Muntrive

Day 62. 1464 hours. A critical cPanel vulnerability dropped this week, just one of countless security advisories, news, decisions, and disasters Iranians have been cut off from. Nobody even knows what is unknown anymore. This isn’t a blackout. It’s a country being buried alive

@alial1shan @intigriti nice bro👅🔥

Yay, I was awarded a €2,500 bounty on @intigriti. I like bugs that have a severe real‑world impact.

@0xHo3ein0xploit @voorivex Nice🔥🔥🔥🔥🔥

@YShahinzadeh Legend👹

this one is interesting, triage team initially closed it as OOS. I kept reasoning because it was a 0-click ATO, but they remained unchanged. However, surprisingly, the company team re-opened the report and the result is satisfying now. the point: peaceful communication always :)

@AmirMSafari 🔥🔥🔥🔥🔥🔥🔥

Thanks for participating in this challenge! I analyzed the qs parser source code and wrote about the inconsistency between the backend and frontend query parsers, along with two possible solutions. Hope you enjoy it! blog.voorivex.team/when-two-parse…

@AmirMSafari GOAT⚡️

I recently discovered several vulnerabilities in MCP servers across different attack scenarios (DOM XSS, Stored XSS, SSRF, etc.) and decided to publish a blog post to share my knowledge. Hope you enjoy it! :D blog.voorivex.team/shaking-the-mc…

@YShahinzadeh 🔥

after a long discussion on a report, I managed to convince the program that the bug is High and they issued a bonus on top of the bounty. they'd mistakenly considered PR as High because the victim needed to be authenticated when opening my link, this actually affects AC not PR :)

@NeverGiveUP8333 @MrCherna 🤣🤣🤣❤️

@Muntrive @MrCherna man leave some for the rest of us 🤣🤣🤣🤣

@0xHo3ein0xploit @voorivex Good job bro ❤️ Congrats👏🏽👏🏽👏🏽👏🏽

Forever grateful for GUTS Course 📿 @voorivex

@VC0D3R @Bugcrowd 🤩🔥

I earned $4,000 for my submission on @bugcrowd #ItTakesACrowd #BugBounty #bugbounty

@0xHo3ein0xploit @voorivex congrats 👊🔥❤️‍🔥

Still hunting, Still learning JS Just got a little more interesting today📿 @voorivex

@YShahinzadeh 🔥🔥🔥

This one was easy: searched JS files → revealing endpoints → JSON HTTP request → exposed PII. Tip: account for lazy-loading. many hunters miss endpoints. Method: click to trigger lazy-loaded JS, then search again for endpoints. Happy hunting :]

@YShahinzadeh GOAT🔥🔥🔥🔥

I haven’t fully returned to BB since my H1 acc was suddenly closed, but this week I tried to start working again. I spent some time on BC and found an XSS and an IDOR, the XSS was easy with a simple payload :]

If a CSPT bug can't be exploited on the same origin, you can pivot it to another one. Cloudflare Image Transform can act as a cross‑origin gadget to reach more sensitive endpoints on different origins - you can read more about it here ;) blog.voorivex.team/cloudflare-ima…

@AmirMSafari 🔥🔥🔥🔥🔥

@VC0D3R @Bugcrowd 🔥🔥🔥🔥on top

I earned $6,050 for my submissions on @bugcrowd #ItTakesACrowd Check comments for the tip. #bugbountytips #bugbounty

@em0n555 @Hacker0x01 I’d really love to do that to keep others from working on it, but unfortunately it could get me into trouble. I hope you understand me.♥️

@Muntrive @Hacker0x01 can you please drop the program name so other hunters don’t get burned from those scammers

@MAbdullah78619 @Hacker0x01 Thank you man♥️🫂

@Muntrive @Hacker0x01 Don’t worry bro. You will score bigger than this✊🏼.