Jhon Smit
14 posts


@finance_bitflow @saqibarif98 @lostsec_ @Hacker0x01 It's has impact you have to buy a idn domain, don't use burp collab
English


@saqibarif98 @lostsec_ @Hacker0x01 What is the reason for the referees to reject this type of attack?
English

Bounty $$$$ 🤑 I got on Sept 2025
O click Account takeover
#BugBounty #CyberSecurity #EthicalHacking #InfoSec #BugHunter #SecurityResearcher #WebSecurity #CTF #HackThePlanet #Pentesting #bugbountytips #fulltimebughunter #googleVRP #MSRC #money #Bounty #infosec #Hacking #SEC

English

Found 2 0days recently 🍄💥
• Blind SSRF in Next.js (duplicate, but confirmed as a valid issue!)
• Python vuln accepted, CVE in progress ⏳
Funny how productivity spikes during exam season 😂🔥
Details after responsible disclosure ❤️
#nextjs #0day #BugBounty #CVE


English

@mustafabilgicii I also want to join the team. I sent my resume once and they still haven't sent me an email. It's been more than two months.
English

Bug Bounty SQL Injection Waf Bypass Tips:
In bug bounty programs, when you want to bypass a context, you need to know that context and technology very well, or you can quickly learn it by looking at the documentation. For example, understanding the regex logic in a blacklist or finding alternative characters for functions that enter a blacklist.This case study I'm about to describe focuses on that, so let's get started. I want to describe an interesting SQL Injection WAF bypass we found on a new target while bug bounty with Anduricaser in the @SynackRedTeam.
One of the most common developer mistakes we encounter is that instead of fixing vulnerabilities, developers apply blacklists. This leads to hackers eventually bypassing vulnerabilities if they exist, instead of solving the problem at its root. For example, in previous cases, payloads obtained were banned, meaning functions like `datecreated` couldn't be used. However, by calling the `contentsize` function, data could be easily extracted using the `1'or+ContentSize=2955534+and+not+documenttitle+like+'sy` payload.
#BugBounty #bugbountytips #sqlinjection #SecureCoding

English

🚨 XSS is not dead. It remains a serious web security risk. Learn why Cross Site Scripting keeps appearing and what you can do to stop it.
hubs.la/Q03Y8CkP0
English

A month ago I hesitated to spend $200 on Cursor
Today… I feel like a cyborg 🧠
In just weeks it helped me:
— build full custom hacking labs from scratch
— spin up AI plugins & MCP servers on demand
— find 5 serious bugs
— earn $10k in bug bounty payouts (already $4k in my first month)
Not sure if I’m coding or hacking…
but it honestly feels like printing money 😂


English








