Ahsan Shahid

@hunter0x8

🏆 Top 100 Ethical Hacker on @YesWeHack 🛡️ Synack Red Team %3d, %26%2340%3b, ( <<%0a%0d%26lt%3B $$ x=1 $$

Faisalabad, Punjab Katılım Kasım 2019

1.5K Takip Edilen2.2K Takipçiler

Sabitlenmiş Tweet

Ahsan Shahid@hunter0x8·10 May

My first Writeup @ahsan.shahid/resolveuri-rxss-imperva-waf-bypass-c834ca573bd4" target="_blank" rel="nofollow noopener">medium.com/@ahsan.shahid/… #BugBounty #wafbypass

English

146

Ahsan Shahid@hunter0x8·20h

@OreoB1scuit @mugh33ra github.com/edduu/Arjun try this one instead of orignal one

English

Biscuit@OreoB1scuit·20h

@mugh33ra i never found it working

English

332

Biscuit@OreoB1scuit·1d

did you guys find Arjun tool ever useful ? #bugbounty

English

6.7K

Ahsan Shahid@hunter0x8·20h

@damian_89_ @OreoB1scuit which one you are using instead of Arjun

English

Damian Strobel@damian_89_·23h

@OreoB1scuit In the beginning, later got bad because of too many not well designed features.

English

670

Ahsan Shahid retweetledi

Renwa@RenwaX23·2d

I have been using AIs to find bugs recently and came across a cool site-wide DOM-XSS using Cookie Injection, here is the story of the finding and current state of bug hunting... @renwa/site-dom-xss-using-cookie-injection-the-ai-hackers-are-coming-faster-than-you-think-3ef82f2a991d" target="_blank" rel="nofollow noopener">medium.com/@renwa/site-do…

English

373

25.3K

Ahsan Shahid retweetledi

DinDinDin@comores_11·25 Mar

🔥 XSS Tip: Unicode Normalization Don't give up if <, >, " or ' are filtered ! Many apps normalize Unicode after the WAF/security layer. Some bypass variants (URL-encoded): 🔹 < ➔ %EF%BC%9C 🔹 > ➔ %EF%BC%9E 🔹 " ➔ %EF%BC%A2 🔹 ' ➔ %EF%BC%87 🔹 ` ➔ %EF%BD%80 For example, inject %EF%BC%9Cscript%EF%BC%9E and check if it reflects as