SSRF Trick: Instead of 169.254.169.254, try http://instance-data. It resolves to the same metadata IP and might bypass blacklists.

nullsecurityx.codes/cve-2025-8088-…

Wordlists specially for API routes fuzzing 📒 wordlists-cdn.assetnote.io/data/automated/ #infosec #cybersec #bugbountytips

Host Header Injection in Password Reset Function: From Header Manipulation to Account Takeover medium.com/@dgexploit/hos… #bugbounty #bugbountytips #bugbountytip

I just published How I Discovered Account Takeover (ATO) via IDOR lead to 500$ bounty medium.com/p/how-i-discov… #bugbounty #bugbountytips #bugbountytip

This one-liner by @tomnomnom finds all Git repos, creates a git-objects/ folder for each one and dumps every object (commits, trees, blobs, tags) into files named by their hash. Effectively exporting the raw Git database into human-readable files, repo by repo!

How I Found a Critical Password Reset Bug in the BB program(and Got $4,000) s41n1k.medium.com/how-i-found-a-… #bugbounty

tunnel any traffic over websockets to bypass firewalls and proxies

🚨 Linux/Unix alert: CISA just flagged a critical Sudo flaw (CVE-2025-32463, CVSS 9.3) now exploited in the wild. Attackers can hijack sudo’s --chroot option to run arbitrary commands as root—even if not in sudoers. Details → thehackernews.com/2025/09/cisa-s…

- bleepingcomputer.com/news/security/… via @GoogleNews

when you look for ATO, make sure that you go beyond x-forwarded-for. try at least the following, each individually. - x-forwarded-host - x-original-url - x-host - host I just found one via x-forwarded-host, while the rest did nothing or 421.

The predictable fallout of weaponizing unreported vulnerabilities edition.cnn.com/2025/10/29/pol…

Example of a strong passphrase.

I love using PwnFox to keep my Burp and Caido sessions organised.  It's an extension that makes broken access control (BAC) testing effortless. Spin up isolated browser containers so you can log into multiple accounts side-by-side in one window. Each container is mapped to a

Testing for React2Shell can be as easy as: 1. Running HTTPX to identify NextJS targets 2. Passing the list of targets to React2shell-scanner 3. Verify & report results 🤠 More in next post! 👇

Useful WAF Bypass Techniques for React2Shell. for more you can check the updated article: coffinxp.medium.com/from-recon-to-…

These 3 simple payloads are responsible for hundreds of thousands of dollars in bounties: - "><img src onerror=alert()> => XSS - ' => SQLi - ../ => Path Traversal Can you believe it? ☠️

github.com/KingOfBugbount… new's oneliners add !! My repo! #bugbounty #bugbountytips #recon #ofjaaah