0xHun73r

Alright this is the write up and i would like to get your feedback and hope you like 0xhun73r.medium.com/how-i-found-a-… #CyberSecurity #Hacker101 #bugbountytips #BugBounty

@ide9x @Hacker0x01 Congratulations👏 any tips?

Just landed a triage that was 99% found by a free tier AI. It’s getting way too easy. Are We cooked? 💀🔥 #BugBounty #Hacking #Ai #HackerOne

@Edx103 Congratulations 👏

P3 😀 #bugbounty

@PTShatha511 I agree with ya

OSCP is overrated Yes, you’re all wrong

@ironCardSec @MahmoudMunir0 thanks

@0xHun73r @MahmoudMunir0 Congrats you two! That’s awesome!

today's finding with @MahmoudMunir0

@Nawshad_12 @MahmoudMunir0 wa feek barak Allah

@0xHun73r @MahmoudMunir0 Barokhallahu fiqum

@SlowBearDigger Indeed and i think if things keep going this way the black market will likely rise again i mean no one wants to waste their time only to get scammed in the end by these companies

Yeah, but to be honest? i think is just a dirty policy/marketing move... "Look we are secured by XXXXX program!" "Look! 0 payouts we safe!" and in the reality, they ignore the whitehats, close valid reports as informative to not pay, and keep it like that... i send a ticket to support and it says: "Per XXXXXXX's own bug bounty process documentation, the platform reserves the right to review reports when researchers notify of a reduced reward or severity, and will delist companies that attempt to reduce hacker rewards inappropriately. XXXXXXX's own triage team confirmed this report as valid (High). XXXXXXXXXX overturned that decision citing a technical argument that is factually incorrect per Sui's execution model. This is precisely the scenario your policy covers. I am formally requesting XXXXXXXX to exercise its review authority on this case." we shall see but that practice should be banned always and everywhere, they're making us lose time and patience

idk why they changed the severity to low when this is clearly high. i contacted them asking to reconsider the severity (hope they do) but seems like they're gonna take way too long to reply so I'm just gonna drop the writeup tomorrow Inshallah and hope u like it

@ironCardSec thanks🫡

@0xHun73r Great write up! Big fan!

Alright this is the write up and i would like to get your feedback and hope you like 0xhun73r.medium.com/how-i-found-a-… #CyberSecurity #Hacker101 #bugbountytips #BugBounty

@SlowBearDigger Actually there are some companies that don't consider such issues as vulnerabilities i mean they don't see it a problem if the user did somth like that which is clearly wrong

@0xHun73r Loss of funds 🤣 Basically just paying gas fees

@SlowBearDigger Damn what's the bug??

@0xHun73r Idk what's the matter with some teams, like 20 mins ago something like that happened to me a clear critical, Poc, all valid and within scope > informative... also waiting to see if the platform's support does anything..

@3ugman That's part of the game just keep going and don't give up bro

Life is full of informative, Duplicates or N/A.😭 #bugbounty #hackerone #infosec #hacking #BugBounty #cybersecurity

i found that writing a writeup is harder and more boring than I expected lol

@Younis_J_ ارسلي ال poc ممكن افيدك ان شاء الله

@0xHun73r يارب ...اتمنى يكون اول باونتي

قبل فتره كنت بلغت ثغرة IDOR كانو طلبو دليل وكذا لاني الثغره ما تأثر في مستخدمين بشكل مباشر لا بس في integration تبع الشركه اعطيتهم إثباتين مع فيديو كان هذا ردهم الأخير وأتمنى جداً تنقبل لاني هذا اقرب حاجة وصلت له ولا الباقي كلو عباره عن DUP وINFO #Cybersecurity

@DsokeyyV امين

ولا Bug Hunter إلا رزقته

@adce626 Wow any tips bro??

After extensive searching, I finally obtained RCE #Hacker #BugBounty

@ironCardSec Indeed thanks man. I'll drop a writeup about it in the coming days inshallah

@0xHun73r Yessir! Good find!

Yoo If this report gets triaged, I'm back to daily bug bounty hunting. Let’s pray for this one guys lol

@adce626 الله يبارك فيك

@0xHun73r تستاهل مبروك الكم

And btw, my friend 0xAlchemist and I managed to get alhamdulillah 4 CVEs in an open source CMS plugin while I was vanished.