🇵🇸Ayaa Hamed
@AyaaHam82030201
Followers
758
Following
169
Media
17
Statuses
1,328
Security Researcher 🔍|| Bug Hunter 🐞 ||
Egypt
Joined June 2022
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#Orm1stFMNanning
• 441048 Tweets
ORM HEARTBEAT UNSTOPPABLE
• 428877 Tweets
Cardi B
• 116810 Tweets
गोवर्धन पूजा
• 77354 Tweets
#Xフライドポテト20周年祭
• 46225 Tweets
Ron Paul
• 39745 Tweets
#YINWAR1STFANMEETING
• 33342 Tweets
雨天中止
• 24821 Tweets
Braun
• 24123 Tweets
#アルビレックス新潟
• 21703 Tweets
大雨警報
• 21228 Tweets
グランパス
• 20269 Tweets
京王杯2歳
• 20239 Tweets
土砂降り
• 17474 Tweets
日本シリーズ中止
• 16097 Tweets
Gobert
• 15798 Tweets
ファンタジーS
• 13919 Tweets
東海道新幹線
• 13630 Tweets
ピクミン
• 12536 Tweets
#ルヴァンカップ決勝
• 12529 Tweets
Jokic
• 10561 Tweets
Pinned Tweet
💚💚
2
0
9
Finally, after 2 months they validated the bugs and paid 😅🤑
20
6
277
How bypassed OTP in unexpected way by DEep
0
55
215
Tip:
1.The business of the program is booking the hotel
2. In the process of the booking the program ask to provide the phone number.
3. Add the number and Intercept the request.
#bugbounty
#bugbountytips
8
23
176
Simple logic flaw lead to P3 bug in public BBP by Muhammad_Mostafa
6
12
131
Tip: Always try to bypass workflow mechanism and break the logic of the target 🤑
#bugbounty
#bugbountytips
2
5
95
BAC leads to full takeover of any store within the organisation by Esmail Saied (0xSp1DeR)
0
14
93
Account takeover vulnerability that resulted in $2500 bounty! by Imad Husanovic
0
14
86
How I found it 👇 👇
1.The special role don't have permissions to view or access the transactions.
2. While I test different endpoint I found request allow me to download the transactions.
3. I try this request with unauthorized user and it worked.
#bugbounty
#bugbountytips
1
6
65
The first bounty in 2024 and faster bounty I had .... triaged and rewarded in the same day 😁😅
@Bugcrowd
#bugbounty
4
1
57
Full account takeover — Bug bounty by Facundo Fernandez
1
13
51
Tip:Try understand the target and his main goal🤑
Impact:
The target focus on manage cards and spend money via workflow. When the attacker can edit workflow he can change the behavior of the company and he can control with all transactions or transmit of money.
#bugbountytips
4
1
52
3 Easy cash via cache by Muhammad_Mostafa
2
13
46
6. We not finished >> change the body of the request and send it.
7. All information added successfully and we can add alot of the important info to any user account.
1
0
11
2FA Bypass via Reset Password by Mostafa Elguerdawi
1
3
6
Securing Data: How I Quickly Accessed 3000 Student Records in under 5 Minutes by Facundo Fernandez
0
2
6
Abusing Business Logic of an Application to create backdoor in a form APP
0
1
4
4. Change the user id to victim id (easy get victim id), then send the request.
5. Boom the number changed successfully and can see the victim info.
1
0
4
@Proxy936623
The special role don't have permissions to view or access the transactions. But While I test different endpoint I found request allow me to download the transactions. So, I try this request with unauthorized user and it worked.
0
0
3
@MrxXb12
What happened with me was not direct access control, if you found the endpoint with any way you say not benefit as it was not direct access control and this is the importance of understand the app and try to tie all features with other. If I have time ,I will write writeup.
0
0
2
Imazing Write up
0
1
2
Discovering Account Takeover Vulnerability Through Source Map Analysis by Daniel Silva
0
0
2
@Sp3cia1m4n
because It is used to add a lot important info to any user not only alternative email.
0
0
1
@awaisaskanii
The main body of the request contain only the number phone parameter , but I added more parameters as email , passport info and more important parameters.
1
0
1
@Sp3cia1m4n
Good question! But this alternative email is used to send the trip info > it is not used in login.
1
0
1
IDOR leading to Mass Account Takeover | SecurityDudePK by Ahmed Raza
0
0
1
الله أكبر الله أكبر ولله الحمد 🇵🇸🇵🇸💪🇵🇸💪🇵🇸
0
0
1