Found an RCE in Google Web Designer :) Very similar to the CSS Injection to RCE found by Bálint Magyar. sudistark.github.io/2025/09/23/RCE…

If you don't have something important to care about, you will naturally care about things that make you stupid, angry, and depressed.

Losers change their goals because they’re too lazy to change themselves.

Reminder: You’re allowed to have fun working really hard. And when working really hard isn’t fun, you’re supposed to do it anyway.

When testing signup for different websites check if they are providing screen names or usernames some of the website use the name before @ symbol from the email address. For example I sign-up using the email address [email protected] screen name or username is abc. #BugBounty

LFI via SVG 👀 Glad you enjoyed it arete!

You need to bring urgency into your life for doing anything for example a task, that way you will be able to complete the tasks way faster that you normally do and you will learn more.

Always try to turn every disaster, rejection and all the bad things that happen to you into opportunity. Like what you can learn from that, what are the different things that you can implement into your life that makes your better, how you can never repeat same mistakes.

When testing pay attention to even most small detail and check each and everything on the website. I was testing the application where we can have private project's one page displays all the projects on the map, private project's details were also shown there. #BugBounty

When you get more bonus that the actual bounty :) Love this kind of programs. #BugBounty HackerOne

Found a crazy AI bug, waiting for the team to FIX. Will post details once fixed. #BugBounty

In my experience, 4 hrs of work + 1 hr of exercise is WAY more fruitful than 8 hrs of work. Humans are meant to MOVE.

A painful clarity is better than the confusing hope that keeps you trapped.

Inside <svg><script>, only child text nodes become JS code, while comments or SVG elements are dropped. So <//…> (a bogus comment) lets you sneak comment-looking sequences into executable JS. jsfiddle.net/uz5bxnhc/ #xss

There’s work to do. Go do it.

Bhumika After I turned 19, I stopped asking my father for money. Something inside me always felt that I shouldn’t spend what he worked so hard to earn. Instead, I built my own path, made my own money, and the day I retired him early became one of the proudest moments of my life.

akamai waf is SO fun to fuck with. managed to bypass it with this in a JSON request (which then saved my input and output it on another endpoint) {"ID":'0<h2 onpointerrawupdate="/*','*/prompt``">':"xss" using onpointerrawupdate=' got blocked by waf. but flipping it to " worked

Be careful with whom you hang out, like your friend circle that matters a lot and will impact a lot of different things the way you think, act, the things you talk about, the decisions you make and a lot of different things.

Lachlan Davidson just demonstrated what real deep reasoning looks like. the react2shell bug is so complex that both humans and LLMs couldn’t figure it out, and most still trying hard to. this is what weeks of actual expert grind produce. and it’s exactly the kind of

So much to learn, yet so little time.