Rafiqul Islam

@intigriti error.html?warning=%7B%22title%22%3A%22%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E%22%2C%22level%22%3A%221%22%7D

Can you pop an alert? 🧐

@AmyShatu Congrats

Alhamdulilah! Got My First Bounty! First Bounty always special Thanks to almighty Allah! And thanks my two childhood friends imran and sahidul.. Keep prayers for mine! #YesWeHack #FirstBounty #Alhamdulillah #BugBounty #Hackerone

@coffinxp7 @CEB_lk @CebeuNews @SL_PoliceMedia @NewsfirstSL Thanks and waiting

@RirRipon @CEB_lk @CebeuNews @SL_PoliceMedia @NewsfirstSL its easy but different method i will share all after patch

Found SQL injection in the largest Electricity Board of Sri Lanka. Contacted their support team, but no response has been received so far. Millions of users data, including payments details and bank details are at risk @CEB_lk @CebeuNews @SL_PoliceMedia @NewsfirstSL

Alhamdulillah Today I was Awarded $250 Bug:/composer.lock file discloses secret Add /composer.lock to your wordlist #BugBounty #bugbountytip

@shubhamtiwari_r Can i get the templates please? Thanks

Just published a new blog! 🚨 Learn how I discovered a critical LFI vulnerability that earned me $3000 using automated subdomain enumeration and vulnerability scanning tools! 🛡️💻 Check it out here 👉 shubhamrooter.medium.com/automating-sub… #BugBounty #bugbountytip #LFI #Automation #Nuclei

@0xraselrana F

@rohmad__hidayah @ft_eagle_eye_1 Read this @mrxdevil404/some-cases-bugs-on-invitation-bug-to-higher-impact-fd3f7268d469" target="_blank" rel="nofollow noopener">medium.com/@mrxdevil404/s…

Alhamdulillaah I was awarded $400 for BAC #BugBounty

@ft_eagle_eye_1 Inshaa'allah brother

@RirRipon Zajakallah, try to make writeup on this after resolve

@ft_eagle_eye_1 The bug isn't fixed yet . So I can't disclose any details. Can say a tips and that is . Test the invite functionality properly Maybe you can find a BAC there .

@RirRipon Mah Sha Allah brother, how did you find it?

@rahman0x01 Broken Access Control

@RirRipon Which bug

Yay I was Awarded $120 For A BAC #bugbounty

@imranHudaA @Hacker0x01 Congrats bro 🎉

Yay, I was awarded a $1,400 bounty on @Hacker0x01! hackerone.com/imranhudaa #TogetherWeHitHarder

@Totobarjo2 endpoints that call server such as Login / Signup / Forget password / Upload / Etc...

@ShoponAlom2014 @imranHudaA @SZ_Mahmud_7

@RirRipon @imranHudaA @SZ_Mahmud_7 Congratulations 🙌

Yay I was Awarded $520 For Information Disclosure and DoS Thanks a lot to @ShoponAlom2014 @imranHudaA @SZ_Mahmud_7

@imranHudaA @ShoponAlom2014 @SZ_Mahmud_7 Thanks ❤️

@RirRipon @ShoponAlom2014 @SZ_Mahmud_7 Congratulations 🎉 🎉

@SZ_Mahmud_7 @Hacker0x01 Congratulations 🎉

Yay, I was awarded a $750 bounty on @Hacker0x01! hackerone.com/ivreznap #TogetherWeHitHarder

@Arourmohamed01 @ott3rly If you find any bypass for that , kindly share it with me

@ott3rly brother can u dm need help bypass cloufront for stored XSS only thing work is <img src=x onerror="">,<a href=https://google(.)com>, the waf blocking alert(),prompt(),confirm(),print(), and the content type is json thats why cant add (")

One more google dork to detect AEM instances: site:target\.com inurl:/etc.clientlibs #bugbounty #googlehacking #dorking