The Cherabog

31 posts

The Cherabog

@MrCherna

Vibing with hacking, music, and gaming—plus the occasional chess match to keep things sharp.

Katılım Mart 2024

95 Takip Edilen127 Takipçiler

The Cherabog@MrCherna·11 Ara

@_okGe_ @Hacker0x01 @zseano @BugBountyHunt3r 🔥🔥🔥

QME

-=okGe=-@_okGe_·21 Şub

My first 4 digit bounty on @Hacker0x01 ! Result of Hard work ! Thanks to @zseano and @BugBountyHunt3r ! Time for career change ! #BugBounty

English

143

The Cherabog@MrCherna·11 Ara

@AmirMSafari @nowaskyjr On top🔥

English

177

AmirMohammad Safari@AmirMSafari·10 Ara

Nicely crafted payload for the onbeforematch event handler with @nowaskyjr. I used it to build a payload that bypasses Cloudflare WAF. The interesting part? If you remove }_, the payload stops working :D

Nowasky@nowaskyjr

Combining two techniques I recently showed: attribute merging of <html>/<body> tags and using hidden=until-found to trigger onbeforematch via fragment navigation in Firefox. #xss" target="_blank" rel="nofollow noopener">storage.googleapis.com/nowaskyjr/poc_… #xss

English

118

8.3K

The Cherabog@MrCherna·7 Ara

@ZiTiZ06 @Muntrive @voorivex 🤍🤍

QME

123

mysam@ZiTiZ06·7 Ara

@MrCherna @Muntrive @voorivex 🔥🔥

QME

107

The Cherabog@MrCherna·26 Eki

@YShahinzadeh 🔥🔥🫶🏼

QME

130

YS@YShahinzadeh·25 Eki

I haven’t fully returned to BB since my H1 acc was suddenly closed, but this week I tried to start working again. I spent some time on BC and found an XSS and an IDOR, the XSS was easy with a simple payload :]

English

381

12.2K

The Cherabog@MrCherna·25 Eki

@yousefccfc @voorivex 🥷🏽🔥

QME

Josefcfc@yousefccfc·24 Eki

1-click ATO via a postMessage flaw This is my 2nd ever finding and I’m really happy about it! The severity could be high, but I’m not letting that overshadow the joy of this bounty 😄 Huge thanks to @voorivex for teaching us this trick 🙌

English

231

9.1K

The Cherabog@MrCherna·31 Ağu

@0xkmikze Nice Catch🔥

English

302

𝙠𝙖𝙢𝙞𝙠𝙖𝙯𝙚@0xkmikze·31 Ağu

Last day I found an XSS that couldn’t be detected with Nuclei, Httpx, X8, ... cause of aggressive connection handling, even with all options, servers just didn’t respond. So I wrote a lightweight Go tool to reliably test GET/POST parameter reflections. github.com/xkmikze/kzxss/

English

201

11.6K

The Cherabog@MrCherna·28 Ağu

@Muntrive @voorivex Eyyyyyyy🔥