MHD

Don’t rush to report. A UUID IDOR looked informative at first. Dug deeper, found an endpoint leaking valid IDs, chained both, and it became critical. Full writeup: urli.info/1oYlx #BugBounty #IDOR #hackerone

Top 60 Hacker Search Engines 💀🔥 1.🌐Shodan 2.📡Censys 3.🔍Onyphe 4.👁️ZoomEye 5.⚙️GreyNoise 6.🛰️Natlas 7.🌍Netlas 8.🧭FOFA 9.📚NIST NVD 10.🧪osv.dev 11.🔓opencve 12.🧠VulnIQ 13.📊Vulmon 14.🗂️VulDB 15.💥Sploitus 16.📰Oday .today 17.⚒️LOLBAS 18.🧰GTFOBins 19.🎯FullHunt 20.💻grep .app 21.🔎SearchCode 22.🤓NerdyData 23.📧Hunter.io 24.🔗SynapsInt 25.☁️skymem 26.🧑ThatsThem 27.🌎Omnisint 28.🧩Riddler 29.🌐RobTex 30.🏗️BuiltWith 31.🔗URLScan 32.🌪️Chaos 33.📡DNSdb 34.📈DNSviz 35.🧾C99.nl 36.🔐crt .sh 37.📶Wigle 38.📍wifimap 39.📡wifispc 40.🌐mylnikov 41.🔑Dehashed 42.🗄️Snusbase 43.🔨HashKiller 44.🕶️AHMIA 45.🧅tor.link 46.🌏Google 47.🇷🇺Yandex 48.🔎Bing 49.🎥Insecam 50.🧠ORKL 51.🧫tria .ge 52.💧leakix 53.📁filesec 54.⚠️malapi 55.📞TellowS 56.🔄sync.me 57.☎️SpyDialer 58.💣ExploitDB 59.🚀Rapid7 DB 60.🖼️TinEye #OSINT #CyberSecurity #Recon #InfoSec

GraphQL Introspection Misconfiguration to Sensitive Data Exposure POC → 1. While testing a GraphQL endpoint, noticed introspection queries were enabled in production 2. Sent an introspection query to map the full schema 3. Discovered hidden queries related to internal user and admin data 4. Modified the query to fetch user email, roles, and internal metadata 5. Server returned sensitive data without proper authorization checks 6.This allowed attackers to enumerate users and access restricted information Learning → - GraphQL introspection should be disabled in production environments - Always enforce authorization on every resolver - Hidden schema endpoints often expose internal business logic #infosec #hacking #hacker #bugbounty #bugbountytips

🔍 Testing an application with a GraphQL API? Learn about common GraphQL vulnerabilities over at the Web Security Academy, and then scan your app with Burp Suite Professional or Burp Suite Enterprise Edition to find GraphQL bugs automatically. #graphql portswigger.net/web-security/g…

200+ Hacking / Infosec pdfs Source: drive.google.com/drive/u/0/mobi… #infosec #Hacking #infosecurity #Malware #bugbountytips #CTF #BugBounty #vulnerability #pwn #CyberSecurityAwareness #CyberSecurity #cybersecuritytips

This one right here… insane value 💀🔥 🔗 pentester.land/writeups/ Real bugs. Real reports. Real hacker mindset. If you're serious about bug bounty, you NEED to study this. #BugBounty #CyberSecurity #Infosec #Hacking

The WAF blocked standard SQL keywords (OR, AND, SELECT, UNION, WHERE, etc.) but got bypassed using Oracle's NVL, NULLIF, SUBSTR, or SYS_CONTEXT.

SecLists is a security tester’s best companion. From usernames and passwords to URLs, payloads, web shells, and sensitive data patterns, it covers almost every recon need. Use SecLists in your workflow to automate more and find more bugs. 🐞

|￣￣￣￣￣￣￣￣￣￣￣￣￣￣| every successful hacker had to start somewhere |＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

Bug bounty tip 🔥 Most people stop at subdomain enum… real hunters go further ↓ Take your subs → generate permutations → resolve → profit 💰 Tools you should be using: • Altdns: github.com/infosec-au/alt… • dnsgen: github.com/AlephNullSK/dn… • gotator: github.com/Josue87/gotator • shuffledns: github.com/projectdiscove… Pro move 🧠 Use target-specific words (from JS, GitHub, Wayback) instead of generic lists → this is where hidden assets live Enumeration finds surface. Permutations find gold. 🔥 #BugBounty #BugBountyHunter #InfoSec #CyberSecurity #Recon

Cloudflare WAF Bypass Leading to Reflected XSS via SVG Injection by 0xh7ml 0xh7ml.medium.com/cloudflare-waf… #bugbounty #bugbountytips #bugbountytip

The Spring Boot Actuators can expose some sensitive informations like env vars, heap dumps, configs, and internal metrics And sometimes, with simple bypass tricks we can find them: actuator/env;.. ;/actuator/env actuator;/env actuator/env%00 actuator/env; ..;/actuator/env static../actuator/env actuator/health/..;/env #bugbounty #bugbountytips #cybersecurity

I saw this on LinkedIn. The AWASP Top Ten, a "vibe-researched and vibe-coded" alternative to the OWASP Top Ten. awasp.org It's...interesting to say the least. 😅 Credit: linkedin.com/posts/chris-wa…

2FA Bypass offsecrunner.github.io/posts/Broken-2…

Recon gives you assets 🗂️ Methodology gives you bugs 🎯 Here’s what actually comes after recon.👇

🔥OSINT websites # Multipurpose shodan.io censys.io onyphe.io app.netlas.io hunter.how fofa.so fullhunt.io zoomeye.org criminalip.io leakix.net

Next up: Hacking OAuth (Open Authorization) 🔓 You see "Log in with Google/GitHub" everywhere. To a user, it’s convenience. To a hacker, it’s a direct path to Account Takeover (ATO). If you understand the flow, you can steal the tokens to the kingdom without ever touching a password. Let's get into it. 🧵👇

Modern front-end frameworks escape HTML by default 🛡️ — but the moment you bypass that protection, the risk becomes yours ⚠️ This SonarSource research shows how a sanitization bypass combined with a client-side path traversal flaw led to a real XSS in a finance application 💥 A great reminder that impactful exploits often come from chaining multiple small issues together. 🔗 sonarsource.com/blog/front-end… #AppSec #BugBounty #XSS #WebSecurity

🐞List of localhost addresses for SSRF bypass http://localhost http://127.1 [http://127.0.0.0](http://127.0.0.0/) http://2130706433 http://0177.1 http://0x7f.1 http://127.000.000.1 http://localtest .me http://[::1] http://[::] #bugbountytips

Recon is boring. Reading the API docs is boring. Testing every single edge-case you know is boring. If you want to find bugs, do boring.