Alhamdulillah! Reported security vulnerability to NASA Bug type: Unrestricted Access to sensitive files #security #vulnerability #bug #nasa #infosec #bugbounty #pentesting #hacked

Alhamdulillah! Good Morning with this kind of appreciation and bounty from the program triager. Bug type: Stored XSS bypass to steal Oauth User token and many more sensitive data of user’s Bug Severity: HIGH I’ll publish a writeup soon after fixation of this issue #bugbounty

Alhamdulillah! Best month so far in bugcrowd #BugBounty #infosec #penetrationtesting #bugcrowd

Just got an appreciation from Federacy CTO James 😃 Thank you so much for the cool private targets and providing such a great bug bounty platform #BugBounty #federacy #infosec #vapt #CyberSecurity

Failure is a first step towards success 😎 Found CRITICAL security vulnerability in OpenSea platform. Unfortunately it got duplicated with another researcher. #bugbounty #nft #hackerone #opensea #infosec

Bug bounties in 2023 - extended roadmap 1.1. Common web vulnerabilities Injection attacks 1.1. SQL Injection 1.2. NoSQL Injection 1.3. Command Injection 1.4. LDAP Injection 1.5. XML Injection 1.6. XPath Injection 1.7. Server-Side Template Injection (SSTI) 1.8. Code Injection

Alhamdulillah ❤️ I and Shebiiiii did collab on a private target and reported a HIGH severity bug “Account Takeover via Host Header Injection” and got bounty. Also we got bonus for report quality 😎 That was a nice bypass. Thanks Shebiiiii #bugbountytip #BugBounty #infosec

Vulnerability accepted! Department of State Vulnerability: Reflected XSS Tip: Try second or third level URL encoding if application won’t allow you to use simple XSS payload. #infosec #CyberSecurity

XSS -> ATO Escalation Brain Dump: * Change email -> password reset * Change password * Change phone -> SMS password reset * Change security questions * Add SSO login (login with GitHub, ect) * Force logout -> Session Fixation * Steal session token via non-HTTP only cookie * Steal

I've earned more than 5-figure bounties from sensitive links, sent via email, that were leaked without any user interaction. Surprisingly, the leaks came from the very security vendors that were supposed to protect the victims. Curious how this happens? 👇 #BugBounty

Found my first RCE on a bb target, probably the best one too :) HTMLi to RCE 🚀 If the backend is python and the application offers a pdf render endpoint there are high chances that they are using reportlab (very popular) to generate those pdfs . POC: github.com/c53elyas/CVE-2…

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

🇵🇸🇮🇱 An Israeli strike hit Palestinian rescue teams in Gaza.

🇮🇱🇵🇸 The moment Israel BOMBED Gaza’s Baptist Hospital. Over 500 are reported dead. This is a crime against humanity. x.com/WarMonitors/st…

A group of children miraculously survived the Holocaust at the Al-Ahli Arab Hospital after the Nazi Israeli occupation bombed the hospital, resulting in the deaths of 500 martyrs and the injury of 600 other civilians, most of whom were children and women.

🇮🇱 Israel is MASSACRING CHILDREN in Gaza. 🚨 The media WILL NOT show you the truth.

Stop war against children 🇵🇸❤️

Godfather Orwa 🇯🇴 Eslam Salem 3️⃣ We Hacked Apple for 3 Months: Here’s What We Found A classic write-up by 5 talented researchers that briefly talked about their experience hacking Apple for 3 months! samcurry.net/hacking-apple

Th3g3nt3lman 5️⃣ Write-up: AWS Document Signing Security Control Bypass Ozgur shares a cool way of abusing application logic to bypass AWS Document Signing! ozguralp.medium.com/write-up-aws-d…