The moment I see something like {"email":"[email protected]"}, I instantly try these 3 payloads: - {"email":["[email protected]", "[email protected]"]} - {"email":"[email protected]", "email":"[email protected]"} - [email protected] Simple trick. Big impact.

Every Bug Hunter was just a person who refused to quit. Pushed past the Informative’s, the NA’s. Also the dupes. In this space you really have to want it. If you want it. You will succeed no short cuts. #bugbounty #bugbountytips

This is the best bug bounty tip you will ever receive. TEST every function. Log each of the requests than break that function. This will lead to endless bounties. #bugbounty #bugbountytips

DAY 47/365 This write-up helped me understand dependency confusion more effectively. medium.com/@bakkar0x/how-…

Introducing my Bug Bounty Masterclass. 100% free. I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint. 4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification. Finish it

Anyone else having slow withdrawal times on YesWeHack ⠵ ?

Just got a reward for a high vulnerability submitted on YesWeHack ⠵ -- Improper Authentication - Generic (CWE-287). yeswehack.com/hunters/xiety #YesWeRHackers

x.com/i/article/2014…

Im going to give my all to this game. 26 Years old and made over 260k from bounties. Target: 1M+ Goal: Best Hacker In Canada 🇨🇦

Is the 0day_pilot on Intigriti a bot? They just closed a html injection and IDOR leaking PII as information/ Closed lmao

Each day you decide to miss on hunting for bugs increases your chances of dupes. #Bugbounty

I have an endpoint that allows you to download a users Privately listed video not *youtube* btw. Just by visiting the link. Improper Access

To my bug bounty/infosec family: My Nana was hit with a Stage 4 lung cancer diagnosis. It’s aggressive and the costs are stacking up fast. I’m grinding to cover what I can, but I’m asking for a hand. please consider sharing please! gofund.me/452ed087e

I have an endpoint where I can inject malicious content into a QR code. Inject and pre-fill messages to numbers which is a toll rate number I can set up. Also I can redirect to a malicious site, make the user call a number etc. Impactful?! Intigriti Triage says no. LOL

Great way to start the day with a Critical IDOR as Informative!

My nana is trying to win the fight against stage 4 cancer. Anything helps. Share or a donation helps us out tremendously. gofundme.com/f/Help-Us-Make…

Just got a reward for a vulnerability submitted on YesWeHack ⠵ -- Use of Unmaintained Third Party Components (CWE-1104). yeswehack.com/hunters/xiety #YesWeRHackers

Just got a reward for a high vulnerability submitted on YesWeHack ⠵ -- Cleartext Storage of Sensitive Information (CWE-312). yeswehack.com/hunters/xiety #YesWeRHackers