One thing I understand is that I should never STOP Hacking! If once I STOP, It is hard again to set up my mind to sit for hacking!!! Everyone should Follow the Consistency, It is MUST! #bugbounty #bugbountytips

What new technique or attack did you learn today? Myself: Account Takeover via Password Reset In the URL field upon intercepting the request Put the Collaborator Link & when the victim clicks your link you will get the valid token to reset password. #bugbounty #bugbountytips

@0x0SojalSec Handy one!! Still Rock!!

RT @l1acker0x01: Bug: Reflected XSS Payload is reflected in: <script>window.pageType = 'test'-alert(document.cookie)-'';</script> #BugB…

Seems like @BigCommerce is a scam program on @Bugcrowd I will post in details with the story soon. #BugBounty #scammers

@Bugcrowd Too much patience, Indeed.

@0xb3ludan Sounds interesting (400 functionalities)!

@0xb3ludan Right track! But Without knowing the whole approach it's hard to say whether it is okay or not! Sometimes a little trick can Shot the web! Maybe you have done 100 test cases but a little trick "Changing req Method" can be winner!

@0xb3ludan Thanks man..❤️‍🔥😎🙏

@wase_em_akram Welcome dude!!😉

@0xb3ludan

@wase_em_akram

@0xb3ludan User A & B from the same org. User A Can do the things that user B can not—yes, changing cookie plays! User B has no view/access to this delete feature even not any access regarding the whole function Task!

Oh SHIT! User B has no rights to upload files as well on any task. But it happens from User B!! --> Normal file uploaded! More test cases --> Upload Shell? Malicious Files? write-ups in detail about all these 3 bugs??

@nav1n0x YOu guys are true gems for our Community! 🙏🙏

RT @nav1n0x: If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it…