Mijanur Rahman (@mijanhaque_) 's Twitter Profile
Mijanur Rahman

@mijanhaque_

Bug Hunter | Web Penetration Tester

ID: 1324709734939680769

linkhttps://t.me/mijanhaque calendar_today06-11-2020 13:47:18

264 Tweet

1,1K Followers

495 Following

Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

How much chance those URLs are vulnerable, when the URL contain .css .js extensions? a. 0% b. 50% c. 80% d. depends on website

How much chance those URLs are vulnerable, when the URL contain .css .js extensions?
a. 0%
b. 50%
c. 80%
d. depends on website
Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

Alhamdulillah, My Teammate just awarded on #yeswehack platform for blind xss. My all blind payloads link github.com/h6nt3r/payload… Tips: Don't rely solely on the gf pattern. #bxss #xss #ethicalhacking

Alhamdulillah, My Teammate just awarded on #yeswehack platform for blind xss.
My all blind payloads link github.com/h6nt3r/payload…
Tips: Don't rely solely on the gf pattern.
#bxss #xss #ethicalhacking
Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

Status: New Status: Under Review Status: Need More Info Status: Some conversion Status: Again Under Review Status: Now I'm waiting for next response. Every time I've provided video POC Owah What a lession!! #yeswehack

Status: New
Status: Under Review
Status: Need More Info
Status: Some conversion
Status: Again Under Review
Status: Now I'm waiting for next response.

Every time I've provided video POC
Owah What a lession!!
#yeswehack
Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

Hello YesWeHack ⠵ team, It's been 11 days but there is no update. Do you have any explanation? Note: I've added my local bank(jamuna) address. #YesWeRHackers

Hello <a href="/yeswehack/">YesWeHack ⠵</a>  team, It's been 11 days but there is no update. Do you have any explanation?
Note: I've added my local bank(jamuna) address.
#YesWeRHackers
Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

Quick XSS extension Extension link(chrome,brave) chromewebstore.google.com/detail/lyra/ag… Payloads github.com/h6nt3r/payload… #ethicalhacking #xss #rxss #BugBounty

Md Sarjis Alam (@sarjisalam_) 's Twitter Profile Photo

হে আল্লাহ, ফিলিস্তিনের পবিত্র ভূমিতে নিরপরাধ কোন প্রাণের আরেকটি ফোটা রক্ত আমরা দেখতে পারবো না।আমরা আমাদের সহ্য ক্ষমতা কে অতিক্রম করেছি। জালিমরুপী রক্ত*পিপাসু নেতা*নিয়াহুগোষ্ঠী ধ্বং*স হোক।

Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

বাংলাদেশ থেকে যারা YesWeHack ⠵ platform এর টাকা তুলেছেন তারা ব্যাংকে agreement হিসেবে কি দেখিয়েছেন? আমি invoice, billing mandates দেখিয়েছি কিন্তু তারা agreement ছাড়া টাকা দিবেনা বলেছে। কিন্তু YesWeHack ⠵ invoice, mandates ছাড়া আর কোনো ফাইল দেয়নি।

Dr. Mizanur Rahman Azhari (@azharitweets) 's Twitter Profile Photo

মজলুমদের পক্ষে, মানবতার পক্ষে, ন্যায়ের পক্ষে দলে দলে যোগ দিন।

Md Sarjis Alam (@sarjisalam_) 's Twitter Profile Photo

We stand with the people of Palestine. No more violence, no more suffering. Peace and justice for all. Dhaka, Bangladesh.. 🇧🇩 🇵🇸 #MarchForGaza #FreePalestine

Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

I've found an BXSS. The request url and backed executed url both are different. In the xss report Uri section has the url where payload executed but how do i find that what is the raw request url? If anyone knows the way to find request url please comment. #bxss #blindxss

I've found an BXSS. The request url and backed executed url both are different.
In the xss report Uri section has the url where payload executed but how do i find that what is the raw request url? If anyone knows the way to find request url please comment.
#bxss #blindxss
Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

Hello XSS Report Team, Is it possible to scanned request url will show here? I know that can pass custom parameter here. If scanned request url here that will be a great feature.

Hello <a href="/XssReport/">XSS Report</a> Team,
Is it possible to scanned request url will show here? I know that can pass custom parameter here. If scanned request url here that will be a great feature.
Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

What is your suggestion now for dumping data? Command Used: ghauri -u "example.com/?replytocom=10…" --random-agent --force-ssl --level=3 --dbs --dbms=MySQL --batch Coffin

What is your suggestion now for dumping data?
Command Used: ghauri -u "example.com/?replytocom=10…" --random-agent --force-ssl --level=3 --dbs --dbms=MySQL --batch
<a href="/coffinxp7/">Coffin</a>
Mijanur Rahman (@mijanhaque_) 's Twitter Profile Photo

This is how i collect GET based parameters. urlfinder -d "vulnweb.com" -all | grep -a "[=&]" | grep -aiEv "\.(css|ico|woff|woff2|svg|ttf|eot|png|jpg|js|json|pdf|gif|xml|webp)($|\s|\?|&|#|/|\.)" | anew | tee all_params.txt What is your methodology? #BugBounty

This is how i collect GET based parameters.
urlfinder -d "vulnweb.com" -all | grep -a "[=&amp;]" | grep -aiEv "\.(css|ico|woff|woff2|svg|ttf|eot|png|jpg|js|json|pdf|gif|xml|webp)($|\s|\?|&amp;|#|/|\.)" | anew | tee all_params.txt

What is your methodology?
#BugBounty