MorningStar
@0xMstar
Followers
16,149
Following
1,051
Media
123
Statuses
3,159
bug bounty hunter :) bugcrowd top 10
localhost
Joined August 2013
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
オリンピック
• 580311 Tweets
Christians
• 280871 Tweets
Christianity
• 202751 Tweets
花火大会
• 169328 Tweets
グラブル
• 60281 Tweets
Endrick
• 52643 Tweets
#男子バレー
• 45302 Tweets
バレー男子
• 35812 Tweets
NuNew Sing With Piano
• 28093 Tweets
#アークナイツハニバ2024
• 25608 Tweets
#withMUSIC
• 21358 Tweets
フルセット
• 14061 Tweets
#ドッキリGP
• 13842 Tweets
フォード
• 10196 Tweets
ヤスアキ
• 10181 Tweets
Pinned Tweet
Did writeup on RCE with Flask Jinja Template Injection
RT if you like
22
345
784
I earned $10,000 for my submission on
@bugcrowd
My highest payout so far for single report from
@Bugcrowd
.
Issue was all accounts takeover including super admin account, without user interaction.
#ItTakesACrowd
53
30
516
1000 points on single program on
@Bugcrowd
, also completed $50k on same program. Focusing on single application really helps. This program do not have large scope , just single application with lots of functionality to test. Awesome team & great response time & fast fix.
34
24
475
If you find jsp page with no parameters. You can actually add path parameters using semicolon
Like this
;');alert(1)// & perform XSS.
Apache tomcat support this.
#Bugbountytip
#BugBounty
#XSS
9
192
431
I earned $15,000 for my submission on
@bugcrowd
My highest bounty till date for single report.
#ItTakesACrowd
28
15
375
Found weird bug
1. While registering with username , got error username already taken, so I use another username.
2. Go to edit profile , change username to already registered username , success!
3. Existing users account with that username deleted.
#bugbounty
15
81
368
One of major bounty i got was for blind SQL injection , Its in prestashop CMS module. I always keep an eye on CMS & module based CVE release. Here is POC & exploit.
@PrettyRecon
database helps to find targets from my DB which using prestashop.
12
53
361
Focused on XSS after long time , Its sometimes hard to prevent this type of bugs, read & understand JS code, use waybackmachine , gather as much endpoints as you can, grab parameters from JS files, use
@PrettyRecon
.
10
43
316
26
18
280
Which bug class/type you can teach to absolute beginner which do not have any knowledge about cybersecurity or computer science
65
19
257
I earned little over 20k this month just by doing XSS , So for all newbie hunters, you can focus on single bug class & still make decent earning from it.
Most of bugs are DOM based & mostly automated .
26
15
254
I earned $5,000 for my submission on
@bugcrowd
Simple recon with google dork, trick was to find unique asset.
#ItTakesACrowd
12
9
244
if [] is block in jinja2 ssti , you can use pop() function. try below payload to read internal files.
{{[].__class__.__base__.__subclasses__().pop(40)('/etc/passwd').read()}}
#ssti
#bugbounty
#bugbountytips
#jinja2
4
95
235
How to start with
@Bugcrowd
?
Start with points only program , focus on one bug at a time like xss, bugcrowd have some easy public target like cisa gov programs & ubisoft find bugs their then you will get private invites .
#bugbounty
#
11
35
231
I earned $7,500 for my submission on
@bugcrowd
Sensitive information disclosures.
Got asset by searching footers in
@PrettyRecon
web mapper tool.
Target specific directory bruteforce.
Got unauthenticated endpoint disclosing sensitive info.
#ItTakesACrowd
10
19
212
Here is blog for "Mass hunting vulnerabilities with subdomain database feature of
@PrettyRecon
"
I also shared few vulnerable services & software which are vulnerable to open redirects & you can use them to chain it with other bugs to increase impacts.
1
64
209
I earned $600 for my submission on
@bugcrowd
Privileged escalation, Easy find.. collect all requests in admin session & perform same with basic user session.
#ItTakesACrowd
17
11
206
I earned $5,000 for my submission on
@bugcrowd
Arbitrary file download, able to download support attachments due to IDOR.
#ItTakesACrowd
5
7
199
No one in my RL friend circle knows I do hacking/bugbounty or I know shit about computer, I m still mechanical guy for them🙃
19
6
193
I earned $1,250 for my submission on
@bugcrowd
stored xss using bulk data upload feature, sometimes developer add filters on form but forgot to do same with data upload with CSV.
#ItTakesACrowd
8
10
181
Top of July leaderboard
@Bugcrowd
Thanks to
@naglinagli
for help & thanks to
@Abhinav_one
for shodan😅
23
3
184
I earned $2400 for my submissions on
@bugcrowd
XSS+priv escalation+Info disclosure
#ItTakesACrowd
5
3
178
I earned $1400 for my submissions on
@bugcrowd
XSS & SMTP credentials disclosure
#ItTakesACrowd
10
8
171
I earned $500 for my submission on
@bugcrowd
#ItTakesACrowd
Sometimes registering with company domain email will gives you extra privileges. Eg. test
@target
.com Or change email to company email if no email verification is there.
6
18
165
I earned $1050 for my submission on
@bugcrowd
1 Rxss + 2 privilege escalation.
#ItTakesACrowd
8
6
167
I am stuck, not learning anything new. Spending all free time doing bug hunting with already known things. 🙃
20
4
166
Yay, I was awarded a $150 bounty on
@Hacker0x01
! XSS , use %00 at start of payload, sometimes its help to bypass waf.
#TogetherWeHitHarder
8
15
163
Check js files on contact pages of target websites, sometimes they are embedded with SMTP keys & secrets.
#bugbounty
#bugbountytips
3
32
166
I earned $5,000 for my submission on
@bugcrowd
LFI on windows server having vb dot net,
#ItTakesACrowd
8
4
158
Bugbounty is not reliable income source, can't afford breaks lol, need something permanent like full time job. 🙃
22
6
157
Got XSS on Jira with os_destination parameter , I checked hundreds of other jira targets(same version) for similar bug , no other targets are vulnerable., very strange.
8
12
152
I earned $2,500 for my submission on
@bugcrowd
#ItTakesACrowd
Every time I thought I will never find SQLi again…🙃
12
1
151
I had great year, earned 3X more bounty compare to last year. Ranked 12th on all time leader board on
@bugcrowd
, Completed 11k points . I will more focus on other platforms too from next year . overall happy with progress <3
Wishing Happy & successful new year to everyone <3
15
2
152
I earned $1,250 for my submission on
@bugcrowd
override others account data with CSV import feature.
#ItTakesACrowd
8
11
145
I earned $1,250 for my submission on
@bugcrowd
stored xss to steal access of super admin
#ItTakesACrowd
7
6
135
I earned $2,500 for my submission on
@bugcrowd
Signup enabled which gave access to CD/CI portal , severity decreased from P1 >> P2🥲
#ItTakesACrowd
6
2
136
I wish BB platforms have option to block particular triager to acccess your reports lol. 😂
26
4
137
#Bugbountytip
Always , change parameters into array like username[]=, it's sometimes throw SQL errors.
How to do SQL injection if it's in insert statement.
Like
Insert into test ('user','pass') values (?,pass$myinputs);
I only have control over "myinputs" in query.
#bugbounty
4
16
74
4
35
127
Giving away 1 month subscription of
@PrettyRecon
, share your tips, tricks , articles anything interesting you found recently. Will choose random 5 users from comments. Do like , retweet & comment.
#BugBounty
36
41
125
I like coding more than bug bounty ,
I doing bugbounty just because it's giving me more money that programming.
Building application is cool than breaking it🤖🙌
9
4
117
Twitter is only reason I m still doing bug bounties, I learn all stuffs from here , I get motivation to open laptop just because seeing some one getting bounties lol, otherwise I would never …
12
3
116
I earned $1200 for my submission on
@bugcrowd
Developer service takeover via leaked token
#ItTakesACrowd
6
4
107
9
4
105
XSS is everywhere, getting xss on 3-4 years old program is super cool :)
5
2
105
New XSS section in
@PrettyRecon
is so fast, help to score some easy XSS in last month. You still need to exploit it & bypass WAF though .
5
6
104
2022 goals
1. To get proper sleep daily.
2. Improve health by acquiring healthy lifestyle.
3. I will look for some permanent job in infosec field (maybe).
4. Try to maintain same which I achieve in last year.
4
3
103
Lol, why?
Hi, this time i got SQL injection vulnerability to XSS
My payloads :
concat(0x3c7363726970743e70726f6d70742822,0x3078336e30,0x7c7c,user(),0x7c7c,database(),0x222c646f63756d656e742e636f6f6b6965293c2f7363726970743e)
#bugbountytips
#cybersecurity
#infosec
#bugbounty
17
127
488
7
11
99
I earned $400 for my submission on
@bugcrowd
steal email conversations with Oauth misconfiguration
#ItTakesACrowd
7
3
96
javascript:%0a%0dalert(1)
Which are the characters we can use to perform xss, other than %0a & %0d ,here ?
9
16
92
Need motivation to hunt , have lots of private invites but no motivation to open laptop 😞
18
0
88
This year , I got 25% less bounties compare to 2021 with 75% less reports.
Reported more P1-P2 compare to last year. I spent average 20hrs a week on bug bounties, hopefully I will spend more time next year.
Thanks
@Bugcrowd
for giving opportunity & sending good private invites :p
2
1
89
XSS is out of scope but not open redirect 😭So I use javascript code redirect to another web.
Why programs puts XSS is out of scope but not open redirect.
9
4
85
I rarely got SQLi, or maybe I am not looking for it , as developer I see/use lots of web framework & ORM which prevents SQLi by default. So always think that there is no chance that I will get one.
Have to look for this too. Nice work
@GodfatherOrwa
3
11
82
Got one endpoint /private/data/users
Which potentially disclosing all users private information. But data is so huge as that webapp have millions of users causing server to time out.
& not able to dump anything for POC
11
4
82
I earned $1,000 for my submission on
@bugcrowd
(priviledge escalation of normal user to Admin)
#ItTakesACrowd
3
1
82
Using prettyrecon, can easily search in my bug bounty targets database for CVE-2024-24919, no need to blindly run nuclei on all target subdomains.
@PrettyRecon
0
5
83