Not able to understand the behavior. Anyone has any clue? Two different result of java program on 2 different operating system. Burp Suite hackvertor #deserialization #Java

The team at OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT. It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it. Breakdown below 👇

7 SQLs 4 in php (select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ 1 in aspx orwa';%20waitfor%20delay%20'0:0:6'%20--%20 2 in graphql orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))-- #bugbountytips #bugbountytip 💕

And that's a wrap! To dive deeper into how email security strategies can unintentionally leak sensitive info to the public, check out the full slides in Shockwave - External Attack Surface Management.'s blog post 👇 🔗 shockwave.cloud/blog/email-sec…

ASP.net responds with a 400 bad request on all requests containing two referer headers. This can be used to acheive cache poisoning DoS if the cache stores 400 response errors.

🔐Secrets no one will share with you - Here's a technique that might grant you access to takeover other users' accounts using "Login with Facebook": Are you working on a target site that supports "Login with Facebook"? Disable email sharing during Facebook login and be ready

How Burp Suite AI Makes Vulnerability Testing Easy and Fast infosecwriteups.com/how-burp-suite… #bugbounty #bugbountytips #bugbountytip

Account Takeover Via Password Reset These Methods Still works👌 #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection #privateinvitation #owasp

𝗪𝗲𝗯 𝗣𝗲𝗻𝗲𝘁𝗿𝗮𝘁𝗶𝗼𝗻 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 𝗔𝗿𝘁𝗶𝗰𝗹𝗲𝘀 📑 1). hackingarticles.in/exploiting-rac… 2). hackingarticles.in/burpsuite-for-… 3). hackingarticles.in/a-detailed-gui… 4). hackingarticles.in/comprehensive-… 5). hackingarticles.in/burp-suite-for… 6). hackingarticles.in/burp-suite-for… #BugBounty

Best write up bensaad0.medium.com/unveiling-hidd… bensaad0.medium.com/idor-allows-un… bensaad0.medium.com/privilege-esca… bensaad0.medium.com/bypassing-auth… bensaad0.medium.com/two-idors-allo… bensaad0.medium.com/idor-allows-un…

🔍 LFI Hunting Tips from Real Finds: 1️⃣ GET path injection: Try ///../../../../etc/passwd. Fuzz w/ Burp! 2️⃣ POST LFIs: Test endpoints like /router.jsp?../etc/passwd. 3️⃣ Hidden params: Brute-force w/ ParamSpider or check JS files. 💡 Bypass filters w/ %2e%2f or %00 Stay ethical!

Are you a Burp Repeater power user? The latest release introduces a new feature called 'Custom actions'. With these you can quickly build your own repeater features. Here's a few samples I made for you:

Wanna learn API hacking checkout this playlist by Katie Paxton-Fear YouTube: youtube.com/playlist?list=…

What’s happening here is really strange! HackerOne is playing judge! A minor disagreement broke out between a few people on X—so why is HackerOne banning them from the platform? Conflicts between bug hunters on Twitter happen all the time, yet H1 has no right to step in and

I wrote a tool for Vite Arbitary File Read, you can find it here 🔥🔥🔥 #github github.com/ynsmroztas/Vit… for search ZoomEye service="http" && app="vite" #BugBounty #bugbountytip

for the first time ever, Pwn2Own ... WhatsApp - Zero-Click Remote Code Execution and it’s worth $1,000,000.

I'm sharing my $20,000 bug bounty secret 😱 speakerdeck.com/dk999/to-the-d…

This one was easy: searched JS files → revealing endpoints → JSON HTTP request → exposed PII. Tip: account for lazy-loading. many hunters miss endpoints. Method: click to trigger lazy-loaded JS, then search again for endpoints. Happy hunting :]

I did it 4 times. Also, think about how you do fuzzing EX 1: GET /DIR/sens/01567777 => GET /DIR/sens/0156FUZZ (4) Since most large IDs usually start after a large number (if sequentially), therefore GET /DIR/sens/FUZZ (8) It takes a lot of time & most are actually empty.

I created a simple but effective tool that examines and analyzes .js files. 🔗 Project: github.com/ynsmroztas/Ins… #DevTools #Js #JavaScript #bugbountytip #bugbountytips #InfoSec #recon