_marwankhodair_
64 posts
العربية
_marwankhodair_ retweetledi
ًWrite-up is now available
you can read it here
@youssefmohamedsaadhelal1214/from-zero-auth-to-admin-access-c303c0dbe4f8" target="_blank" rel="nofollow noopener">medium.com/@youssefmohame…
Follow Me to Stay updated with more Findings
Youssef mohamed (Tyrion)@Youssef12142311
Alhamdulillah This my Last Activity in Bug Hunting First Critical = First Accepted 🔥 I have been rewarded with $$$$ from AT&T and $$$ From Yahoo Write-up Coming soon stay tuned
English
@torik_1999 @Hacker0x01 It was just a token discovered on the target github
English
Discovered a Critical vulnerability on a public program on HackerOne
Alhamdulillah
Thanks @Hacker0x01
English
@_Xaifi @Hacker0x01 Check if there any secrets on the GitHub for the target you are working on
You can search for the target by typing: org <target> GitHub
English
Alhamdulillah
This my Last Activity in Bug Hunting
First Critical = First Accepted 🔥
I have been rewarded with $$$$ from AT&T and $$$ From Yahoo
Write-up Coming soon stay tuned
English
@Youssef12142311 ما شاء الله عليك يجووو اقوى هانتر ف المجره 👏👏❤️❤️❤️
العربية
@Abdulluuuu فاهمك, جايب واحده كريتكال في ibm ومش حاسس ب اي حاجه
العربية
Reflected XSS via unescaped error parameter.
User input reflected directly into the response without proper encoding.
Alhamdulillah
Thanks @intigriti
English
@Arourmohamed01 @intigriti I haven’t actually tested Yahoo acquisitions yet, so I’m not sure.
English
@0xmarvul @intigriti i mean can we hack on yahoo acqusitions ?
English
@Arourmohamed01 @intigriti Yes, everything in scope includes all the listed domains and wildcards, plus any *.yahoo.com subdomains that weren’t explicitly mentioned. But Yahoo ultimately decides, if they see a valid impact, they may accept it.
English
@0xmarvul @intigriti brother want to ask about yahoo scope is everyhing owend by yahoo in scope ?
English
@0xmarvul @intigriti اقوي بج هانتر فالعالم🫡❤❤❤
العربية