Skip to content

v1.2.1 - HIGH + MEDIUM content backlog

Latest

Choose a tag to compare

@inflictx inflictx released this 01 Jul 15:49

v1.2.1 - HIGH + MEDIUM bug-bounty content backlog

New payload cards and ready-to-run scripts, both locales (RU + EN).

CVE payload cards + PoC scripts

Payloads

  • Swagger UI ?configUrl= DOM-XSS via a remote spec
  • PasteJacking / clipboard blind XSS
  • Google / Gemini API-key abuse (validate, billable call, referrer/app bypass)

Recon / discovery scripts

  • Swagger configUrl probe + WordPress XML-RPC abuse (API scripts)
  • IIS 8.3 short-name enumeration (discovery)
  • S3-URL-from-JS harvester (origin & buckets)
  • waymore pipeline (wayback / archive)

Seed 5294 entries. All gates green (tsc 0, vitest 18/18, server + static builds). The live demo auto-redeploys to GitHub Pages.