idk
304 posts
Consistency > everything.
Another reward from a managed bug bounty program. Staying focused on one path and improving every day slowly adds up.
#BugBounty #CyberSecurity #InfoSec #EthicalHacking #SecurityResearch
English
j'ai oublier de mentionner mais je suis homosexuel, ça va de soit
Français
pour ceux qui ont lue sa vie (renfermer sur lui même, droguer aux breachs etc) vous serez pas déçu quand je serais arrêter vous allez apprendre l'immonde dêché sociale sans ami que je suis vous serez probablement pas étonner
Français
@NearLeVrai @bati21675 @NormalLeVrai T étais dans ce groupe Telegram je pensais y avais que shika normal et breach3d ?
Français
idk retweetledi
#pwnerleak
Nouveau leak du groupe de @NormalLeVrai !
On y apprend de nouveau membres dont hit0ro et shika dont @NearLeVrai semble très protecteur
On y apprend aussi que Normal à le discord osintfr et lookup
ibb.co/0pdNqTgs
ibb.co/JW2js5vR
ibb.co/dsYy9ksm
Français
@bati21675 Tu t toujours aps fait perquise j espère deja que normal y a moyen qui s est fait perquise
Français
bon un certain CB à fait sauter 3 de mes tweets et m'a bloquer mon compte pendant 8 heures mais ne t'inquiète pas le plus drôle reste à venir !
Français
Just got a reward for a high vulnerability submitted on @yeswehack -- Cross-site Scripting (XSS) - Generic (CWE-79). yeswehack.com/hunters/luckyl… #YesWeRHackers
English
Just got a reward for a critical vulnerability submitted on @yeswehack -- Improper Input Validation (CWE-20) Lead to RCE ... yeswehack.com/hunters/frozenk #YesWeRHackers
English
Just got a reward for a vulnerability submitted on @yeswehack -- Cross-site Scripting (XSS) - Reflected (CWE-79).
Waf bypass:
<mctx%2FOnCoNtEnTvIsIbIlItYaUtOsTaTeChAnGe%3Dalert%601%61%09STYLE%3Ddisplay%3Ablock%3Bcontent-visibility%3Aauto>
English
🚨🇫🇷 Lagrange Vacances allegedly breached: 44K holiday rental reservation records exposed from French travel booking database
A threat actor claims to have leaked a database tied to Lagrange Vacances, a French holiday rental and vacation accommodation provider offering apartments, holiday homes, and leisure stays across France and Europe.
━━━━━━━━━━━━━━━━━━━━
Target: Lagrange Vacances
Sector: Hospitality / Travel / Holiday Rentals
Incident: Database Leak
Exposure: 44K records / 35MB
Actor: ChimeraZ
Country: France
Date: 19/05/2026
━━━━━━━━━━━━━━━━━━━━
What’s allegedly included:
▪ Reservation records allegedly linked to Lagrange Vacances bookings
▪ Customer and participant identity fields
▪ Booking references and reservation IDs
▪ Vendor, lodging, and product-related records
▪ Guest count fields including adults and children
▪ Stay dates, arrival/departure times, and accommodation details
▪ Pricing, commission, fees, and payment-related booking metadata
▪ Customer comments and special booking notes
Potential impact:
The exposed data could be used for booking impersonation, targeted phishing, travel fraud, customer scams, and social engineering against travelers, guests, and booking partners.
Status:
Unverified underground forum claim. The actor posted structured JSON reservation samples and claims the download links are hidden behind forum access.
Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing
English
Pretty good hunting session — multiple findings and all made it through triage, each with its own path and impact.
Now waiting on the final outcomes
#BugBounty #SecurityResearch
English
Just got a reward for a high vulnerability submitted on @yeswehack -- Improper Authentication - Generic (CWE-287). yeswehack.com/hunters/frozenk #YesWeRHackers
English
idk retweetledi
‼️🇫🇷 Madeindesign (madeindesign.com), a French online retailer specializing in designer furniture, lighting, and home decor, has allegedly been breached, with a partial database of 464,000 records leaked.
⠀
‣ Threat Actor: ChimeraZ
‣ Category: E-commerce Data Leak
‣ Victim: Madeindesign
‣ Industry: E-commerce / Furniture & Design
⠀
The actor leaked a partial database covering customer orders and invoices.
⠀
What's in it:
⠀
▪️ 464,000 records
▪️ Format: JSON
▪️ Size: 205 MB
▪️ Order IDs and invoice IDs
▪️ Customer full names
▪️ Home addresses (street, postal code, city, country)
▪️ Phone numbers
▪️ Payment method (Visa, MasterCard)
▪️ Delivery method (Colissimo, etc.)
▪️ Order totals
▪️ Product details (name, dimensions, brand)
▪️ Order dates (records dating back to 2013)
English
ça va faire 3 jours que notre normal ne c'est pas co sur les forums, tu va bien @normallevrai ?
Français
Yay, I was awarded a total of $5,500 in bounties on @Hacker0x01! hackerone.com/eliteoffensive
Vulnerabilities Found:
1. Privilege Escalation (Trial User → Platform Admin)
1. While reading the site's JavaScript files, I found an API endpoint and noticed it accepted an "author" parameter in the request body.
2. The JS hinted that the "author" value was used to identify who the request belonged to — and that this value needed to be an admin's email for certain actions.
3. I collected 15–20 employee emails through public sources (OSINT).
4. I tested them one by one as the "author" value. One matched a platform admin account, and that request was accepted.
5. Using that admin's email as "author" along with my own account ID, I changed my account "plan" from "trial" to "internal". The request went through, and my role was updated.
6. Root cause: the endpoint was authorizing the request using a value from the request body instead of the role from the user's authenticated session.
2. SSRF → Cloud Metadata Credential Exposure
1. The app had a feature that fetched user-supplied URLs from the server side.
2. Confirmed by pointing it at a public echo service — the response showed a cloud server IP, not mine. The server was making the request.
3. The URL filter blocked the metadata service IP in its standard dotted form, but didn't normalize alternate representations. Converting the same IP to its decimal form bypassed the filter cleanly.
4. From there, the standard two-step metadata flow worked: first request returned a session token, second request used that token to return temporary instance role credentials.
5. Root cause: block-list URL filtering without IP normalization. A single canonicalization step on the resolved address would have caught this.
3. IDOR Exposing 285,000+ Customer Invoices
The invoice download endpoint used sequential IDs with no ownership check. Changing the ID returned other customers' invoices.
4. IDOR Enabling Cross-Tenant Audit Log Manipulation
A "log move" endpoint trusted client-supplied IDs, which allowed moving log entries across tenant boundaries and tampering with audit history.
5. Unauthenticated Path Traversal
A public endpoint accepted file paths without sanitization, allowing partial file reads across the platform with no authentication required.
Key lessons:
→ Never authorize based on request-body fields. Use the session/JWT role.
→ URL-fetch features need allow-lists, and must normalize alternate IP forms.
→ Sequential IDs are fine; missing ownership checks are not.
→ "Unauthenticated" doesn't mean "untrusted input is safe."
#bugbounty #securityresearcher #ethicalhacker #cybersecurity #vulnerability #penetrationtesting #securityaudit #digitalsecurity #tech #innovation #hackerone #freelance #freelancer #pentester #ssrf #idor #privilegeescalation #pathtraversal #appsec #infosec #TogetherWeHitHarder #bugbountytips
English
Just got a reward for a critical vulnerability submitted on
@yeswehack
-- Default Credentials (CWE-1392)
#YesWeRHackers
yeswehack.com/hunters/noobos…
English