Twitter | Search | |
Search Refresh
Whale Shark Jun 10
Got my first ever bug bounty report approved!!! 😁😁😁 Got a reflected XSS vulnerability on a search bar, of all places 😂
Reply Retweet Like
Pratik. Jun 15
This is how I map my targets using a simple checklist . 😬😬Don't hunt blindly.
Reply Retweet Like
Adam Langley Jun 13
If you come across a Wordpress install try “/wp-content/themes/[custom-theme-name]/.git” . Even if directory listing is disabled you can rebuild and clone it with tools like which allow you to view source code
Reply Retweet Like
Thomas Orlita Jun 12
A write-up about how thanks to a vulnerability in Google's Invoice Submission Tool it was possible to execute a blind XSS on behalf of a Google Employee and get access to Google's invoices and internal sites.
Reply Retweet Like
krypt0mux 10h
My Daily routine: - Wake up - Check Facebook and other social media - Have a shower - Brew a coffee - Hack for 10 hours straight. Hacking is life.
Reply Retweet Like
Neeraj Edwards Jun 6
Reply Retweet Like
krypt0mux Jun 10
I got this email today can anyone tell me what this exactly means? does it mean I was the first to find this bug? Thanks :)
Reply Retweet Like
SaadAhmed Jun 14
Decided to share Daily 1 Write up Of my findings 😀 here is the First one IDOR - Account Takeover 😎
Reply Retweet Like
ghostlulz Jun 7
With new technologies come new vulnerabilities. Are you checking for graphQL API endpoints, if not your really missing out on a lot of fun. More info on my blog:
Reply Retweet Like
SaadAhmed Jun 15
2nd POC sorry for late 😇 SIMPLE - Complete Web Server Access 😎
Reply Retweet Like
SΛKYB 1h
any XXE expert please ping....
Reply Retweet Like
Mandeep Jadon Jun 13
Reply Retweet Like
Ali Çelebi 7h
Interesting screenshot captured by Aquatone on a subdomain owned by major retailer :)
Reply Retweet Like
ᴂ Jun 7
had exact same report () on #232625 about 2 years ago, got N/A and the reason was that it's not possible to intercept HTTPS traffic!
Reply Retweet Like
Tirtha Mandal Jun 7
Thanks, for this great write-up Always try on big scopes. And see I got Stored XSS on a very well known public program. 🥰 P.S- Iframe*
Reply Retweet Like
ρнιтz Jun 12
reports ~out of scope~ but critical because trying to be a good guy.. My thanks? Heh, so done with this shit. Maybe I'll stick to for now on. Whatever I pick, I'm done with this platform (won't name out loud bc I'm not that shitty)
Reply Retweet Like
Youssef A. Mohamed Jun 11
I just finished exams ~ It's been 3 months since my last time ~ Let's hunt some Bugs!
Reply Retweet Like
SaadAhmed 1h
Here is my another POC guys 😎😎 Account Takeover Worth $900 😇
Reply Retweet Like
securibee Jun 14
Note to self: start checking error response.
Reply Retweet Like
Hunter Stanton 3h
Check EVERYTHING. I just found stored XSS + phone number leakage of any user in a very obscure place on a program I'm working on. If I hadn't explored their API as deeply as I could, I never would've found it.
Reply Retweet Like

Related searches

@hacker0x01