Twitter | Search | |
Search Refresh
inc0gbyt3 Sep 8
Dump "secrets" inside domain Javascript files like AWS endpoints, api URLs. Check my tool .
Reply Retweet Like
Hein Thant Zin Sep 12
Reply Retweet Like
HackerOnTwoWheels Sep 13
Exploiting File Uploads Pt. 2 – A Tale of a $3k worth RCE. My second write up. Let me know what y'all think!
Reply Retweet Like
YK Sep 14
Bismillah. Releasing one of my RCE story at one of Bug Bounty Program. Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3).
Reply Retweet Like
Cyan Piny 🐺 Sep 13
I've been added to Facebook's thanks list. In honor of this, I am sharing with you the POC videos of my first report($1500). POC 1: POC 2:
Reply Retweet Like
Henry Chen Sep 11
bounty calculation formula: crontab(subdomain(amass+subfinder+...) + port(masscan + nmap) + screenshot + dirsearch) + slack = bug bounty
Reply Retweet Like
C1h2e1 Sep 13
I just published Unauthorized access to all user information leaks
Reply Retweet Like
Katie Paxton-Fear Sep 8
It's up! I hope you enjoy my beginner's intro to burp + the features you need to know to find your first bug, all by a beginner!
Reply Retweet Like
luffydragneel Sep 16
There was an option to chose a Language between English and German when you edit another user's profile. But instead, I intercepted the Request and changed the parameter to something else like ar, and that user can no longer access his account(DOS).
Reply Retweet Like
Evren Sep 12
github -> issues -> is:open label:"c: Security"
Reply Retweet Like
WebApp Hacker's Handbook Fan Club Sep 14
Do you follow this one for your AppSec engagement? If not, Start following now! Thanks to , You may Share your custom checklists in replies..
Reply Retweet Like
Glenn / devalias 16h
Interesting on 'development mode' google dorks: inurl:/rails/info inurl:/rails/info/routes inurl:/rails/info/properties
Reply Retweet Like
A DNF 🦖 Sep 15
If the target server is running Windows and you can create files and directories on it, try to create ones with forbidden names (CON,AUX,etc)! It may cause errors resulting in Info Disclosure/DoS. An example written in PHP: file_put_contents("con.png","");
Reply Retweet Like
expl0itc0der Sep 15
The concept of “Google Hacking” dates back to 2002, when Johnny Long began to collect interesting Google search queries that uncovered vulnerable systems and sensitive information, labeling them Google Dorks.
Reply Retweet Like
Tikam Singh Alma Sep 8
Reply Retweet Like
Tirtha Mandal Sep 12
Bug SSRF & XSS Subdomain enum using -> fuzzing-> pointing to another subdomain of subdomains-> found an endpoint like /proxy?url= -> SSRF
Reply Retweet Like
Dhamu Sep 13
Reply Retweet Like
Andy InfoSec Sep 15
Reply Retweet Like
Guilherme Keerok Sep 10
Cloudflare WAF bypass: open("https://host/?xss=%3Ca/href=javascript:1%26%26%26%23x6e;ame%3Eclick me%3C/a%3E","<svg onload=alert(document.domain)>");
Reply Retweet Like
Rémy Marot Sep 11
XXEServ mini FTP server simple but useful for your XXE OOB extractions through FTP :
Reply Retweet Like