.php?action=window&callback=
Step-by-Step Tutorial: Watch the video
Lostxlso: A multi-vulnerability scanner, excellent for finding SQLi, XSS, LFi, Open Redirect, and more.
FFUF: You can use the default tool, but for unique results, check out the great tool from SirBugs/bugsffuf. Look into the help documentation for additional points.
Web labs for FFUF and more:
FFUF.me — Great for beginnersHackXpert Labs — Enjoy! ✍(◔◡◔)FUZZING CMS TIP : i got this tip from https://t.me/a7madn1 ←
my collction wordlist CMS : Check out my collection of CMS wordlists here: Captain Sharky’s WordList Collection. I’ll be adding more of my recon wordlists from various bug hunters.
Tip from Coffin:
Try this amazing FFUF oneliner that I mostly use to bypass WAFs for refined results, especially for information disclosure bugs. Use any wordlist:
CORS : If you’re not familiar with this bug, watch these videos:
Understanding CORS
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
(Just to be clear, I haven’t earned any bounties yet, but like you, I’m learning, trying, and reading write-ups. Insha’Allah, we’ll find bugs soon. It’s still early — just focus on improving yourself and the money will come. That’s why when I share tools or tips, I always mention where I got them, so you can add those sources to your lists too.)
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Bengali (Bangladesh) · 
English (United States) ·