Al-hassan abbas | الحسن عباس

third week respectively 1st on hackerone #hackerone #BugBounty #bugbountytips

Just got a reward for a vulnerability submitted on @yeswehack -- Improper Access Control - Generic (CWE-284). yeswehack.com/hunters/exploi… #YesWeRHackers

They forgot to add 00

Yay, I was awarded a $500 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytip Tip: GraphQL Voyager via /api/graphql/voyager

Just got a reward for a vulnerability submitted on @yeswehack -- Cross-site Scripting (XSS) - Reflected (CWE-79). yeswehack.com/hunters/exploi… #YesWeRHackers

Just scored a reward @intigriti, Bounty+Bouns $500 app.intigriti.com/profile/exploi… #HackWithIntigriti Tip: Unauthenticated Grafana

@mysanismine @Hacker0x01 😂😂

I earned $300 for my submission on @bugcrowd bugcrowd.com/h/alhasan_abbas #ItTakesACrowd Tip: CVE-2025-4123

Just got a reward for a vulnerability submitted on @yeswehack -- Cross-site Scripting (XSS) - Stored (CWE-79). yeswehack.com/hunters/exploi… #YesWeRHackers

@no_zidan @Hacker0x01 Httpbin simple http server for requests and response

@exploit_msf @Hacker0x01 What do you mean with httpbin?

I was awarded a $300 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder Tip: 1 XSS via httpbin & 2 Url redirect via httpbin

@0xsaiyann @Hacker0x01 Not all programs close url redirect as NA Httpbin simple http server for requests and response

@exploit_msf @Hacker0x01 What is httpbin? And how did they reward you for open redirect? I just get NA for that

I earned $200 for my submission on @bugcrowd bugcrowd.com/alhasan_abbas #ItTakesACrowd #bugbountytips Tip: CVE-2022-46463 Download repo's in harbor

I was awarded a $3,100 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder

@h4x0r_dz @intigriti Yes, it was airflow web app then you need to access to admin airflow then you can read user,pass for jenkins in anothet port then get rce from jenkins then you need get root using python script with rwx permissions

@exploit_msf @intigriti Htb ?

Just scored a reward 1875€ @intigriti #HackWithIntigriti #bugbountytips Tip: I played ctf this year and i found this vulnerability because i solve machine challenge with same bug If you found apache airflow use flask-unsign to found secret key and generate new jwt for admin

@h4x0r_dz @intigriti Thanks I don't remember name 🥲

@exploit_msf @intigriti Congrats Box name ?

I was awarded a $290 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips Tip: CVE-2025-29927 via /admin

I was awarded a $450 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder

3 Simple rewards in last week Tips: 1- Django debug /anypath 2- CVE-2019-11248 /debug/pprof/ 3- Spring heapdump disclosure /heapdump

I was awarded a $350 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder Tip: CVE-2025-0133 RXSS