Sabitlenmiş Tweet
@bug_vs_me/how-to-escalate-a-sql-injection-if-there-is-a-strict-waf-2a7798bb769e" target="_blank" rel="nofollow noopener">medium.com/@bug_vs_me/how…
ZXX
Deepak bug_vs_me
5.5K posts
Deepak bug_vs_me
@bug_vs_me
security researcher | Bug Bounty hunter
Bharat 🇮🇳 Katılım Mart 2020
698 Takip Edilen13.5K Takipçiler
I earned $3,000 for my submission on @bugcrowd #ItTakesACrowd
I probably should get back to Bug Bounties and hack seriously 🫠
English
@0xSilvermist Ws always immunefi scammers, 1 critical and 1 high paid 0 , Admin access , drain project personal wallet they fixed they say it is OOS then Ban. 😂
English
I found a valid High bug in a bug bounty.
The project confirmed it.
But I got $0.
Here's what happened 👇
English
Registration = ₹5
Post /register
{"Id":"123"} > already registered
{"Id":"123 "} > 200 Ok +₹5
Repeat 🔁 until you become millionaire
Thanks me later
English
When I tried to use it with sqlmap, it stopped at the payload stage and was unable to find the database that was running.
If you have any techniques, please let me know.
K4e@YKatone
My first sqli…. 🙏🏾 #bugbounty @yeswehack
English
@bug_vs_me @PeterSRWeb3 From my short experience with them, they sure do.
English
So many people jumping into bug bounties right now...
I'm genuinely curious—what's the actual success rate?
Like, what % of hunters actually land their first payout?
Or consistently make money? Feels like 95%+ quit early with zero $$$ 😅
Thoughts? Stats? Your experience? 👇
English
Submitted a Dom-Based OR, marked as informative cause it won't escalate into XSS 😤
English
@thedawgyg i got 20k for an XSS and here 7,000 for RCE on chromium 🤐
English
@PeterSRWeb3 well I tried web3 as I have experience with BB on "web2". I submitted reports and got banned.
so, so far it's not been worth it for me on the web3 side of things 😅
English
5925 dólares (R$ 30.9k) até o momento no mês de fev.
lucas ➔ kloresec.io@1Iucas
4925 dólares (R$ 25.7k) até o momento no mês de fev. A partir da semana que vem vou dedicar esforços maiores pra ganhar mais com bug bounty. Me sinto bem mais descansado agora tomando melatonina.
Português
@bug_vs_me Working for 12 hours straight is insane. Your dedication and hardwork is great.
English
I spent 12 hours on an XSS and WAF bypass, and chained it to ATO for a $$$$ bounty 🙂. It was fun and I learned many new things. However, I noticed that I can’t leave work until I finish it. It’s kind of crazy that I worked straight for 12 hours.
It was a vuejs ssti to xss
English
@deadvolvo i have all kind of WAF bypass, except 1 payload </script> close script tag and my 4-5 xss on hold
English
@bug_vs_me Good question. I have seen people do this in the past when trying to validate bypasses. I guess you could say if it works on the main Akamai page, AND it works against other Akamai customers too, it could be a actual bypass. Testing on any one domain usually isn't good enough.
English
#bugbounty For *ANYONE* who thinks you have an Akamai WAF bypass, you can't verify that against a single Akamai target alone because some customers don't enable specific rules - ESPECIALLY those that have BBP programs, they may WANT to allow specific traffic to their tech stack.
English
@AshleyKingUK Origin == null so i don't think there is any issue here
English
Can you spot the problem?
Just waiting on Google to push a fix for their one then I can share my blog post on this behaviour.
Spoiler: Chromium are not addressing the underlying issue so Web applications need to implement mitigations!
Ash King@AshleyKingUK
Interesting behaviour in #Chromium: if you drag and drop a Data URI-based SVG image into a new tab, any generated dialog will display an inherited origin 👀
English
many such cases, for every audit we get, if we see claude.md/agents.md we know its a gold mine.
pashov@pashov
🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code?
English