mahdi_yor

@0xwer8 انا عندي واحد الان له شهر و خمسه ايام assessed و رفعت واحد قبل اسبوع اتقبل و اتدفع

مش ممكن والله، هل هو طبيعي ولا لا؟ ثغرة critical تمر 5 ايام مع انها Assessed بدون اي رد ويردو على ثغره Mid بدل هاي الثغرة 🤨 **اثنينهم نفس ال Program على فكرة**

I'm waiting for a bounty, can you share yours? #BountyPro

my first accepted 🔥🤍 on @yeswehack

@0xBl4ckR4v3n nice writeup 🔥

I've dropped a new writeup on medium about a recent vulnerability I found on Dailymotion. Enjoy! part 1 => @0xBl4ckR4v3n/breaking-dailymotion-a-private-video-access-control-bypass-part1-455ae1a50f09" target="_blank" rel="nofollow noopener">medium.com/@0xBl4ckR4v3n/… part 2 => @0xBl4ckR4v3n/breaking-dailymotion-a-private-video-access-control-bypass-part2-4a701fa49bb2" target="_blank" rel="nofollow noopener">medium.com/@0xBl4ckR4v3n/… #bugbountytips #bugbounty #infosec

@4osp3l I have a question, bro. Does 'assessed' mean the report is 100% accepted?! or not

DAY 68/365 I got early access to Apex ( github.com/pensarai/apex ), so I decided to test how effective it really is. I pointed the agent to a specific asset I wanted it to focus on and gave it instructions to try an alternative approach if the initial test didn’t work. By the end of the scan, it managed to find a PII leak on a subdomain running behind a popular CMS. Since then, I’ve started noticing that multiple assets on the same target appear to be affected by the same issue. One of the reports has already been triaged.

@MenaaAnwar Congrats! 🎉🎉

( وَمَا تَوْفِيقِي إِلَّا بِاللَّهِ عَلَيْهِ تَوَكَّلْتُ وَإِلَيْهِ أُنِيبُ) after a few duplicates I landed my first valid bug Hoping the next one will be a bounty

@Kle0z i have in this program 4 duplicates and 4 Under Review But they are very slow to respond

bbradar.io Latest targets use case: - You've found a bug on an endpoint that's out of scope. - You want to know when that endpoint gets into scope asap, so you can report it. - With Pro you can either use the Latest Targets page, Discord Channel, or the API to keep monitoring the target updates for the program. - Once the endpoint gets into scope you get a notification or setup an automation to report the bug immediately. - GG

@lex_is1 @yeswehack me 3 duplicate 🥲

سلسه الduplicate الرمضانيه 🔥🔥@yeswehack "صدري ولععع"

@wadgamaraldeen nice writeup 🤍🔥🔥 thanks

Good evening guys, I had published a New Writeup in Medium A Critical IDOR Vulnerability That Allowed Deletion & Modification of (Any) User’s Address (Mass Address Deletion & Account Data Manipulation) @wadgamaraldeen/a-critical-idor-vulnerability-that-allowed-deletion-modification-of-any-users-address-mass-8b79caf49ded" target="_blank" rel="nofollow noopener">medium.com/@wadgamaraldee… #BugBountyTips #CyberSecurity #WebPentest

@4osp3l @yeswehack any tips about idor

I've no idea why this got downgraded; btw, thanks, @yeswehack ( writeup soon ).

@cybr_a بس في كثير من المواقع out of scope

يشباب انا مجربتش rate limit قبل كدا ف جربتو النهاردة على موقع كدا ف عملت 500 ريكوست ب user و password مختلفين عشان لو الموقع عمل بلوك ل user ده لو موجود بس بيرد نفس الرد ف المهم ان 500ريكوست بيرجعو status 200 فهل كدا مفيش rate limit ولا اى الدنيا عشان مش عارف اعمل ريبورت ولا اى؟؟

@Hey_Aivetra Guide

ChatGPT + Laptop + Internet + 1 Hour a Day = $250 Daily Normally, I charge $157 for this guide. 𝐖𝐨𝐫𝐭𝐡 $157, 𝐛𝐮𝐭 𝐟𝐫𝐞𝐞 𝐭𝐨𝐝𝐚𝐲! Like, comment "Guide" and repost for absolutely FREE. (Must follow, 42 hours only)

@0xmicho1 good job bor 🔥🔥🔥

"فَرِحِينَ بِمَا آتَاهُمُ اللَّهُ مِن فَضْلِهِ" الحمدلله اول باونتي ليا How I Found 124,000 Leaked PII Records in AT&T @0xcogitomicho/how-i-found-124-000-leaked-pii-records-in-at-t-2929374de1f8" target="_blank" rel="nofollow noopener">medium.com/@0xcogitomicho…

@entit_yy Brother, you are amazing 🔥🫶

Dashboard's looking good💯

@Abod_crypto @grok ه

يا @grok اختار 20 فائز من التعليقات بشكل عشوائي بعد 48 ساعة للفوز بجوائز قيمة🔥 بشرط التفاعل على هذا المنشور برتويت ولايك

@0x_rood I think this subs 🙁

5 Hrs fuzzing 😂😂😂

Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59) youtu.be/Kwacl06tX1I?si… عبر @YouTube

@drak3hft7 @yeswehack Can you tell me how to read robots correctly so I can become a professional in this field, or what gaps I should focus on most, and provide information for beginners?

did you say ‘stored xss’? all accepted.😄😇 #bugbounty @yeswehack

@xtkanon good job bro ✨💻

December achievements finished strong 🥰❤️ I discovered and responsibly disclosed 15 vulnerabilities, including: RCE (Remote Code Execution) 2× IDOR 2× BAC (Broken Access Control) Stored XSS 2× Reflected XSS 4× SQLI Misconfiguration Business Logic flaw Information Disclosure

From Default IIS Page to Critical SQL Injection mugh33ra.medium.com/from-default-i…