Emad Shanab - أبو عبد الله

Google Hall Of Fame. @Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27" target="_blank" rel="nofollow noopener">medium.com/@Alra3ees/goog…

Hello friends, I have some health issues, and I will take some time off from twitter and social media. Please keep me in your prayers. I will logout from twitter, so I can’t see any DMs. Sorry for not answering any DMs. Stay safe.

I earned €800 for my submission on @YogoshaOfficial

Found another 6 SQLI vulnerabilities, I will report them after finishing my work. My target is PHP,Mysql, behind cloudflare. Using proxychains to bypass the WAF.

🚀 🚀 Hope this approach helps you getting bounties quicker 🔥 Please do Subscribe and Share. #BugBounty #bugbountytips #hackerone #Pentesting #infosec youtube.com/watch?v=PXwOYt…

@md_sh3z4n Yes. But with some custom tool. infosecwriteups.com/waf-bypass-mas…

@Alra3ees Same methodology like collect urls then gf sqli run sqlmap/ghauri?

@kre80r @Dphenixking Check this by @coffinxp7 infosecwriteups.com/waf-bypass-mas…

@Alra3ees @Dphenixking Which proxy provider?

@akita_zen Thank you my brother for your support.

@Dphenixking To avoid blocking my VPs IP. And yes it’s working fine. And I have running everything through tor even spider scripts like katana or gospider and burpsuite.

@Alra3ees Why do you think proxychains bypassed cloudflare? Is it based on geo-location or rate limit bypass?

@Ahmex000 You are welcome my brother.

@Alra3ees Very much for your reply

New reports submitted today. 5 SQLi. 1 DOM-based XSS. 1 XSS-reflected. 3 Information Disclouser.

@Ahmex000 Thank you very much, brother. I have my own script and it’s like this methodology. But for SQLI only. x.com/alra3ees/statu…

@Alra3ees congratulations mate 🔥 what about your injection tests, manual or automation scripts to do simple tests? just asking trying to claim some ideas, i am currently working on some injection injection scripts

@nhlcreation This target I have worked on it since one year and I have completely known it. Every subdomain,technology,ports. And I’m using Ghauri to exploit the SQLi along with proxychains to bypass the WAF. github.com/r0oth3x49/ghau… Please follow @coffinxp7 for more details about SQLI.

@Alra3ees Sqli? What about waf sir..how you encounter that...and where to look for sqli...?

@Masonhck3571 @Bugcrowd @ctbbpodcast Keep shining and rocking my dearest brother. You’re My idol. I wish you all the best in your career and success in life.

Alright here are my @bugcrowd Q1 numbers for the 2025 #comeback Total bugs: 54 Total $: $40,430 Total programs: 4 So I passed my total 2024 number. Not terrible for part-time work but I’m close to getting into that @ctbbpodcast $100k club 👀 #bugbountytips If you’re working on an open scope, recon should NEVER stop. Run enumeration daily for new assets. Always check archive daily for new urls. I only hacked on 3 programs this year but being consistent on it has made this year much more simpler.

@hellowo46432561 اسحبوا منه اللابتوب والنت, سوء استماع وسخرية.

ده الview اللي بيهانت عليه انا بهانت من على قهوة بلدي في وسط البلد

@Zerone0x1 Thank you very much.

@Alra3ees 🔥🔥

@XHackerx007 Appreciate your kindness, brother.

@Alra3ees Congratulations Keep going!!

@mido0x0x Happy birthday 🎁🎊🎉🎂🎈

Mmmm birthday 🙃

@NOMAD0___ الحمد لله علي كل حال.

@Alra3ees I think in platforms ناشفة دلوقتي 😂

I have submitted three SQLi reports today to a self hosted bug bounty program. Hopefully they can fix it soon. If you can’t find anything on bug bounty platforms, try external programs, to avoid burnout.