welcomeToMyCyberSecurityCorner !!👀

Here is my notes about cyber security

- API Sec
- Web AppSec
- Mobile AppSec
- Programming
- Network Sec
- BugBountyHunting

Enjoy it, Good By <3

sallam.gitbook.io

Completed 'Practical Ethical Hacking' Course.
TCM Security

JavaScript Analysis for Pentesters | kpwn.de kpwn.de/2023/05/javasc…

Unautho Access To phpMyAdmin Panel

#Security #hackerone #bugcrowd #bugbounty #Pentesting

SQLi..
1. original parameter --> content-length:9230
2. inject: and 1=1 # --> content-length:9230
3. inject: and 1=2 # --> content-length:4766
4. Now, sqlmap turn --> Dump the whole databases

#bugbounty tip #bugbounty #Pentesting

ثابت ...على وضعى انا ثابت...
#bugbounty #hackerone #security #Pentesting

Learn regex in 3 minutes ✨

cat matches cat
ca+t matches caaaaaaaaaaaaat but not ct
ca*t matches caaaaaaaaaaaaat and also ct
ca{2,4}t matches caat, caaat and caaaat
c(at)+ matches catatatatatat
c(at|orn) matches cat and corn
c[ea]t matches cat and cet

IDOR in Bug bounty program but unfortunately duplicate

#bugbounty #penetrationtesting #report #Bugcrowed #hackerone
#hacking #security #ethicalhacking #informationsecurity #cyber #bughunting #infosec #cyber attack #cyber security

Hi Amazing Hackers ..
I need xss payload to steal victim cookies..
The payload should not have backslash '/' .

#bugbountytip #BugBounty #Security #hackerone #bugcrowd

LFI On Fire .❤️
found interesting param using gf tool --> send request to Intruder --> using LFI-Jhaddix wordlist -->Got LFI
Payload used: %2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd

#bugbounty tips #bugbounty #bugcrowd #hackerone #security

Unfortunately, It was Too late...
#BugBounty #infosec #bugcrowd

Hi amazing hackers:
I have found (Client ID) and (API key) and (INCIDENT FOLDER ID) and (INCIDENT TEMPLATE ID) from the Google Developer Console...
Need away for Exploitation ...

#bugbountytips #BugBounty #infosecurity #security #Pentesting #PenTest

🔒 Question of the day: How to hunt on restricted web applications protected behind a login page? 🤔 Well, guess what? While most folks tend to overlook these targets, I've pocketed over 5 figures $$$$$💰 from such apps. Bounties for findings on these assets often result in…

Now, the port is open ...
But the vulnerability has been fixed .🥲

#bugbounty

SAD Story ..

- Found LFI at 1:00 PM today on (ip:port) ..😍
- I waited till 8:00 PM to send a report
- the port of Ip is closed
- P1 has gone ..😥

#bugbounty #security

phpmyadmin/setup/index.php --> 403
pma/setup/index.php --> 200

add it to your list...

SQLI confirmed with this payload:
'XOR(if(now()=sysdate(),sleep(5*5),0))OR'
Now, let sqlmap do it ...👇

#bugbounty #bugbounty tips #hackerone #bugcrowd

I'm happy to share that I've just made another Hall of Fame, this time from the BBC , and this time it comes with a cool swag
BBC Hall of Fame: bbc.com/backstage/secu…

#BugBounty #swag

Check out My new Writeup (How I was Able To Bypass The Admin Panel)
medium.com/@mohameddiv77/…

#bugbountytips #BugBounty

Hunting In Night...

#bugbounty #bugcrowd #ItTakesACrowd #infosec #security