i7k

This Hacker Made $40,000 Using Claude Code youtu.be/pRPT_yrgRL0

Missed the RCEs… back to hunting. Thank you @Bugcrowd for the great triage #bugcrowd #ItTakesACrowd #bugbounty

The @hakiraio AI agent helped discover another vulnerability in a bug bounty program. Thanks to @HackenProof and PUMB for the support

“$800 Bounty: Privilege Escalation via API — From Scheduler to Team Admin” by Abhi Sharma infosecwriteups.com/800-bounty-pri…

haven’t done manual recon in a month. - @claudeai + burp mcp ; the backbone - @gemini ; local assessment pipeline #bugbounty #bugbountytips #aihacking

@rikeshbaniya @claudeai @Gemini Guide

Researchers find it. We build it. You learn it. 🧪 New lab is released. 0-click account takeover, a real time finding from fellow researcher! lab created by @Saeed0x1, now live on Bugthrive Labs. Try now: labs.bugthrive.com/dashboard/labs… #BugBounty #EthicalHacking #InfoSec

Just got a reward for a high vulnerability submitted on @yeswehack -- Improper Authentication - Generic (CWE-287). yeswehack.com/hunters/luckyl… #YesWeRHackers

Hello everyone ♥ a little bit write-up of #bugbountytip #bugbountytips I am going to write here ..... Title: getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon we know that its helpful to look for google groups/docs/etc.. Slack as well just like when the amazing @h4x0r_dz shared days ago .. Use google dork "site:join.slack.com" so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one for EX: groups.google.com docs.google.com join.slack.com and here is just an example you can add more similar workspaces for your checklist thin I extracted all internet endpoints and as example here join[.]slack[.]com otx.alienvault.com/api/v1/indicat… virustotal.com/vtapi/v2/domai… web.archive.org/cdx/search/cdx… you can use the ready tools to do it such as waymore important note: you have to keep your checklist updated every week and from here I just keep looking for the company name or domain name to see if there's anything connected and mostly the company name or domain name in the URL it self EX: tesla join.slack.com/t/Tesla-Intern… Ex For Bugs found: 1 unauthorized access to the workspaces (PII | Information disclose) 2 account takeover as Ex: valid signup employee link 3 account takeover as Ex: valid reset password employee link now about Slack, as an example if you found an invitation link for tesla Tesla join.slack.com/t/Tesla-Intern… and that link was not valid, don't stop here it will redirect for Ex: tesla-internal[.]slack[.]com here back and start looking manually for endpoints of this subdomain as well EX: web.archive.org/cdx/search/cdx… now there are a lot of 3rd party's/workspaces I just shared here slack & Google Docs/groups What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here. #Bugounty don't forget to retweet if you like it ♥♥♥

I just Posted My Current Methodology For Discovering Account Takeover via Password Rest Flows at LinkedIn :- linkedin.com/posts/wadgamar… #bugbountytips #Cybersecurity #AccountTakeover

"Sensitive Information Leak & Missing Authorization via API Endpoint" Join my BugBounty Chennal: t.me/ShellSec - to find info leak bugs in wordpress use my this quick wordlist: /api/v1/export/data /api/v1/config /api/debug/env /api/v2/auth/sessions /api/v1/admin/users /wp-json/wordfence/v1/config /api/v1/billing/details /api/v1/db/stats /api/v1/logs /api/v1/health /api/v1/status /api/v1/internal/settings /api/v1/cloud/credentials /api/v1/user/profile /api/v1/system/info /api/v1/backup/list /wp-json/wp/v2/users /wp-json/wp/v2/settings /wp-json/wp/v2/media /wp-json/wp/v2/posts?status=any /wp-json/wp/v2/pages?status=private /wp-json/elementor/v1/system-info

💀LFI via misconfigured image parameter☠️ > In most of cases hackers only test blind SSRF in image handler parameter. But if you test the right payload it can disclose many hidden bugs! Join my BugBounty telegram channel t.me/ShellSec #bugbountytips #lfi

Rekap 20 pelajaran hidup ala Bang Radit: 1.Jadi orang nyeleneh dikit? Santai aja, itu bukan dosa. 2.Stop julid, hidup lo bakal lebih tenang. 3.Kita tuh nggak sepenting itu di hidup orang lain, jadi chill aja. 4.Hidup simpel itu underrated banget. 5.Kerjaan berat jadi enteng kalau dicicil pelan-pelan. 6.Kerjaan juga lebih ringan kalau dikerjain bareng. 7.Ide nggak bakal keinget kalau nggak ditulis. 8.Belajar dari yang udah jago, biar nggak muter-muter. 9.Tapi kadang belajar dari yang “nggak tau apa-apa” juga buka perspektif baru. 10.Bengong dikit itu bukan buang waktu, itu bagian dari mikir kreatif. 11.Waktu tuh bukan dicari, tapi dibikin. 12.Uang bisa dipakai buat “beli waktu”, manfaatin. 13.Jangan lupa have fun, hidup bukan cuma kerja doang. 14.Coba hobi baru, itu cara paling gampang biar hidup kerasa fresh lagi. 15.Kejar momen-momen berkesan, bukan cuma pencapaian. 16.Jangan ambil keputusan pas lagi emosi, fix sering nyesel. 17.Kadang harus berani bilang “iya” ke hal yang biasanya lo tolak. 18.Tapi di sisi lain, belajar bilang “nggak” itu penting banget. 19.Main game = cara paling gampang buat kabur bentar dari realita. 20.Dapat kritik? Artinya masih ada ruang buat naik level.

I recently identified an interesting technique to bypass file upload restrictions by manipulating the Content-Type header. The target application enforced an image-only upload policy. Initial attempts to upload a file with a modified Content-Type such as application/html were correctly rejected. However, setting the header to application/jpeg allowed the upload to succeed, despite no validation of the actual file content. Further testing revealed inconsistent parsing behavior. When using application/text php/jpeg, the uploaded file was assigned a .txtphp extension, indicating that the server was partially deriving the extension from the MIME type in an unsafe manner. By refining this approach and setting the Content-Type to application/ php/jpeg, I was able to bypass the extension filtering mechanism entirely and upload a PHP file. In this case, the impact was limited because the file was served via CloudFront, preventing remote code execution. Nonetheless, this behavior highlights weak MIME type validation and unsafe extension handling, which could lead to critical impact in different configurations. Sharing this technique as it may be useful in similar upload validation scenarios.

My new 300$ new bug found using an old @zseano tweet! Simple bug in a complex section🔥 Full Story🗒️: @AliMojaver/300-email-html-injection-48dfc53e6d59" target="_blank" rel="nofollow noopener">medium.com/@AliMojaver/30… #bugbounty #bugbountytips #bugbountytip #hacking

Day 6 : Pixel Flood Attack Tip : Find Image uploads and upload a large pixel image at wait for 5XX Error. Link : hackerone.com/reports/390

Sensitive Information Leak via api call Severity: 9.1 From /api/contact an unauthenticated user can view all the private messages which only can show from Admin Panel. tip: always collect /api/ endpoints and try GET, POST etc methods. join my channel t.me/ShellSec

Business Logic Bug — Bypassing Gift Card Limits Using a Single Card @rootxjeet/business-logic-bug-bypassing-gift-card-limits-using-a-single-card-d61d33d9798c?source=rss------bug_bounty-5" target="_blank" rel="nofollow noopener">medium.com/@rootxjeet/bus… #bugbounty #bugbountytips #bugbountytip

🔥 XSS in Password Reset! ☠️ /api/v1/db/auth/password/reset:USER_TOKEN_ID IDOR = ❎ XSS = ✅ most of hackers here try to exploit IDOR, but before testing the idor try XSS! For more Join my BugBounty Telegram Channel: t.me/ShellSec