I earned $1,000 for my submission on bugcrowd for information disclosure through API bugcrowd.com/noobsec #ItTakesACrowd

1. ./dirsearch.py -u target -e php,html,js,xml -x 500,403 2. found url.com/.svn/ 3. clone & use github.com/anantshri/svn-… 4. ./svn-extractor.py --url url.com --match database.php 5. result in output dir and just open it #bugbounty #bugbountytips

1. found blind sql injection 2. use simple payload ./sqlmap -r req -p vuln --dbs 3. the backend db is Firebird 4. cant retrieve dbname or table 5. change payload to -r req -p vuln--level 3 --risk 3 --thread 8 --dbms Firebird --tables 6. puf! *image below #bugbountytips #bugbounty

Thanks bugcrowd for MVP, very close to 3k points on Bugcrowd.

Joined 3000 points on bugcrowd #ItTakesACrowd ❤️

REACH 55k and still going, thanks to bugcrowd! YEY!

This month was amazing, and Still going for top rank 40. thanks to bugcrowd

Been learned for ~2 weeks, this is my first #Rust program: a fast tool to scan prototype pollution vulnerability. github.com/dwisiswant0/pp… Thanks to ईशान सिंह for the tip! #infosec #bugbounty #bugbountytips

ppfuzz v1 released! Now, if it's indeed vulnerable: it'll fingerprinting the script gadgets used and then display additional payload info that could potentially escalate its impact to XSS, bypass/cookie injection. Bump now! — github.com/dwisiswant0/pp… #bugbountytips

Got 1 new advisory, CVE-2021-37216. twcert.org.tw/tw/cp-132-4962…

Now #apkleaks v2.6.0 released! - GitHub Access Token - Discord BOT Token - JSON Web Token - MAC Address - CTF Flags: — DEF CON — HackerOne — TryHackMe — HackTheBox

After several years of hunting in bugcrowd, now we reach 100k

Leaderboard p1 and p2 on bugcrowd

Dear ID-Hackers, pendaftaran ditutup hari ini jadi masih bisa registrasi di 2021.idsecconf.org/p/registrasi.h…, bagi yang sudah daftar, sudah bayar dan belum terima link zoom segera kontak @azisaz 🍉 atau email ke viska[at]idsecconf.org atau WA ke: +62-851-6253-1337, see you \o/

New - Grafana unauthorized arbitrary file read Template: github.com/projectdiscove… by z0ne, dhiyaneshDk Reference: nosec.org/home/detail/49… #bugbounty #pentest #appsec

noobsec: noobSecurity mrdoel mtdta noobsec rugb

It’s publicly released now 👉 github.com/kitabisa/teler…

The Prophet (ﷺ) said, "A believer to another believer is like a building whose different parts enforce each other." The Prophet (ﷺ) then clasped his hands with the fingers interlaced. (Shohih Al-Bukhari No. 6026).

Did you know that you can use ngrok for detecting out-of-band requests? I just built ngocok, yet another Burp Collaborator for free. It effortlessly wraps ngrok tunnels and captures incoming requests seamlessly. 👉 github.com/dwisiswant0/ng… #bugbounty #bugbountytip #bugbountytips

Innalillahi wa inna ilaihi rojiun telah berpulang ke-Rahmatullah salah satu aktivis cyber security indonesia yang merupakan salah satu komite #IDSECCONF, Randi Malikul Mulki (Cybertank) hari ini. Semoga diampuni segala dosanya dan diterima amal ibadahnya, Aamiin 🤲🏻