Magn4

New Video Out 🙌 In this one i explained what Client Side path traversal is, how to find it, and how to exploit. So even if you have no idea what it is, you will have all the knowledge needed to find one after watching the video. This is by far my best video so far, and on my favorite bug, so i hope you guys will enjoy it, and learn something from it youtube.com/watch?v=T6BKQ2…

@addydaddymc @hamidonsolo 🫡

@hamidonsolo @Magn4_ 🥂

Two characters broke an entire platform. ../ That's it. That's the payload. for $2,500. I put a path traversal in a URL hash fragment — the # part that the server never sees. No WAF caught it. No server log recorded it. No security tool flagged it. Because the attack only existed in the browser. JavaScript parsed the hash. Built an API request with it. Zero validation. I redirected it to the email change endpoint. One click: → Victim's email changed to mine → Password reset sent to my inbox → Full account takeover → Every secret in the system leaked → Victim locked out permanently I almost didn't test this feature. It looked boring. Nothing interesting. I was about to close Burp and go to bed. Glad I didn't. $2,500. I wrote the full story — the 1am discovery, the chain, the severity fight, and why the boring features are where the best bugs hide. Full writeup ↓ patrickbatman.hashnode.dev/how-i-took-ove…

I really love this poll because it lets you discover a lot of great research from the past year that you might have missed. I've decided to highlight the Сlient-Side related research that I think is especially worth your attention.

@OriginalSicksec @wld_basha Lets goooo 🎉🎉🎉

See you in Tokyo 🇯🇵🍱 @wld_basha

@H2X0z @mo7meadwael Great work as always 🫡🫡

Just received my 2nd bounty from Amazon! Big thanks to my friend @mo7meadwael for the collaboration on this one. The grind continues. On to the next one! 🎯🎯 Alhamdolilah

@O_x_Ashura Happy to hear that my man, make sure to take good care of you mental health as its more important than any bug or bounty ( for the long term ).

@Magn4_ Thanks bud. Your videos help to get out from burnout.

After uploading this video, I noticed that many people struggle with the basics, like reading JavaScript. Since I want to move on to more advanced client side techniques, I’ve decided to dedicate my next few videos to covering fundamentals such as Minified JavaScript analysis, DOM XSS Taint flow, OAuth, and similar topics. PS: These will also help you find IDORs and BAC issues, as I will show some ways you can extract the target's API endpoints from their JS files.

This really warms my heart 🫡🫡🫡 Congratulations on the insane find, to more bugs inshallah ☝️

@marwanmoha96781 Im still planning what i should talk about, but i will make sure to make it as good as i can

@Magn4_ yes please if it's possible to make a long video about reading js files

@kittoh_ 🫡

@Magn4_ that would be awesome man!

@mhmdqdw09781013 You're welcome 😁

@Magn4_ Thanks for helping video that you make🌹 We will wait for advanced techniques else 😁

@4osp3l Happy to hear that 🫡

@Magn4_ Your video made me understand CSPT; thanks man.

@naysser336283 @Mar0_0uane Inshallah ☝️

@Magn4_ @Mar0_0uane Thank u taha inshallah a future collab with u

INSANE work from my dear friends @Mar0_0uane and @naysser336283 Congratulations 🥳

@Mar0_0uane @naysser336283 🫡🫡🫡🫡

@Magn4_ @naysser336283 Thank you taha 🎩

@mustafamahmvd Thanks man, i appreciate the comment 🫡🙌

@Magn4_ CSPT was an amazing video bro, keep going

@4osp3l Sorry i just noticed that i didn't comment on this 😭 Thanks man for the constant support 🫡❤️

@Magn4_ Seeing now.

New Video Out 🙌 In this one i explained what Client Side path traversal is, how to find it, and how to exploit. So even if you have no idea what it is, you will have all the knowledge needed to find one after watching the video. This is by far my best video so far, and on my favorite bug, so i hope you guys will enjoy it, and learn something from it youtube.com/watch?v=T6BKQ2…

One of the best video and youtube channel dedicated to bug bounty. Highly recommended. @Magn4_ Respect🫡. #Bugbounty #bountytips #hackerone #cybersecurity #hacking #infosec

@3ugman Thank you very much, i really appreciate it 🙌🙌

@s0ufm3l Lah i 7efdek ❤️

@Magn4_ Nadi