Koupon

Alhamdulilahi 🙏🙏🙏 My First Critical on Amazon I dedicate this to @Olamdeen @4osp3l @GodfatherOrwa @fattselimi @badcrack3r The power of Yandex Dorking🚀🚀🚀🚀 Never Back Down is the Key 🚀🚀🚀🚀

@4osp3l Congratulations 🎊🎉 Up up Way bro More bug to conquer

Triaged 🔥

@jesuz_boi @v3n0m30 @H4ckmanac Confirm Suya as long you have the CVE-2024-4577 You’re in swiftly 😋😋😋😋

@Shabosec @v3n0m30 @H4ckmanac Its built on php 7.4 😭😭😭😭

🚨Cyber Alert ‼️ 🇳🇬Nigeria - 𝗦𝘁𝗲𝗿𝗹𝗶𝗻𝗴 𝗕𝗮𝗻𝗸 𝗟𝘁𝗱 Threat actor ByteToBreach claims to have breached Sterling Bank Ltd, alleging the compromise of customer and employee data linked to approximately 900,000 accounts and over 3,000 staff. Threat actor: ByteToBreach Sector: Financial / Insurance Data exposure (claimed): 900,000 customer accounts and 3,000 employee records Data type: Banking records, identity documents (BVN, NUBAN, passport and driver’s licence), transaction histories, loan records, credit scores, and employee data Observed: Mar 27, 2026 Status: Pending verification ESIX©: 6.18 Full details and impact assessment on HackRisk.io

@jesuz_boi @v3n0m30 @H4ckmanac Then if it’s running on php 7.4 Critical RCE is in there PHP 7.4, which reached end-of-life in November 2022, has numerous security vulnerabilities, including buffer overflows, remote code execution (RCE), and memory corruption flaws. Key risks include the imageloadfont() Gd

@v3n0m30 @jesuz_boi @H4ckmanac I beat my chest it’s 100 percent vulnerable

@Shabosec @jesuz_boi @H4ckmanac well as you have said earlier that depends if it vulnerable i haven’t done my recon to confirm though but it will be a very lousy job from there security team to leave like that without it being patched….. it might have been the entry point though for those threat actors

@4osp3l Congratulations bro Up Up way 🔥🔥🔥🔥🚀🚀🚀🚀🚀🚀

🔥

@v3n0m30 @jesuz_boi @H4ckmanac Do you believe the old portal will still give you unrestricted access as long is still using the internal endpoint of New portal of 2026 The only different is the subdomain For example Old domain: dashboard.target.com New domain: app.target.com

@Shabosec @jesuz_boi @H4ckmanac *this

@v3n0m30 @jesuz_boi @H4ckmanac Yeah most financial institutions don’t disabled there old portal which will give you access to there new portal which is working for 2026 For example old portal has been functioning since 2010 and they don’t disable it and they set up another portal in 2026

@mikkyluchi @jesuz_boi @H4ckmanac 100 percent sure

@Shabosec @jesuz_boi @H4ckmanac Haha you are so sure?

@commando_skiipz No system is safe

IF THE DIRECTOR OF THE FBI CAN BE HACKED, WHAT MAKES YOU THINK YOU’RE INVINCIBLE? BE HUMBLE!!!!!

If you like believe in your so called Cloudflare,Cloudfront,Akamai,Incapsula Dey Play you never heard of Waf Bypass payload or backslash &Semicolon (\ or ;) your security with Humble and lead the way successfully and grant access so sweet like Suya 😋😋😋😋😋

I Will keep Saying it Our Country Financial institutions is Cooked 😂 If you look into there JavaScript libraries they are old version which have CVE which can be Exploited successfully Or just API endpoint will leak all Users

@waziri_jatau @H4ckmanac @waziri_jatau that’s you need to see thing beyond what you’re imagine ,if you believe the site you build is safe then send me your website just your JavaScript I will fetch out your mistake and have unrestricted access with proof so bro you don’t say this

@H4ckmanac I'm developer, not everything I saw online seems legit, including this one

@ONealOmbu @H4ckmanac @ONealOmbu don’t say that this are critical sensitive information disclosure that normal user are not supposed to see , this need to be escalated and alert to the authorities so saying this that Jail words that’s why our Tech spaces is not growing

@H4ckmanac You possibly are looking at 6 to 7 years in jail for this nonsense

@jesuz_boi @H4ckmanac Then if it was built in laravel definitely I bet you it was built with Old version of Laravel which they have CVE for you to Exploit it smoothly 😋😋😋😋😋😋

@H4ckmanac Oh wait it was built on laravel 🫤

@fattselimi @badcrack3r The word touch me a lot Big Up @fattselimi Up Up Way

@badcrack3r The best rest ever, everyone will love us, they appreciate people only when they die nowadays

after 1000 accepted submissions im still the worst ethical hacker you have ever meet guys

@Cyberhijabitech @_DeejustDee @NalhatNabila @AishaBelloB Masha Allah, Congratulations 🎊🎉

Alhamdulillah 🎉🎉 Allah bless me with a baby girl. We have a new cyber baby in the community 😂 @_DeejustDee @NalhatNabila @AishaBelloB

Thank you so much @Hacker0x01 I’m very Happy 🔥🔥🔥🔥🔥🚀🚀🚀

@4osp3l Congratulations bro Big Up bro More Bug to Conquer 🔥🔥🔥🔥🔥

Triaged 🔥

@4osp3l Congratulations bro Big up bro 🔥🔥🔥🔥

Triaged!

@prettycyb3rgirl Have you try time-based or try blind SQLi using Ghauri to exploit

Not sqlmap using almost 1 hour to exploit this vulnerability, I want to sleep🥲😪