Twitter | Search | |
Search Refresh
SEP Apr 18
Reply Retweet Like
Trex Apr 22
Don't report vulnerabilities once you discover them.Think to find ways to exploit them for higher impact and bigger bounty! Examples: If you have found XXE injection vulns,Think about RCE If you have found XSS,try to find Cookie injection vulns.
Reply Retweet Like
Gowtham Apr 15
Book of BugBounty Tips - . Credits and all mentioned sources and Bughunters.
Reply Retweet Like
Rasi_afeef Apr 17
Reply Retweet Like
Jerry @home 8h
Reply Retweet Like
Ashish Kunwar Apr 22
add it to your wordlist .well-known/apple-app-site-association
Reply Retweet Like
Ahmed Sultan Apr 20
Valid issues reported VS bounties awarded last week. Wondering where are the rest of the rewards? Make a guess :|
Reply Retweet Like
1N3 Apr 13
Sn1per Professional autopwn vs. 's S2-052 Apache Struts CVE-2017-9805 exercise.
Reply Retweet Like
1984isnow📖 Apr 17
nice way to close week }:)
Reply Retweet Like
Mads 3h
Looking for Open Redirects with Google Dorks? Try this for the domain you're looking at, look for plain old http too. :-) inurl:%3Dhttps%3A%2F%2F
Reply Retweet Like
publiclyDisclosed 38m
Revive Adserver disclosed a bug submitted by sumni:
Reply Retweet Like
m0z Apr 17
Here is a google dork to find GET-Based parameters: inurl:%3D URL encoded version of '=' which finds them.
Reply Retweet Like
Jaggar Henry Apr 5
Compiled every disclosed report into a digestible list. Originally made for personal use, but since multiple people have asked for it - here it is!
Reply Retweet Like

Related searches

#bugbountytips · #gandcrab · docker · graalvm · #xss
Emad Shanab Apr 15
“Using Firefox Add-Ons for ” by
Reply Retweet Like
Pratik. Apr 20
I just published a blog on Ssrf to read local files and read aws metadata :) Thanks For the Training
Reply Retweet Like
Probably Mantis 🦗 Apr 5
I'm considering signing up to a load of bug-bounty websites with the user/pass of ' or 1=1-- so when people attempt it, they log into my account and think they found a SQL Injection. 😂
Reply Retweet Like
John M 2h
Here's a writeup of the $5k I received for finding overly specific location data in
Reply Retweet Like
Doug Little 10h
Replying to @douglittlejr
Believe the benefit of removing content over 3 months outweighs the added risk of displaying such to those who may use information to optimize identified possible active breaches, depending on perspective
Reply Retweet Like
AI Hax0r 8h
Can I report about a vulnerable web server that has not been updated for almost 6 years and having a Remote Code Exec CVE without a working PoC? The exploit is not yet public😢
Reply Retweet Like
Doug Little 26m
Replying to @douglittlejr
Call it a guess, or call it 2 decades of meets being a after broader background, but believe there were prob talk about a policy link for "confidential" warning. Tough, as you define you own
Reply Retweet Like