Thanks for the follow, you just made my day! Pratik Dabhi 🥂

New Testcases added in my Advance Web Application Penetration Checklist Link: alike-lantern-72d.notion.site/Advance-Web-Ap… If I have missed any testcases, please comment below will add in next update. #bugbounty #bugbountytip #bugbountytips

It looks like today is special. Thanks Tushar Verma 🇮🇳, for the follow!🥂🫡

Back to hunting on YesWeHack ⠵ after a month and a half. Submitted 6 bugs to various programs and was surprised to see status change from 'new' to 'under review' in less than 30 seconds!🫡 Hoping for more invites😎 #iamadityapatel #hackxadi #bughunter

SSTI (Server Side Template Injection) Payload List 🔹{7*7} 🔹*{7*7} 🔹{{7*7}} 🔹[[7*7]] 🔹${7*7} 🔹@(7*7) 🔹<?=7*7?> 🔹<%= 7*7 %> 🔹${= 7*7} 🔹{{= 7*7}} 🔹${{7*7}} 🔹#{7*7} 🔹[=7*7] If evaluated as 49 - the target is vulnerable Credit:Anton #bugbountytips #bugbounty

Cross-Subdomain JWT Validation Leading To Full Account Takeover deepstrike.io/blog/cross-sub…

Understanding pen testing vs. bug bounty is key for cybersecurity. ✍️ Pen testing: structured, comprehensive 🐛 Bug bounty: taps global hackers, "pay for impact" Both crucial, but intensity varies! Learn more: bgcd.co/4c4Y2HM #Cybersecurity #PenTesting #BugBounty

Web Pentesting / Bounty Tip: Some people like using a command-line spider for gathering endpoints. Katana is one of these security focused spiders: github.com/projectdiscove… When using katana: 1) use "-headless" as modern CDN WAFs block many command-line spiders. 2) use

Wise words from Sam Curry for any beginner bug hunters out there! 👇

Back to bug hunting mode after a short break! bugcrowd #hackXadi

Bugcrowd's RAR is truly mind-blowing! Big thanks to @bugcrowd for this amazing feature, and a huge salute to "lemonade-bugcrowd" for the quick response time! 🚀👏

tried something new for the Bug Hunting community i hope this will help in there hunting jurney ❤️ site:lostsec.xyz special thanks to my team haq and javox to make it more better..

I just published How to Identify Sensitive Data in JavaScript Files: (JSRecon) link.medium.com/Pig9J9yzAPb

Submitting bugs? Keep it smooth with these tips: ⏳ Most are reviewed in 7 business days, clear reports help! 💬 Need an update? Use "Request a Response" after 7 days ✅ Finalization takes ~14 days, reach out if delayed 🤝 Feedback? Be professional & specific Questions? Drop

Thrilled to announce I’ve reached $100K on bugcrowd ! 🏆 It’s been an amazing journey securing sectors like banking, finance, education, healthcare, and content management, helping protect sensitive data along the way.

Superb update YesWeHack ⠵ team!!😍

Found an interesting IDOR. After signing up on the same app with two diff. countries:USA & India. I noticed that the account registered under India had an option to pause payment notification. By manipulating `ID` values in the request, I was able to pause notification of anyone.

Dear State Bank of India, There is a spelling mistake on the mcaregistration page. You have listed "Gujrat" (which is located in Pakistan), but the correct spelling for the Indian state is "Gujarat". Kindly make the correction. Thank you! ✅ Gujarat, India ❌Gujrat, Pakistan

🚨 OSCP GIVEAWAY ALERT🚨 We’re giving away 3 OSCP vouchers to supercharge your pentesting journey – proudly sponsored by OffSec ! 💥🙌 To enter: 1.✅ Follow Us 2.🔁 Retweet this post 3.❤️ Like this post 4.💬 Reply with your funniest cybersecurity meme 🎯 We’ll pick 3