Muzamil

Alhamdulillah I was Awarded a $3000 Bounty on HackerOne 💥 #bugbountytips #bugbounty #CyberSecurity #Hacked #hackingtools

I'm thrilled to announce "Can AI Do Novel Security Research? Meet the HTTP Terminator" will premiere at @BlackHatEvents #BHUSA! Check out the abstract:

Reward : 2000 $ IDOR in staging API due to missing object-level authorization Endpoint: GET https://example. com/api/workspace/{id}/latest The {id} parameter is directly mapped to backend objects without any access control enforcement. Since IDs are sequential

What’s harder to master in Linux? -Permissions -Networking -Shell scripting -Package management

@prasads94955045 @techbromemes There channels 😅

@techbromemes Why is everything dying, who is alive ?🤔

bounty : 1,100$ Bug 1 : Debug Mode enabled well i the api endpoint was expecting /api/v1/xyz?id=1 [INT] but instead of int i used string value which thrown errror with a lot of information Bug 2 : User limit bypass as per plan you can add only 2 user ,

@shivangmauryaa congrats. ✨ And How did you even come up with this payload

Bounty : 8,000$ 3 XSS via xss0r = 3000 euro payload : %22%3e%3c%69%6d%67%2f%73%72%63%2f%6f%6e%65%72%72%6f%72%3d.%31%7c%61%6c%65%72%74%60%31%60%20%63%6c%61%73%73%3d%64%3e alert(String.fromCharCode(88%2c83%2c83))%2f%2f%22%3balert(String.fromCharCode(88%2c83%2c83))%2f%2f--

The panic in the #welcome channel was real—until the realization hit. Check the calendar: April 1st. 📅🤣😂

@albinowax True

CVSS' Attack Complexity metric is the bane of bug bounty hunters: "you tried really hard to find that bug, so we'll pay you less".

pwn2own❌ ai2own✅

@tech_cyber1447 Thanks, and I will make a write-up soon.

@Kindone09 Congratulations. Write up?

Just another day on hunting. ☕️ Secured a $500 bounty for a PII Exfiltration. It’s wild how a little creative "persuasion" can make an AI leak secrets. Back to the grind. 🛡️💻 #BugBounty #Infosec #AI #PromptInjection #CyberSecurity #EthicalHacking #RedTeaming #HackerLife

@Prajwal030105 I will make a write-up soon.

@Kindone09 Writeup please!!

@Arqam992 Thanks . I have been doing bug bounties since August 2024, but I haven’t been very consistent because I am a student. I also just turned 18 and joined university this month

@Kindone09 Congrats👏. How long you've been into bug bounties?

@sysxplore Kinda true 😂

Linux users: "I like to type out commands!" Also, Linux users:

Someone said they like Adam's voice over mine in our videos and that kinda hurts😞

There’s just about ~10 days left to make a submission to one of my favorite programming contests: The International Obfuscated C Code Contest! Highly encourage you to take a peek and enter, it really brings out some of the best programmers (and compiler wizards).

Speaking of cspbypass.com - I just contributed two more endpoints 👍 github.com/renniepak/CSPB…

Data Exfiltration in Google Gemini via... phone call? Link in comments: