Bug Bounty Tip:- File upload to RCE⚔️🛡️ #infosec #bugbountytips #rec #CyberSec

Session, Cookie, JWT, Token, SSO, and OAuth 2.0 Explained in One Diagram When you login to a website, your identity needs to be managed. Here is how different solutions work: - Session - The server stores your identity and gives the browser a session ID cookie. This allows

Explore my blog on XSS WAF bypass, covering various tricks and techniques: meydi.hashnode.dev/master-of-xss-… #bugbounty #bugbountytip #xss

Me, spraying blind XSS payloads everywhere:

فکت : کنار باگ بانتی باید تراپی هم بری وگرنه چیز جز یه آدم عصبی ازت نمی‌مونه

Just found an interesting behavior in Firefox that can be used for XSS: If a response lacks the Content-Type header, Firefox renders it as text/plain. But if the URL ends with an extension like .html, Firefox treats it as that. #bugbounty #bugbountytips

با کیرت تصمیم بگیری با کونت تاوان میدی

A tiny blog post of mine about exploiting self-XSS using disk cache— inspired by Jorian Hope you like it! mey-d.github.io/posts/self-xss…

Quick Tip: Hunting CORS? Go beyond payloads. In DevTools → debugger, search for regex / RegExp and grab any domains you see. Test them as Origins — broken regex on trusted domains can = bypass 🚨 And don’t forget: some may be purchasable 👀 #bugbountytip #bugbountytips

I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: portswigger.net/research/inlin…

Did you know? You can style XML with CSS using <?xml-stylesheet href="style.css"?>