Code_13x ( Jelison Fernandes )

Yay, I was awarded a $25,000 bounty on @HackerOx01! #TogetherWeHitHarder Severity: Critical #hackerone #BugBounty #bugbountytips #bugbountytip #infosec #CyberSec #bughunter #API #apisecurity #cybersecuritytips #ethicalhacking #Pentester #Hacking

@furkan0x01 Welcome to HSP 🥳🥳

let's see what's this about

@0trusts Will Publish in write up soon

@code_13x Bro any tip's

Yay, I was awarded a $20,000 bounty on @HackerOx01! for a critical bug exposing Secret private conversation files of all users. Severity: Critical For more: tinyurl.com/jelison #TogetherWeHitHarder #hackerone #bugbounty #bugbountytips #bugbountytip #infosec #Hacking

@Codefly_42 Private program bro

@08xDof20784 Private bro

@code_13x Insane bro private or public? 🥵 Congratulations

Ranked #45 on the HackerOne Leaderboard for Highest Critical Reputation! Excited to keep hunting and making an impact in the bug bounty community #hackerone #BugBounty #bugbountytips #bugbountytip #infosec #CyberSec #bughunter #API #cybersecuritytips #ethicalhacking

@domainjobcom Thanks ☺️

@code_13x Congrats

Yay, I was awarded a $25,000 bounty on @HackerOx01! #TogetherWeHitHarder Severity: Critical #hackerone #BugBounty #bugbountytips #bugbountytip #infosec #CyberSec #bughunter #API #apisecurity #cybersecuritytips #ethicalhacking #Pentester #Hacking

@GodfatherOrwa Thanks 🤩

@code_13x Congratulations 👏👏👏👏👏👏

@wadgamaraldeen Thanks 😊

@code_13x Congratulations 🎉👏

@amanmahendra_ Code_13x

@Cachorroexausto If logged in user get affected directly then they should accept the bug. But it depends on the type of application you are testing on. And showing the impact.

@code_13x Surely this would be classified as either N/A or just informative for most programs. I’ve already reported it on HackerOne on a major payment gateway, and it was triaged as informative.

@_2os5 Attacker just need victim account id which are easy guess

@code_13x Nice catch! But tbh I am not sure why it is Critical, because how will you get the victim email? Otherwise yes!

@QWERTYRBG Soon..

@code_13x Congo bro write up??

@Blackstone0123 Depends on impact bro

@code_13x I reported the same vulnerability to a program on Bugcrowd. It was marked “N/A” by the triager, who said, “Dos out of scope.” Haha. Clear difference between bugcrowd vs Hackerone.

@Nick980076 Thanks bro

@code_13x Congratulations 🎉

Yay, I was awarded a $2,500 bounty on @HackerOx01! #TogetherWeHitHarder Severity: Medium #bugbounty #infosec #CyberSecurity #bughunting #hackerone #bugbountytips #cybersecuritytips #bugbountytip Tip: check every user inputs

@Dedrknex Yes, most programs don’t accept it, but it depends on the impact. In my case, I couldn’t chain it, so it remained at medium severity

@code_13x Congratulations. Most of my html injections are low/informative

Got my @Hacker0x01 swag for hitting 750 & 1500 reputation #bugbounty #hackerone #bugbountytips

@bhaveshdewasii Tip: Try to increase the hunting time to 8 hours. Dont look for bugs try to understand the functionalities how it works. And stick with one program until you find something

Day 26 – #150DayBugBountyChallenge - Hunted 4 hours today, found nothing. Total hours logged so far: 26. - Feeling like switching things up again, still experimenting with approach. - Learned about DOMLogger — seems like a really solid tool, excited to try it out more.