Pwnr

438 posts

Pwnr

@yacynx

I hack stuff'-- -

404 - Not Found Katılım Mayıs 2020

2.5K Takip Edilen472 Takipçiler

Pwnr retweetledi

Tim Becker@tjbecker·13h

Full technical writeup + exploit technique for this 20-year-old bug in PostgreSQL zeroday.cloud/blog/postgres-…

Tim Becker@tjbecker

Xint Code discovered a highly exploitable heap-buffer-overflow in PostgreSQL that existed for over 20 years. Our research team exploited this bug to claim $30,000 at ZeroDayCloud in December! Bug details are below

English

118

8.1K

Pwnr retweetledi

s1r1us (mohan)@S1r1u5_·11h

when react2shell hit last year, i think vercel handled it brilliantly. to protect their users, they paid $50,000 for every bypass researchers could find. we decided to participate, and ended up earning $170,000. read how we did it here: hacktron.ai/blog/react2she…

English

246

9.5K

Pwnr@yacynx·13h

@Turki_alalshikh Noway 🤣🤣

English

TURKI ALALSHIKH@Turki_alalshikh·15h

🔥🎶

QME

382

466

3.7K

398.9K

Pwnr retweetledi

Jamieson O'Reilly@theonejvo·17h

x.com/i/article/2051…

ZXX

142

111K

Pwnr retweetledi

Unit 42@Unit42_Intel·3d

Obfuscated #WebSocket backdoors are injecting credit card skimmers into hundreds of compromised websites. The payload sends stolen card information back to attacker's C2 domains. Details at: bit.ly/42HyNb3

English

147

671

55K

Pwnr@yacynx·2d

Sure, I could publish everything and force them to fix it within hours... but I won’t. I did my part: I tested the app, found the issues, and reported them responsibly. I can live with that. If anything happens, it’s on them for failing to act.

English

Pwnr@yacynx·2d

This happened to me a few months ago. I tested an app because I was a regular user, and I ended up discovering several serious vulnerabilities, millions of chats, hundreds of thousands of users, their PII, and numerous files were exposed.

impulsive@weezerOSINT

if you've ever used Reframe to get sober, your private journals, your craving logs, what triggered you, how bad it got, your name, your email, all of it is sitting in a database that anyone can read without logging in i unzipped the app and found a database key in a config file. thats it. thats all it took 357,939 users exposed. disclosed april 7, no response

English

119

Pwnr@yacynx·2d

Months passed… and nothing changed. The vulnerabilities are still there to this day.

English

Pwnr@yacynx·2d

I reached out to their support team, staff, and even the CEO through both LinkedIn and email, but got no response after a week. So I put together a detailed report with all the findings and PoCs and sent it directly to the CEO again via email and LinkedIn.

English

Pwnr retweetledi

watchTowr@watchtowrcyber·5d

The Internet is falling down, falling down, falling down Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940 Enjoy with us.. labs.watchtowr.com/the-internet-i…

English

178

617

143K

Pwnr retweetledi

Phith0n@phithon_xg·27 Nis

Ghost Bits is a brilliant research: i.blackhat.com/Asia-26/Presen… Now you can reproduce CVE-2025-41242 in Vulhub, Spring/Jetty Path traversal caused by Ghost Bits: github.com/vulhub/vulhub/… This issue exists in spring-boot-starter-jetty <= 3.2.4 with zero configuration

English

297

29.7K

Pwnr retweetledi

Clandestine@akaclandestine·28 Şub

Inside Combolists: How Hackers Build Stolen Credential Data - DeXpose dexpose.io/inside-comboli…

English

9.5K

Pwnr retweetledi

Hazem@H4cktus·14 Nis

Tomcat JMX Proxy exposed without auth? Wrote a blog about how I got shell on a production Tomcat behind Cloudflare despite the deploy API being locked down, WAF blocking payloads, and CDN filtering template syntax. 8 dead ends. Then AccessLogValve + docBase + relaxedQueryChars + EL injection. 14 requests to RCE. Tool + nuclei template included! hackt.us/from-tomcat-jm… #bugbountytips #bugbounty

English

119

6.8K

Pwnr@yacynx·14 Nis

@livewithnoregrt Religion

English

introvert@livewithnoregrt·13 Nis

name one thing more valuable than money.

English

3.1K

263

3.3K

577.1K

Pwnr@yacynx·9 Nis

@fattselimi @badcrack3r May god be with you @badcrack3r

English

254

Fat@fattselimi·9 Nis

Face reveal of @badcrack3r 💯🧿

English

6.2K

Pwnr retweetledi

Drift@DriftProtocol·5 Nis

x.com/i/article/2040…

ZXX

620

700

3.6K

6.5M

Pwnr retweetledi

xssdoctor@xssdoctor·2 Nis

Hey guys! If you’re interested in cspt and quirks with frontend frameworks here’s some cool research I did with @ctbbpodcast criticalthinkingpodcast.github.io/research/the-d…

English

126

6.9K

Pwnr@yacynx·31 Mar

@georgegalloway The world know what this people are already. The question is what did we do about them ? Nothing.

English

George Galloway@georgegalloway·30 Mar

Controversial I know but I welcome these scenes. It shows the world exactly who these people are. The crowd chose Barabas. The Israelis chose Ben Gvir.

The Cradle@TheCradleMedia

VIDEO | Israeli National Security Minister Ben Gvir, outside the Knesset chamber, celebrates the passing of the death penalty law for Palestinian detainees, describing it as historic and saying, “Soon we will count them one by one.”

English

424

3.2K

10.4K

199.5K

Pwnr@yacynx·21 Mar

@YShahinzadeh Thanks for sharing

English

389

YS@YShahinzadeh·21 Mar

I published one of the techniques that I've been using against OAuth providers, honetly, it's led me to discover many flaws, and recently I used it to find a 1-click ATO on one of the most widely visited websites,I hope you find it useful :-) blog.voorivex.team/story-of-abusi…

English

119

647

28.3K

Pwnr@yacynx·8 Mar

@thedawgyg @Masonhck3571 @h4x0r_dz Fair point, hopefully it never comes to that.

English

387

dawgyg - WoH@thedawgyg·8 Mar

@pwnx00 @Masonhck3571 @h4x0r_dz if they ever did it for religion they wouldn't be open anymore. Could sue them into bankruptcy and I would back the person financially to sue if needed (if they had evidence it was based on religion).

English

388

H4x0r.DZ 🇰🇵@h4x0r_dz·8 Mar

Israel has the right to destroy any infrastructure of any country Ohhh I forgot I should shut the fuck up and never speak up against the terrorist state of Israel, I should talk about infosec only

OSINTtechnical@Osinttechnical

Tehran’s Shahran oil depot is completely consumed by a massive blaze after Israeli airstrikes hit the facility tonight.

English

181

11.3K

Keşfet

@Turki_alalshikh @livewithnoregrt @fattselimi @badcrack3r @ctbbpodcast @elonmusk @BarackObama @taylorswift13