Jhon Smit

14 posts

Jhon Smit

Jhon Smit

@finance_bitflow

Katılım Ekim 2025
100 Takip Edilen0 Takipçiler
Krigshaw
Krigshaw@krigshaw·
Another W from about a week ago. Thank you Jesus Christ!
Krigshaw tweet media
English
1
0
39
2.3K
Eyad
Eyad@Eyax0·
My first $2000 bounty on @cantinasecurity was paid the same day 🖤
Eyad tweet media
English
34
6
439
10.5K
Mushroom キノコ
Mushroom キノコ@MushroomWasp·
Found 2 0days recently 🍄💥 • Blind SSRF in Next.js (duplicate, but confirmed as a valid issue!) • Python vuln accepted, CVE in progress ⏳ Funny how productivity spikes during exam season 😂🔥 Details after responsible disclosure ❤️ #nextjs #0day #BugBounty #CVE
Mushroom キノコ tweet mediaMushroom キノコ tweet media
English
6
7
175
8.3K
Jhon Smit
Jhon Smit@finance_bitflow·
@mustafabilgicii I also want to join the team. I sent my resume once and they still haven't sent me an email. It's been more than two months.
English
1
0
1
475
Mustafa Bilgici
Mustafa Bilgici@mustafabilgicii·
Bug Bounty SQL Injection Waf Bypass Tips: In bug bounty programs, when you want to bypass a context, you need to know that context and technology very well, or you can quickly learn it by looking at the documentation. For example, understanding the regex logic in a blacklist or finding alternative characters for functions that enter a blacklist.This case study I'm about to describe focuses on that, so let's get started. I want to describe an interesting SQL Injection WAF bypass we found on a new target while bug bounty with Anduricaser in the @SynackRedTeam. One of the most common developer mistakes we encounter is that instead of fixing vulnerabilities, developers apply blacklists. This leads to hackers eventually bypassing vulnerabilities if they exist, instead of solving the problem at its root. For example, in previous cases, payloads obtained were banned, meaning functions like `datecreated` couldn't be used. However, by calling the `contentsize` function, data could be easily extracted using the `1'or+ContentSize=2955534+and+not+documenttitle+like+'sy` payload. #BugBounty #bugbountytips #sqlinjection #SecureCoding
Mustafa Bilgici tweet media
English
3
15
216
9.1K
Inspectiv
Inspectiv@inspectiv·
🚨 XSS is not dead. It remains a serious web security risk. Learn why Cross Site Scripting keeps appearing and what you can do to stop it. hubs.la/Q03Y8CkP0
English
2
3
24
2.1K
Patrickbatman
Patrickbatman@hamidonsolo·
A month ago I hesitated to spend $200 on Cursor Today… I feel like a cyborg 🧠 In just weeks it helped me: — build full custom hacking labs from scratch — spin up AI plugins & MCP servers on demand — find 5 serious bugs — earn $10k in bug bounty payouts (already $4k in my first month) Not sure if I’m coding or hacking… but it honestly feels like printing money 😂
Patrickbatman tweet mediaPatrickbatman tweet media
English
10
5
104
11K