charan
@0xcharan
Followers
1,400
Following
317
Media
47
Statuses
3,761
bug bounty hunter | Bsc(Hons) science graduate | CEHv12 certified | eCPPTv2 certified |
Rajahmundry, India
Joined November 2020
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Pinned Tweet
Thrilled to announce that I've achieved a milestone of 1000 reputation points on
@Hacker0x01
Grateful for the journey and excited for what's next.
#HackerOne
#bugbounty
5
0
44
In June, I submitted 8 vulnerabilities to 5 programs on
@Hacker0x01
.Earned more than 5000 dollars able to pay my college fees 🥺 thanks
@Hacker0x01
#TogetherWeHitHarder
#bugbounty
15
19
323
Smashed it with
@0xdln
and
@0xmarvelmaniac
! 🚀 $24K for 8 SQLi bugs at
@Hacker0x01
.
#TogetherWeHitHarder
💪
Yay,
@0xcharan
@0xdln
and I earned a total of $24,000 on
@Hacker0x01
for submitting 8 SQL injection issues to a private program!
Few SQLis were found by burp scan😅and we had to create a custom burp extension to find the rest on the program.
WriteUp soon!
#TogetherWeHitHarder
23
17
353
12
3
157
Yay, Me and
@0xmarvelmaniac
earned $7000 in just one week by collaborating on a private program at
@HackerOne
#TogetherWeHitHarder
10
2
94
In April, I submitted 74 vulnerabilities to 37 programs on
@Hacker0x01
.
#TogetherWeHitHarder
11
2
63
In November, I submitted 32 vulnerabilities to 21 programs on
@Hacker0x01
.
#TogetherWeHitHarder
1
0
21
There are lot of people but I mostly inspired from this persons thanks to
@sunilyedla2
@4z1zu
@ADITYASHENDE17
@0xMstar
@_jensec
@remonsec
@sillydadddy
@GodfatherOrwa
@GochaOqradze
@_justYnot
for sharing your knowledge to community I found myself on
@Hacker0x01
leaderboard
5
0
19
@disnhau
@ADITYASHENDE17
@Ahmad_Halabi_
:""
ssl:""
these dorks i use regularly apart from that you can use net:103.36.5.64/27 for cidr
0
2
10
In September, I submitted 15 vulnerabilities to 12 programs on
@Hacker0x01
.
#TogetherWeHitHarder
0
1
9
@sillydadddy
Use dirsearch to it's fullest example use suffix and prefix in dirsearch like adding *,@,; to bypass 403 or 401 errors and it can be used for path traversal too 😉
0
1
9
@Virdoex_hunter
@e11i0t_4lders0n
@theXSSrat
@remonsec
@ADITYASHENDE17
@sechunt3r
@impratikdabhi
@ehsayaan
@zseano
@harshbothra_
@tuhin1729_
Check for version of swagger UI if it is low we can get xss
And extract that endpoints fuzz on subs we have
0
0
8
@sherlocksecure
@PentesterLab
Always check for race condition vulnerability on web hooks many test for ssrf on web hooks but not race condition got my first bounty on bugcrowd for this
2
0
7
@thebinarybot
@NahamSec
youtube channel
BBRE News by
@gregxsunday
@PortSwiggerRes
and
@PentesterLand
@PentesterLab
1
0
7
@IamRenganathan
i deleted Linkedin because of these if i see something like that i will lose myself 😤
2
0
7
@intigriti
🌀 HYPNOSIS ATTEMPT 🌀
😵💫 😵💫
😵💫 😵💫
you will
😵💫 Give me a bounty 😵💫
😵💫 😵💫
😵💫 😵💫
1
0
5
0
1
6
@HackenProof
Just don't do it for bounties have fun and enjoy the process and remember this will take time ;)
0
1
5
0
1
5
0
0
4
@ADITYASHENDE17
Whenever i try to hunt for ssrf i will find some other issues instead of ssrf i don't why 😅
0
0
4
@bugoverfl0w
@Hacker0x01
Thanks bro, daily i spent 3 hours only except sat and sun and only half of that submission were manual rest are automated only
1
0
4
@HusseiN98D
forgot about the shared environment imagine you got admin panel access and you noticed many blind xss payloads 🥲
2
0
4
@Br0k3n_1337
@Hacker0x01
Hi bro which bug ? I too hunted on mongodb i am somewhere in that leaderboard 😅
1
0
4
@bug_vs_me
These ones do the job better, echo 17.0.0.0/16 | mapcidr -silent | dnsx -ptr -resp-only -o output.txt
0
2
4
@R29k_
@NeolexSecurity
You can't find bugs in stress first get out of the stress and then start again with hunter instinct
0
0
4
@Jayesh25_
hi
@Jayesh25_
but these http hits do not mean ssrf right ? what are the best ways to show impact to triagers ?
1
0
3
1
0
3
@GodfatherOrwa
@Bugcrowd
@Mohamed87Khayat
Dom xss required understanding for js how you managed t get dom xss ?
0
0
2
@sillydadddy
@sunilyedla2
1) what are the most common bugs that you encounter
2)tips for csrf and most common csrf bypass that you use
3)tips for ssrf and idor
Thanks in advance
2
0
3
@deadvolvo
@Bugcrowd
True, they generally have a hard time reproducing cache or request smuggling issues.
0
0
3
@krishnsec
even with active subdomain enumeration and permutation it will take less than 3 hours in our 5 dollars vps :(
0
0
3