There is a popular opinion: bad CORS like <Access-Control-Allow-Origin: *> is unexploitable. Browser won't send cookies in this case. It is a delusion. You can exploit it with a Chrome cache feature! For example: hackerone.com/reports/761726 #BugBountyTip #CyberSecurity #BugBounty

🚀 Found a subdomain takeover + XSS vulnerability in a bug bounty program! Huge shoutout to Coffin for the inspiration, even though I didn't use their payload this time. Keep pushing boundaries! 💻🔍 #BugBounty #CyberSecurity #Infosec #HackerLife

Thrilled to have uncovered an XSS vulnerability and earned a 1-year subscription as a reward! Huge thanks to @CoffinXP7 for the inspiring payload that made it possible. #CyberSecurity #BugBounty #EthicalHacking

PDF.js exploit found leading to Reflected XSS (account takeover maybe possible, working on it). Big thanks to Coffin for the alert. CVE-2024-4367. Keep pushing boundaries! 💻📷 #BugBounty #CyberSecurity #Infosec #HackerLife

Just found an interesting vulnerability on a major productivity platform! 😲 Big thanks to Coffin and todayisnew for the unbelievable inspiration. #CyberSecurity #BugBounty #EthicalHacking #Infosec #HackerLife

just found : stored xss due to svg file upload . big thanks to Coffin and todayisnew for appreciation. Keep pushing boundaries! 💻📷 #BugBounty #CyberSecurity #Infosec #HackerLife

🚨Open Redirect tips 🚨 Change the vulnerable URL to an encoded one like this: http://%F0%9D%96%8A%F0%9D%96%9B%F0%9D%96%8E%F0%9D%96%91.%F0%9D%96%88%F0%9D%96%94%F0%9D%96%92 Example: freevisit.ru/redirect/?g=ht… Stay safe! 🛡️ #CyberSecurity #Infosec #WebSecurity #Tips Coffin thnx

🚨 Exciting news! Finally, 1st valide on intigriti . Always practice responsible disclosure! all credits goes to Coffin #CyberSecurity #ethicalhacking #bug #BugBounty

never imagined this simple BSQLi tool will be go this much viral and effective🔥also share best methodlogy to find BlindSqli this video will sure help you ❤️ youtu.be/eqqYL5Q2VyE?si…

finally found on a bbp . 🥳🥳🥳🥳🥳thanks Coffin for amazing tool .

I will be back after April 2025 with more hacking stuffs #comebackstrongermile #hackingtools #bugbounty

Bug bounty is not all sunshine and rainbows. Today you win some tomorrow you lose. February was tough and l didn't get even a single paid bug. But will l give up? No! l will keep on fighting just like you should. Do not give up 💪 #BugBounty

Checkout new video:youtu.be/aMA7gWhGNaE?si…

again duplicate for 2 hours 😑😥

dev. must be very creative😅 #bugbounty #hacker

HackerOne just becoming a scam!! email verification bypass isn't a vulnerability?

🥹