Deepak bug_vs_me

@bug_vs_me/how-to-escalate-a-sql-injection-if-there-is-a-strict-waf-2a7798bb769e" target="_blank" rel="nofollow noopener">medium.com/@bug_vs_me/how…

@0xMstar Interesting

Consumed 500 million tokens in Deepseek v4 , just cost me 15$ .. Very cheap .

@mo7meadwael Great

@pierrecoins Claude subscription

Tell me in one word why you need $200 right now

@tabaahi_ @Payoneer_Help @Payoneer 🫠

@bug_vs_me @Payoneer_Help @Payoneer company wale aapke name pe transfer nhi krege sir mujhe invoices send krna hota h

Hey @Payoneer_Help @Payoneer my payment of $1,664 (Payment ID: #988364323 | Customer ID: #103667206) was canceled after sitting in "upcoming" for 5 days, and then you permanently closed my account with zero explanation.

any bug bounty hunter have Akamai ?id=</script> ( close script tag payload bypass Dm me i have 6 xss we can do 50/50

@fattselimi @intigriti Check DM

Just scored a reward @intigriti, check my profile: app.intigriti.com/profile/fattse… #HackWithIntigriti

@janpreet4340 Dm me URL

@bug_vs_me sorry bro it still made the = in the end : ( <input type="hidden" name="transactionType" value="" oncontentvisibilityautostatechange"alert(1)"="" style"content-visibility:auto""="">

Any good tips for XSS in hidden endpoints like: <input type="hidden" name="transactionType" value="" hello"> where =, URL-encoded or HTML-encoded get appended at the end? Example: ?ttype=%22%20hello=%x becomes: <input type="hidden" name="transactionType" value="" hello"x"="">

@github So, when I reported that a GitHub employee had exposed push/pull access along with a GitHub API key, you awarded a high bounty. I classified it as a critical impact, considering its implications in a real-life scenario. Now we also have a real-world scenario too

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

@itz_mg_ Great

5/19/24 vs 5/19/26. that guy has no clue

@whithat444 @YShahinzadeh @kobi_hk @moblig_ @galnagli Dm

@YShahinzadeh @kobi_hk @moblig_ @bug_vs_me @galnagli

Found a DOM XSS sink via `location.href`. I can redirect to another domain, but I’m not yet able to achieve JavaScript execution. Need help with a bypass. Whoever helps me get successful JS execution gets a 50% bounty split. DM me I’ll share more details.

@errorsec_ Tu bol bhai toh hum apna bug bounty platform chalu kru

@RootxRavi @Bugcrowd Congratulations 🎉

I earned $4,500 for my submission on @bugcrowd bugcrowd.com/h/{id: "rootxravi"} #ItTakesACrowd #bugcrowd #security

punjabandsindbank.co.in >>> redirect to random website, is this what banks manage security i hold a account in this bank and i am worried now, even same website is at m.rbi.org.in/Scripts/Compla…

@RBI @PSBIndOfficial As oer new guidelines all banks need to use .bank.in domain but as old domains still index into Google search and bank should hold old domains and redirect user to new domain, but @PSBIndOfficial released there domain and it is takeover scammer,

@xlsize0bruh @Hacker0x01 I lost this cap :(

Lesssgooo gang! Now @Hacker0x01 gift some stickers too pleaseee 😝

@alxbrsn @Bugcrowd so damm true

hey @Bugcrowd can we please make this checkbox do something thanks

If you ask ChatGPT to pick a random number from 1 - 100, It only pick 73. 🥴🙌🏻 Try this bro

@krishnsec Nah they just pay bounty late, and past month because of payment issue they sent no bounty " they mentioned in one of my reports" so bounty paid in April ≠ bounty paid for reports in April

April fool ?