QWERTY

@YShahinzadeh Congo bro write up ??

JS reading > IDOR > internal Google data leakage :]

@kaorrosi Who??

SHE PUT NAIL GLUE IN HER EYE?! 😭

@Dedrknex Why this happened bro ?

Found a very cool bug leaking PII of users /Abc/cart/current/1234 authenticated 200 Ok /Abc/cart/current/1938/ 401 /Abc/cart/anonymous/1938 200 OK Response: anonymous| email : test@xym,phone number, name, address etc!!

@mugh33ra Congo bro write up ??

Found CVE-2025-59287 kinda hard to exploit target: BBP open to collab 50/50 #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection

@0xmicho1 Congo bro write up ??

First SSRF 🔥💕

@DhaferThamer @Hacker0x01 Congo bro write up ??

Yay, I was awarded a $4,250 bounty on @Hacker0x01! hackerone.com/dhaferx66 #TogetherWeHitHarder

@HouranyIbrahim Congo bro write up ??

Someone: While I was sleeping, my AI agent found 50 bugs. The bugs it found 👇

@datafuel0 Congo bro write up ??

Authentication bypass and information Diclosure. The bearer token is imbedded directly in URL. However, it is an authentication credential that can be exchanged on POST /api/authentication/login. I got this archived URL by using Wayback Machine CDX API with no authentication.

@darkshadow2bd Will it work every time ?

Authenticated RCE in Ai code editor! - some times Some bugs are hidden, so to uncover these are bugs always make account. - if you find any endpoint which works to validate any code its a gold mine, try RCE payloads. Join my BugBounty telegram channel: t.me/ShellSec

@5mukx Thank you sharing for valuable support to cyber security domain 😎

Dynamic Malware Analysis for beginners: infosecwriteups.com/letsdefend-dyn…

@datafuel0 How to use this ? Do you have full write ups ??

🔥CSP bypass. Use the following site to find payload. cspbypass.com

Firefox RCE POC You visit web page I get shell. The end. chrome blocks this, firefox does not no exploits, no downloads, and no user interaction

CVE Database fedisecfeeds.github.io

Good morning hackers, Read my New write up about how I got a full SQL Injection, with bypassing server side,Waf with new tecnic: @a7madhacck/how-i-got-a-by-discovring-a-critical-sql-injecation-vulnerability-in-a-public-bug-bounty-98c684d7eab0" target="_blank" rel="nofollow noopener">medium.com/@a7madhacck/ho… Hope you will enjoy🥳 #bugbountytips #hacking #bugbounty #cybersecurity

Port scanners ranked after 15+ years: Nmap → depth Naabu → simplicity RustScan → speed Pro tip: naabu -nmap-cli gives you best of both 🔗 nmap.org | github.com/projectdiscove… | github.com/RustScan/RustS…

How Attackers list entire databases using sql injection

@Fabrikat0r Congo bro for joining the company 😎

Stopped hunting - Joined Job - Started Learning. Hope this will make sense in few months/years #BugBounty

@Dedrknex Congo bro write up ??

Just submitted another broken access control vulnerability, where in an organisation when an owner removes or deactivates an employee another employee can reactivate the previous deactivated employees through hidden endpoint!!

@PinkDraconian Congo bro write up ??

A few days ago, Google awarded me a nice bounty for my bug 🥳 However, I immediately got inspired by my own vulnerability and ... I found another bug! 🐛 Fingers crossed 🤞