Jerry
@Mdhsan19
Followers
1,167
Following
383
Media
195
Statuses
3,162
Cybersecurity Researcher 18yo bug hunter | blue Teamer | OSINT Analyst | Threat intelligence Researcher | IR 👨💻👨💻
Nepal
Joined November 2021
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
オリンピック
• 540777 Tweets
Islam
• 260372 Tweets
フランス
• 260106 Tweets
#Olympic2024
• 198412 Tweets
#RobinsonLifestylexZeepruk
• 131313 Tweets
Cène
• 69852 Tweets
世界遺産
• 56614 Tweets
DDAY YOU BETTA CATCH UP
• 54579 Tweets
隅田川花火大会
• 54208 Tweets
ONE WORLD ONE SKY
• 49986 Tweets
佐渡金山
• 43878 Tweets
WTWGWS x MILKLOVE
• 41528 Tweets
अब्दुल कलाम
• 39216 Tweets
佐渡島の金山
• 32537 Tweets
#男子バレー
• 30383 Tweets
バレー男子
• 26576 Tweets
ニッポン
• 25004 Tweets
#วอลเลย์บอลชาย
• 23387 Tweets
大阪桐蔭
• 13632 Tweets
Charlie Hebdo
• 12961 Tweets
守備妨害
• 11915 Tweets
石川祐希
• 10197 Tweets
Pinned Tweet
Alhumdolillha ♥️ 2nd report on Google also got accepted,
Tip : always try to monitor your target for fresh leaks 😁
#bugbounty
#bugbountytips
#jerry1319
First report on
@google
got accepted,
I chained 3 bugs together among one of them got duplicates otherwise it will be P3
#bugbounty
#jerry1319
4
0
41
14
2
57
I started bug bounty to become financially stable, after year of hunting and progress finally now I am mentally unstable
#BugBounty
#bugbountylife
23
16
227
While testing a web after domain,com///evil,com it's redirecting me to evil,com.domain,com
After 3+ hours of try finally i get a payload to get OR to evil,com
Final paylaod : javascripT%3a%2f%2fevil,com%0D%0A%0D%0A
#bugbountytips
#bugbounty
7
9
85
Hurray! I was awarded $$$ for mine report on GoogleVRP,
Bug : Info Leakage
Chalo iss mahine ka Parle-G ka jugaad hogaya
#bugbounty
22
1
81
I am feeling to lazy to upload the script in github , here is the script , It's not a rocket science script just a simple basic script i use to fuzz for headers were user input is send to internal systems .
Yesterday Reported 2 BXSS using mine tool , 1 got triage another is still pending .
1. BXSS Complete execution .
2. Html Execution in subject .
Mine tool doesn't do anythings special just bash script with custom payload fuzz in headers + subjects
#bugbounty
2
2
36
7
18
81
Just published a write-up on open-redirection vulnerability , Hope so that it will be helpful for others , Do checkout to this
#bugbounty
#bugbountytips
#tryharder
#jerry1319
4
17
78
Found a critical leakage of admin data lead to admin acc pwn .
Tip :- Always check the source view while admin acc testing , some time developer forget some administrator commands to access admin account.
#bugbounty
#bugbountytips
3
11
76
Time to set goals for 2023. So here are mine
1. 15k+ $ bounty
2. 1hour gym
3. Invest into new business and get approx 5 lakh profit
4. Create a new setup
5. Get a job role
6. Enhance my threat hunt, osint and bug hunting skills
7. Collaborate with some awesome hackers
2
4
75
Reported an Awesome Account Takeover issue to Google , Just scared a little while because it will take 5-6 attempts to sucessfully reproduce the issue because of backend server issue , Hope triager can reproduce this sucessfully,
Time Spent : 3+ hours
8
0
65
I suggest every hunter to exploit the issue before reporting , because of this mine hours of hard work which I esacalated to P2 is getting DUP with P4 , P5 issues,
Kindly escalate it or at least exploit it on its full potential
#BugBounty
6
0
63
Quick update, Both of mine reports were accepted with severity P1 ,
One of the fastest accepted report of mine on GoogleVRP , accepted only within 10 hours after reporting.
Tip : Fuzz for DNS at the end of domain too I.e : domain-FUZZ leads me to get staging sub
#bugbountytips
if i found a bypass of a resolved report via 2 ways, the method is same but first bypass was on main domain where original report was reported, whereas 2nd bypass works on the staging domain of the same domain,
Should i report it as 1 report or 2 different report
#bugbountytips
4
1
6
17
1
64
Heyy everyone, I wrote article about my one of finding over google VRP , Kindly have a look into it and I hope that it will help you in learning + in your hunting journey too
#bugbountytips
#bugbounty
#tryharder
2
8
59
Alhamdulillah another accepted issue on
@GoogleVRP
, the bounty is pretty low as for comparison and expectations of mine with a p2 category bug
#bugbounty
Tip : Always check the 3rd party integration of services for common misconfiguration
#bugbountytips
8
0
56
Alhumdolillha Happy to secure
#Huawei
with Rce , (mine first accepted rce)
Thanks to my mentor
@Virdoex_hunter
Bhai for teaching and guiding me the right path 😊
💪♥️
#bugbounty
#tryharder
#jerry1319
#huawei
#bughunt
3
4
52
Info disclosure accepted over Microsoft as P3
Tip : check the login flaw of your target if it's using 3rd party to validate check for misconfiguration in it i.e : NTLM info disclosure .
#bugbounty
#bugbountytips
3
6
53
This is what happens when a
#bughunter
misconfig his own VPS all his finding data got publicly accessible
#bugbounty
#staysafe
5
1
48
Most of the time Bug Bounty won't give you money for fuel of your car or bike , but yet a particular time and continuous efforts , in a single time it can give you enough money to buy Mercedes-Benz for yourself in a single payment.
#Justathought
#bugbounty
2
1
45
Here is the quick update
@GoogleVRP
team accepted the bypass today and rewarded me with another $$$$
#bugbounty
Recent Bug Found on GoogleVRP,
Today I got notification of 1 of mine previous report got fixed on google, I revisited the domain and noticed that team has migrated the subdomain to support,google,com for mitigating the issue
1/n
#bugbounty
#bugbountytip
1
2
33
9
1
42
First report on
@google
got accepted,
I chained 3 bugs together among one of them got duplicates otherwise it will be P3
#bugbounty
#jerry1319
4
0
41
Again found a admin panel bypass which i have found similar in jan and reported to MSRC and got scammed ,
Should I report this one again to MSRC or just ignore it else maybe again they will scam me
#bugbounty
23
0
38
Received another bounty, after a long time and hustle finally it pays for the hard work .
Tip :- always try to check how the server is handling the sensitive data, in my case they are saving the login data incorrectly at the server side .
#bugbounty
#bugbountytips
#tryharder
2
2
38
Found one of the weirdest bugs ever
After a successful file upload when I open the image url in a new tab, it's leaking the users PC internal path , username of PC , name of file saved in the PC before upload and other metadata things .
#bugbounty
#bugbountytips
2
0
35
Alhamdulillah 5th report and 1st report of the year accepted on Google,
Thanks
@RushangShah14
motivational quotes and support k liye bro
#bugbounty
#tryharder
10
1
38
4
0
37
Yesterday Reported 2 BXSS using mine tool , 1 got triage another is still pending .
1. BXSS Complete execution .
2. Html Execution in subject .
Mine tool doesn't do anythings special just bash script with custom payload fuzz in headers + subjects
#bugbounty
2
2
36
Alhumdolillha ♥️ Your brother got his first CVE assigned to his name . Insallah many more to come 🫴
#bugbounty
#tryharder
#jerry1319
5
1
36
I meet
@infosec_au
at
@bsidesahmedabad
, he so humble and guided alot in the research related things and other crucial questions I asked him about 0 days .learnt alot of things to improve for better growth and Glad to meet you in person sir
#bsidesahmadabad
😉
0
1
35
I reported mass PII leakage because of improper indexing rules, but according to Google it's user issue not via server, I explained complete scenerio code issues, rules misconfig but sadly they believe it's user side issue, not worth to report this kind of bug
#bugbounty
3
1
34
5
1
33
Recent Bug Found on GoogleVRP,
Today I got notification of 1 of mine previous report got fixed on google, I revisited the domain and noticed that team has migrated the subdomain to support,google,com for mitigating the issue
1/n
#bugbounty
#bugbountytip
1
2
33
I just want to share something to newbie's who are unable to get first bounty or consistent bounty,
Stop using random tools, onliners and relying too much on automation+ ASM based recon SPend some time with your target, that's enough for getting your first bounty
#bugbountytips
3
3
34
I just read the interview of
@thedawgyg
on
@DarknetDiaries
, it really inspired me to hack back again after the long burnout break I took
0
3
33
Alhamdulillah one more accepted issue in google, but unfortunately it's won't qualify for a reward,
Tip: avoid reporting NPM RCE in google there are total 3 reports of. Mine about npm rce most probably other 2 will also get same
#bugbounty
#bugbountytips
6
0
31
When you didn't received bounty for a long time, haa bhai issi se pe zinda hu 🙃🙃
#bugbounty
no
#begbounty
5
0
29
Found another information disclosure on my target via analyzing Youtube videos .
Tip: Always check the youtube channel of your target may be on some fraction of time they have leaked some internal resources which can be abused by the attacker
#bugboutnytips
#bugbounty
3
2
29
Hurray I was awarded 85$ for a critical bug , Cache Poisoning leads to Stored XSS 😅😅😅😅😅😅, Ab bas Zindagi me kuch nhi mukti
#bugbounty
#begbountymeme
#bigbounty
#bugbountymeme
5
0
29
One day I will surely read my twitter bookmarks, medium bookmarks and screenshots.
3
1
25
No idea how but I lost my whole system last night while hunting over a target 😭😭😭
7
0
28
Quick update both of the reports got triage over h1
After getting infected with eye flu 🤧 I thought to do some basic browsing , and while crawling I found some issue on Toyota,
Reported 2 bugs , 1p4 and 1p3 let's see will they get triage or duplicate
#bugbounty
#bugbountylife
2
1
12
4
1
27
When ever I found a issue instead of writing report quickly, I stood up and go for 15 min walk 🚶, after comming back try to reproduce the issue again,
One
@kenansec
suggested this to me and believe me about 30% of the bugs of mine are False positive and it help me to validate
6
0
26
Alhumdolilah Received another bounty from
@thexoxoday
worth about $$$$ INR .
Bug :- API exploit , information disclosure and no rate limit .
#bugbounty
#tryharder
#jerry1319
#cybersec
4
1
24
I found a info leak on google , reported it to them,
Google vrp closes it as FP saying url is giving 404,
when i try to reproduce got to know it is authenticated,
While it mean somehow i bypass the auth then the leak found, Now i myself don't know how and where i bypassed it 🤣🤣
3
0
26
Just Found a stripe live apikey leak leads to internal data leakage,
I was just checking the Js files having interesting name. most of them are dead so I started checking via web.archiever and found the stripe apikey on there
Let's see I don't expect BC will acpt
#bugbounty
7
0
23
I don't know how this oam-tools work but for getting domains from amass why not use amass enum -d domain -noalts -norecursive -passive -o amass.txt
#bugbountytips
#BugBounty
Amass clean output using oam-tools.
1. Install oam-tools ()
2. Use Amass normally(amass enum -d target. com)
3. Use oam to get clean results:
oam_subs -names -d target .com
0
48
256
5
5
25
Don't trade your time for money, otherwise you have to trade money for your health,feeling sick 🤒 and completely on bedrest since yesterday,unable to digest anything I eat even water,half of bounties of this month has gone on treatment
That's why don't trade your time for money
10
1
25
Now I think i need to stop trusting over httpx blindly, httpx gave me 6 alive domains whereas when i used resolvers + dorking's then got to know that there alot of active subdomains which httpx didn't detect.
Does httpx works perfectly for you ???
#bugbounty
5
1
25
I mass hunted 1 bug and got 167 hits from my scraped data among which 14 where actually vulnerable, spend continuous 2 days for exploiting without sleeping , 4 we're got duplicate still 10 are pending. Let's see what will happen to them 🙃
5
0
24
1/2 if you ever Found a flickr apikey leak anywhere try to request it will show you some basic things like, server , title , id secret and owner
#bugbounty
#bugbountytips
2
5
24
I found a default credentials login but the server is giving me 400 via the waf after an analysis got to know that the server is validating the device and location through which they are blocking me to access the admin panel after the default login
#bugbounty
4
3
22
Reported 6 info disclosure to one of my favourite programs.
Let's see the response from the team 😉
#bugbounty
4
0
23
Heyy infosec community,
checkout the youtube channel of
@ott3rly
,he is sharing great resources and approaches which you should have look once i am sure you will never regret about it
#bugbounty
#bugbountytips
1
3
22
Worst month ever I have 5 n/a 6 duplicates and not 1 traige as p4
#bugbounty
#bughunting
#cybersecurity
#tryhard
#burnout
#security
#Jerry1319
3
0
21
0
2
20
My Report on Google got traige , one got closed and other got triage , what a great day for me it is .
Thanks
@ADITYASHENDE17
🙏 for guiding me.
#bugbounty
#infosec
#tryharder
#jerry1319
3
1
19
Quick update on it, finally google accepted it 😁😁 always check the YouTube raw videos
#bugbounty
#bugbountytips
Found another information disclosure on my target via analyzing Youtube videos .
Tip: Always check the youtube channel of your target may be on some fraction of time they have leaked some internal resources which can be abused by the attacker
#bugboutnytips
#bugbounty
3
2
29
4
0
20
why the hell people obessed with xss , btw the claim you made is totally false, the target url is visible and a simple xss payloads works to pop-up , whereas i myself have 0 idea about xss, People are just making false claims to promote shitty tools that's
I tried my search with 3 different tools on the same parameter but all these tool came back with negative results. Only
@ibrahimxss_
could see through the walls to get the
#XSS
bugs.
4
11
104
5
1
19
I got too much frustrated, unable to find bugs , just getting too much dup and all, When i choose a new target then just dropping it down within 3-4 hours , I got fully unfocused and frustrated no idea what to do to make it better
10
1
18
The issue is reproducible but declared as informational wow 😳😳, is this make any sense.
4
0
17
Why the hell some triagers don't read the report properly before closing it as N/A 😅😅
And why
@Bugcrowd
don't have the feature to block/restrict some triagers visiting to our report .
Don't want to take the same of the triager
@RushangShah14
bhai tu bhi mat reveal kariyo
3
0
17
Heyy
@GodfatherOrwa
&&
@XHackerx007
, I have found .git file leakage on one of program you both are hunting for years,the .git file contains the sources codes of the multiple sites , I wanna to increase the impact of the issue, It will be great if any of you wanna collab on this
5
0
17
If you want to learn Osint, geomint, humint, threat hunting etc then try ihunt ( ) developed by
@initinpandey
sir . It's great collection i request everybody to check it out and safe it.
0
8
17
Excited to be in Ahmedabad for
@bsidesahmedabad
on Oct 6th! 🙌
Looking forward to an incredible event.
If you're attending, don't forget to say "Hi" , let's meet up and make the most of this fantastic event. See you there!
#BSidesAhmedabad
0
1
17
Heyy
@NahamSec
,
When will the talk of
@zseano
@0xLupin
and
@gregxsunday
are gonna be public on the channel,
Can you please let us know
1
0
16
Hahaha , Triager is giving me duplicates with my own old report 🤣🤣🤣
#BugBounty
#bugbountymeme
3
2
16
I just got a PII leak of customers via robots.txt on Google , It's a great and interesting bug i have found till now. Reported it to the VRP will see if team will accept it or not
#bugbounty
#bugbountytips
3
0
16
One memorial pic with
@3ncryptSaan
@pratikkarankr
@Vivek23647571
and mohan at
@bsidesahmedabad
and thanks
@3ncryptSaan
Bhai for answering the questions and roadmaps discussion about Collab and hunting meth and cve hunting's
0
1
16
0
2
15
Heyy
@msftsecresponse
, I have reported an admin panel bypass on msrc in jan it's been 3 month the issue is fixed now with in 20 days but still the status is complete and no bounty or reward is allocated for the report, can you plz. Look into this
5
0
15
@Cyber78678
1. Info leak
2. BAC
3. Excessive data leakage
4. Ssrf
5. Sqli
6.ssti
7. Logic failure
8. Insecure design flow
9. Multiple misconfigurations
10. Access control issues
11. IAM management
12. Privilege esacaltion
13. Csrf
14. Cors misconfig
15. Cache issue
16. Error handling
3
1
15
I learned a lot from
@GodfatherOrwa
tweets and tips and after reading his story the respect for the legend is increased
MVP Champion, P1 Warrior, and
#TeamHunt
Hacker Cup Winner 👇
@GodfatherOrwa
is this month's
#ResearcherSpotlight
. Visit the link below for some mid-week inspo 💡
8
16
113
0
1
14
4/n
And again I am able to bypass the auth and able to access the admin panel by bypassing the recent mitigation applied by team , They only migrated the subdomain to support,google,com but forget to remove instace from the backend
3
0
14
About a month ago I found a misconfiguration into
@RockWithboAt
smart watch ( particular version ) which allows me to takeover the watch remotly and able to control the complete watch from a particular range ( Feels like real life hacking 😁😆😆 )
3
0
14
Operation failed 👎
Moral of the story : apne ander k engineer ko zinda mat hone do mehnga padega 🤣
8
0
14
Actyally it's great approach + tip
The best bugbounty tips that actually helped me.
1. focus on 1 program
2. know the application
3. focus on few high impact vulnerabilities and become master on it
4. Click on every buttons
5. Build your own methodology
1/2
#bugbounty
#bugbountytip
#bugbountytips
3
51
209
0
2
13
Subscribe to this channel of
@gregxsunday
the content shared here are really goldmine for hunters, let's promote it and make it 50k family together
1
1
13
Reported an info disclosure issue in HP ( Random finding ) current status accepted ss k Liye old email 😁
2
0
13
Which service or application do you guys use to receive bounties which are inform of crypto ???
5
0
12
@fattselimi
Google dork :-
site:"*.*.*.target.com" allintext:password.txt ext:log OR filetype:log
1
0
11
Am I only one getting this error in h1 report side bar, or is it happening with everyone
@errorsec_
2
0
10
Today, I was just scrolling YT for google POC and found some videos with title 500$ paid for blahblah , Honestly GoogleVRP never gonna accept those bug even those are not a bug, how some people are uploading shit for some reach and manipulation
2
0
12
I want to request to all of my friends , bhai bas kar itna ladkiyo k tweets pe comment mat kar , pura feed ldkiyo k tweets se bhar gaya tum logo k karan ,
Bas karo ab
3
0
11