![Jasmin Landry Profile](https://pbs.twimg.com/profile_images/1548112119920439296/iTsEPzRM_x96.jpg)
Jasmin Landry
@JR0ch17
Followers
9K
Following
7K
Statuses
749
Really a fun bug to work on! Here’s what our day looked like 😂
Wowww! I found a sick bug for my first day full time hacking. 😱 Aptly, it includes prompt injection: CSRF -> Path Traversal -> access to internal chatbot -> HPP -> prompt injection -> AI outputs XSS which pops on the victim. Shoutout to @JR0ch17 for the collab!
5
0
40
116 total reports, including 19 criticals! Let’s hope those numbers improve in 2025 as I’ll be doing bug bounty full time! @Rhynorater looks like I’ll be roaming around in the savanna with you 🦁
1
0
31
@mijanhaque_ Just trying typical injections to see how the app reacts and then confirming whether an injection exists or not
0
0
0
🔥 Looking forward to next round! 🇨🇦#TeamCanada
🇨🇦 GO CANADA 🇨🇦! We’ve made it to the Sweet Sixteen in #AWC2024! 🎉🍁 A huge shoutout to @Hacker0x01 for this amazing event! Good job team and let’s keep the momentum going 🏆🚀 #TeamCanada #BugBounty
1
0
23
RT @Hacker0x01: "What keeps me on programs is the interaction with the people. Good communication, access to unique scopes, setting campaig…
0
3
0
This made me remember an ATO bug I found a few years ago. The app used perl's crypt function as the token generator for password resets, here's the docs for it You'll quickly notice the problem with it 😂 Or I guess the real problem was that the app was built on perl!
Just discovered "Reset Tolkien" , a shiny new tool from @AethliosIK for cracking time-based secret tokens with the sandwich attack. Random-looking tokens can contain so many flaws, it's great to see more eyes on this area.
0
1
12