#bugbountytips (1/2) Sometimes we will be able to access the functionalities , that are ONLY accessible after MFA auth , by using the cookies obtained before MFA auth . Steps :- 1:- Do MFA auth 2:- Note down the endpoints or send the requests to repeater 3:-Now logout

#bugbounty #bugbountytips Automate sql injection 1.Browse all the application 2. Save all requests from burp to a file 3.Use github.com/Miladkhoshdel/… to automate . If WAF use github.com/m4ll0k/Atlas .thanks Hussein Daher for showing this. Thanks tool creators !!

Python Flask SSTI Payloads and tricks * {{url_for.__globals__}} * {{request.environ}} * {{config}} *`{{url_for.__globals__.__builtins__.open('/etc/passwd').read()}}` * {{self}} * request|attr('__class__') == request.__class__ == request[\x5f\x5fclass\x5f\x5f] #bugbountytips

Here's an explanation of the wonderful vector by William Bowling that successfully solved one of our "impossible" labs. The original submission can be found here: jsfiddle.net/vakzz/g2two0qs/ The vector no longer works because the length restriction is reduced.

Some blogs that helped me: medium.com/@ghostlulzhack… medium.com/@weblab_tech/g… medium.com/@the.bilal.riz… #bugbountytips #infosec #DYPTC #Quarantine

We've added a VueJS section to the XSS cheat sheet. With a new very short vector from Gareth Heyes \u2028 <x v-html=_c.constructor('alert(1)')()> also contains vectors from Cure53 and Eduardo Vela Sebastian Lekies koto portswigger.net/web-security/c…

A bit of fun to celebrate JavaScript's new features: void''??globalThis?.alert?.(...[0b1_0_1_0_0_1_1_1_0_0_1,],)

I am losing faith in platform managed triage services day by day.

Everyone thinks Bug Hunters make big $$$ because all of the "Found xxx earned $$$" posts on here. I think people should be aware of that this is not common. Full Time Bug Bounty Hunters, what is your average month looking like? Would be interesting to see what the reality is.

#bugbountytip I completed 6 months in BB Things I learned : 1 . Never trust the platform .Don't waste time sending support mails or contact their high profile employees who boast in public about researcher well fare .All you will get is "professional English" in return .

what we can say customer always right, right? HackerOne 🤷‍♂️

Ranked #2 in Pakistan. Alhamdulillah! 😃

🎁 Merry X(SS)MAS! Hackers!🎄 Beginning today we are doing 12 swag-ful days of giveaways and challenges. Today's challenge is simple: spread the cheer of #XSSMAS with a retweet of this tweet to be one of 12 researchers to get today's exclusive swag! ☃️

For postMessage XSS and you can't iframe the page don't use window open() then reference to that window to send the message. In the application look for any location you can put a link to your site that doesn't have rel=noopener then use opener.postMessage to send your payload

Finally in 10K club on HackerOne 🤞 #BugBounty

In June, I submitted 20 vulnerabilities to 4 programs on HackerOne. #TogetherWeHitHarder hackerone.com/last-month

In February, I submitted 5 vulnerabilities to 4 programs on HackerOne. #TogetherWeHitHarder hackerone.com/last-month

In June, I submitted 2 vulnerabilities to 1 program on HackerOne. #TogetherWeHitHarder hackerone.com/last-month

🦁 Proud to share my 2024 #HackerOne journey: 89 vulnerabilities reported, including 4 critical finds! Specializing in XSS hunting and web security. Thanks to HackerOne for providing an amazing platform for security researchers! 🔐 #InfoSec #BugBounty hackerone.com/stories-of-202…

9 years in H1's Top 100 all-time. First made it in 2016, and still here at the top 100 today. Probably my last time here as I've slowed down hunting there after too many bad program/triage/mediation experiences over the last few years. End of an era!