Omar

49 posts

Omar

@0x0ld

Katılım Şubat 2022

104 Takip Edilen1.3K Takipçiler

Omar@0x0ld·10 Mar

@claudeai @simsalacrypto 😬

QME

Claude@claudeai·9 Mar

Introducing Code Review, a new feature for Claude Code. When a PR opens, Claude dispatches a team of agents to hunt for bugs.

English

2.1K

5.2K

63K

23.3M

Omar@0x0ld·12 Şub

@thedawgyg According to a member of the HackerOne staff, this is not currently being done, and they will provide more detailed information in the coming weeks.

English

984

dawgyg - WoH@thedawgyg·12 Şub

"HackerOne Agentic PTaaS pairs specially trained AI agents"... specially trained on a decade worth of work from the largest pool of bug hunters on the planet.... without their consent... Maybe its time to find out how class action suits work and see if we have any ability to prevent them from using our work?

HackerOne@Hacker0x01

Point-in-time pentests can’t keep up, while fully autonomous testing creates noise. The solution? HackerOne Agentic PTaaS pairs specially trained AI agents with elite human validation to deliver results based on real-world exploitability, not theory. This 50-second video shows you how it works.

English

288

29.9K

Omar@0x0ld·11 Şub

@adeolRxxxx @simsalacrypto

QAM

158

playboi.eth@adeolRxxxx·11 Şub

contests are dead. bug bounties are in. This mfer doesnt even have a twitter. smart contract for that fucken matter?

Immunefi@immunefi

Security researcher ily2 has just earned a staggering $3,000,000 from submitting a critical smart contract bug via Immunefi. That's the largest single payout in web3 security in recent memory. In total, he's submitted 3 reports. All 3 were paid. 100% accuracy. His leaderboard update is coming soon, but you can pledge IMU to him now and earn when he finds the next one: immunefi.com/pledge/ily2

English

150

10.8K

Omar@0x0ld·27 Oca

@fahadkhan__101 through trial and error while exploiting the SQL injection, the backend began returning “file not found” responses. I then injected /passwd into the second column, which resulted in the contents of that file being returned.

English

148

Fahad Khan@fahadkhan__101·22 Oca

@0x0ld Can you tell me that how did you make that kind of payload?

English

1.1K

Omar@0x0ld·21 Oca

Sexy

English

311

19.4K

Omar@0x0ld·27 Oca

@trial_36545191 already escalated that and popped a shell on this host :p

English

Trial 365@trial_36545191·22 Oca

@0x0ld Rce 💪💪

831

Omar@0x0ld·27 Oca

@userarceus @grok This issue originated as a SQL injection and was escalated to a local file disclosure due to improper sanitization of database values. These values were later passed to a file read function, allowing an attacker to manipulate the query results and alter the file’s source path.

English

—͟͞ 404•XL@userarceus·22 Oca

@0x0ld @grok @0x0ld Vuln name sqli?

Italiano

132

Omar@0x0ld·22 Oca

@wareeq_shile 3.As a result, the application reads the attacker-supplied path rather than the intended PDF location, leading to a Local File Disclosure vulnerability. here is an example of the code generated by chatGPT

English

167

Wareeq@wareeq_shile·22 Oca

@0x0ld I’m confused by how this payload works reading system file from database column without any function ?!

English

1.3K

Omar@0x0ld·22 Oca

@wareeq_shile 2.Due to insufficient input validation, the id parameter is vulnerable to a UNION-based SQL injection. By exploiting this flaw, an attacker can manipulate the query result and inject an arbitrary file path instead of the legitimate database value.

English

130

Omar@0x0ld·22 Oca

@wareeq_shile 1.The affected endpoint accepts a hashed id parameter, which is used in a database query to retrieve the file path of a PDF document. Once a matching record is found, the application reads the file directly from the filesystem using a function such as file_get_contents().

English

954

Omar@0x0ld·1 Oca

@marcaslevel1 @Hacker0x01 @marcaslevel1 Hi! Thanks a lot for the kind words. I’m completely self-taught, and the best resource I recommend is portswigger academy it’s free and very hands-on. bestof luck on your journey, and feel free to ask anytime!

English

Leonardo Torres@marcaslevel1·1 Oca

@0x0ld @Hacker0x01 Hi there! I’ve read your informative writeups. I’m new to cybersecurity and curious if you learned it yourself or attended formal schooling. If you did, I’d appreciate any helpful resources you found. Your knowledge is valuable, and I’m grateful for your sharing!!

English

107

Omar@0x0ld·26 Ağu

Just hit 10k! Let’s make it to the Top 100 on @Hacker0x01

English

192

8.9K

Omar@0x0ld·7 Tem

@arshiyaiha right!

English

234

🇮🇷 Arshiya🇮🇷@arshiyaiha·7 Tem

Don't overlook subdomains that return 3xx responses. The easiest and fastest way to check them is on Archive. For extra assurance, do some directory fuzzing too. They're often ignored in large targets. @0x0ld am I right, buddy? hackerone.com/reports/2947762 #bugbountytips

English

2.1K

Omar@0x0ld·1 Tem

@0xmedex @Hacker0x01 My dms are open you should be able to dm me

English

Ahmed@0xmedex·1 Tem

@0x0ld @Hacker0x01 Can you DM me ?

English

103

Omar@0x0ld·9 Nis

Yay, I was awarded a $7,500 bounty on @Hacker0x01! hackerone.com/0xold #TogetherWeHitHarder

English

157

7.8K

Omar@0x0ld·30 Haz

@MiniMjStar @Hacker0x01 it should be open now

English

120

MJ_The_DJ🇮🇷@MiniMjStar·30 Haz

@0x0ld @Hacker0x01 Congrats, can i dm? its closed

English

165

Omar@0x0ld·2 Haz

@Zierax_x i've sent you a message, check your dm

English

137

0xZyo@Zierax_x·2 Haz

@0x0ld Hi Omar, I just want to contact you regarding a question. How can I contact you?

English

184

Omar@0x0ld·23 Oca

Just reached 5k! Hoping to hit 10k before the year wraps up!

English

Omar@0x0ld·15 May

@Masonhck3571 The developer was probably trying to handle both single and multiple values by splitting the input on ",". They likely added a check for when a single ID is passed, but forgot to handle the case where an array of IDs comes through.

English

977