Debangshu 🇮🇳🥷
@ThisIsDK999
Followers
6,003
Following
942
Media
974
Statuses
10,231
default BURP user. loves to pwn AEMs and other CMSes. Top 200 @bugcrowd . Captain @Str4awHats 🥷. Opinions are personal.
Joined August 2016
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Hamas
• 884202 Tweets
Netanyahu
• 351124 Tweets
River
• 126837 Tweets
#MaduroSecuestraNiños
• 105884 Tweets
ESPN
• 70189 Tweets
Valverde
• 64953 Tweets
YouTube TV
• 60193 Tweets
Coco
• 56003 Tweets
#NXTNoMercy
• 55536 Tweets
Dinamarca
• 40736 Tweets
#خلصوا_مع_جالينو
• 24607 Tweets
Millonarios
• 22154 Tweets
Falcao
• 20160 Tweets
Giulia
• 19340 Tweets
Fonseca
• 18922 Tweets
Gallardo
• 18343 Tweets
Clooney
• 15393 Tweets
DirecTV
• 14782 Tweets
#WWENXT
• 13596 Tweets
MIX師
• 12094 Tweets
Roxanne
• 11709 Tweets
Pinned Tweet
100k$ on
@Bugcrowd
finally :)
Big thank you to everyone who contributed to this journey.
@_rajesh_ranjan_
@Assass1nmarcos
@ArmanSameer95
and all my other friends <3
(might not be as big of a number but it's a total milestone for me 🌟 :)
67
16
395
Its my birthday 🎉! So Imma post a quick little
#bugbountytip
1) Recruitment site, had option to upload pdfs (CV, Resume, certs and other docs)
2) Saw the upload functionality, files uploaded to s3 bucket i.e.
(1/n)
41
70
315
site:monitoring.*.com "dashboard"
Super simple, yet effective
#bugbountytips
#bugbountytip
#cybersecurity
0
80
295
I just published Apache Example Servlet leads to $$$$
Give it a read :P
#bugbountytip
#bugbountytips
10
140
267
I earned $2,300 for my submission on
@bugcrowd
#ItTakesACrowd
#bugbounty
Small PoC:
1) Used dork: inurl:
2) Searched through first 10 pages manually.
3) Came across a site having some example code snippets
(1/2)
8
53
245
Hey all! A quick AEM
#bugbountytip
for you guys!
Appending the query "?tidy=true" to the JSON output of any endpoint prettifies it for you.
(Check pics 1&2)
Also, certain times it might help you to break the caching behaviour of AEMs too! Have fun with this.
(Pic 1/2)
3
78
233
I earned $4500 for my submissions on
@bugcrowd
#ItTakesACrowd
Also, crossed 1000+ points for the first time!!!
42
7
195
Here's how I was awarded 1k$ for an Open Redirect👇
10
31
197
I earned $2,700 for my submissions on
@bugcrowd
#ItTakesACrowd
1) Access to spring boot endpoints leading to multiple vulns(2100$)
2) Ability to send email from anybody
@company
.com by abusing their fax functionality (600$)
19
13
168
24
6
171
Using Firefox? Small tip:
Hit about:config and type general.useragent.override
Now, select the String option and hit + and then, paste in your Blind XSS Payload.
Useful, in case you're too lazy to open burp, just right in your browser itself.
(1/3)
#cybersec
#hacking
#bugbounty
5
54
162
Let's make this a thread:
List atleast one technique you learned from CTFs that you used/can be used IRL
Mine: Prepending GIF magic bytes to a malicious php shell led to File-Upload Bypass and command execution.
Comment!
#bugbountytips
#bugbountytip
#cybersecurity
5
46
160
3) simple google dork:
site: ext:pdf
4) Guess what! Tonnes of PII🙈
5) Stepping it up, I noticed the docs being saved as
6) Brute force away! Even more PII!
P1 -> $$$$
S3 access control issue -> IDOR -> PII
(n/n) Enjoy Guys! 🎉❤️
6
31
162
Small dork to pull up list of Openfire Admin Console for CVE-2019-18394
Google
intitle:"Openfire Admin Console"
Shodan
http.title:"Openfire Admin Console"
#bugbountytip
#bugbountytips
3
65
153
#bugbountytips
For beginners getting started, stay away from accounts that only post about random tools and 'how to get started' tweets for engagement farming. They probably are not a subject matter expert and you either won't gain much from them :)
12
17
157
I earned $2,300 for my submissions on
@bugcrowd
#ItTakesACrowd
1) RCE on Confluence via CVE-2019–11581
2) Improper Access Controls in JIRA
9
8
145
Glad to announce that I'm finally a member of
@SynackRedTeam
after a year long wait!
Many thanks
@ArmanSameer95
!🥳🥳
#infosec
#bugbounty
21
2
143
Sorry for the delay, but it's here now!
Give it a read a let me know how you like it!
cc:
@RathiArpeet
#infosec
#hacking
#wordpress
16
58
140
9
35
119
While pentesting JIRA/Confluence webapps, if you ever come across this warning, simply add:
X-Atlassian-Token: no-check in the request body and that would probably bypass this warning.
#bugbountytip
#bugbountytips
6
50
113
I earned $1400 for my submissions on
@bugcrowd
Bug 1:
Unauthenticated Access to Apache Example Servlet leading to multiple vulnerabilities (1200$)
Bug 2:
Access to client's test account via pastebin(200$)
#ItTakesACrowd
14
8
105
I earned $2,500 for my submission on
@bugcrowd
#ItTakesACrowd
Triaged and Rewarded within 2 hours!
Amazinggg stuff
@Bugcrowd
13
2
104
#bugbountytip
#bugbountytips
Have a possible XSS on AEM target, but application renders it in JSON?
Simply append the query to the url -> "?mimeType=text/html" to get it to render in HTML format.
Note: Might not work for all instances.
2
29
104
A good example of JavaScript prototype pollution!
2
43
102
ImageMagick: The Hidden Vulnerability Behind Your Online Images
0
17
96
5
25
90
I earned $1,250 for my submission on
@bugcrowd
#ItTakesACrowd
Bug: Semi internal sites accessible and editable publicly w/ limited code execution
6
3
87
Might be an average hacker but atleast I don't copy pasta posts/resources to gain followers 😂
10
7
87
I earned $1,000 for my submission on
@bugcrowd
#ItTakesACrowd
From N/A to Sweet Bounty!
Much love for the
@Bugcrowd
team for making things right! ❤️
9
1
82
Hello folks! My friend
@ArmanSameer95
Just published an awesome writeup on a really interesting finding here:
@MilindPurswani
Awesomee idea mate!
@dominat0r98
😏Disclose yours ASAP too
#bugbounty
#bugbountytips
#hacking
#bugbountytip
4
19
77
I earned $500 for my submission on
@bugcrowd
#ItTakesACrowd
Submitted this for
@Bugcrowd
Swag Challenge but took 2months to pay lmfao.
18
1
76
I just started reversing CVEs in WordPress Plugins a while back and found some new issues too! Would y'all be interested in writeups?
#infosec
16
1
72
.
@RockWithboAt
should invest in a Bug Bounty Program with actual rewards. This attracts top-tier talent, who don't work for free
While due attention to overall security posture is crucial atm, this would certainly, plug a lot of holes.
It's high time now!
@amangupta0303
#boat
17
7
70
Always try harder!
#bugbounty
Thanks to
@AEMSecurity
and
@taulantbajramii
for showing me the guiding light :)
10
4
66
Inviting all the security researchers to register on India's First Crowdsourced Penetration Testing Platform...
Visit:
Go ahead & register yourself.
Helping a friend out!
10
10
63
SSRF on GCP? Can't extract metadata? Can't set headers? No internal subdomains? Tried every SSRF resource on the internet?
Still no success?
Me and
@RathiArpeet
managed to find one such SSRF that led to a sweet bounty.
Stay tuned, dropping it soon!
#infosec
#BugBounty
3
3
65
Been trying out
@Netlas_io
for a while and the results and filters on this are amazing!
There's a lot of experimentation one can do with this. Surely underrated!
#infosec
#BugBounty
#bugbountytips
9
7
62
I'm very happy to share that I'll be presenting my talk 'To The Docs And Beyond!' at
@BarcelonaBsides
which will take place from 30th September - 1st October, this year.
See you all there!
#bugbounty
#hacking
#cybersecurity
8
7
62
Got done with
@Hacker0x01
Ambassador CTF w/ Pune India H1 Club.
Kudos to all team members for all their combined efforts!🎴
#infosec
#ctf
2
3
63
A very sad truth of BB :
People are happy with a med when you can possibly turn it into a crit with a little bit of digging, but they're just too naive or rather too lazy to make an effort. Ruins his/her and other's chances of getting a crit too!
#infosec
#BugBounty
7
1
59
org: http.title:rocketmq-console
A small shodan dork to pull up RocketMQ console which often has quite confidential production information disclosed.
#bugbountytips
#bugbountytip
0
21
57
India 5 🇮🇳lessgoooo
The results are in!🥇
Congratulations to these 32 teams who will move on to the Group Round of the 2024
#AmbassadorWorldCup
! 🙌
The next round kicks off at the end of August! Stay tuned for the latest info, and read more about the AWC here.
46
59
303
5
5
59
Hunters! Your domains pointed to AWS IP are getting indexed on Shodan! XD
Link -
2
3
57
1
9
55
some security teams can’t reproduce basic PoCs and want 5 yrs of experience in their candidates lmaoo
4
7
52
How teams should handle SSRF issues
2
7
53
My drafted talk deals with a similar situation i.e.: how to SSRF when AWS/GCP metadata access fails.
(I wish some conferences accept it, instead of the regular jargon you see in infosec everyday)
Severity is totally unjustified
7
2
53
4) Came across a PHP code snippet originally hosted on github but referenced there.
5) grepped for username and password in the code snippet.
6) Found Username, password and admin endpoint
7) Logged in and had access to full PII
(2/2)
0
7
50
Feel free to DM me if you require escalating any
#AEM
security issues. I’ll try my best.
However, please note :-
a) I don’t encourage VDPs
b) Not at all times its possible to bypass dispatcher filters/ find critical issues. Please bear with that.
#BugBounty
#infosec
#hacking
2
1
50
5
1
50
Dear all SSRF Lords,
On a Backend running Ruby 5.0.2 & Squid Proxy and a Full Response SSRF. What all can we try?
(Basic stuff already tried)
#bugbounty
#infosec
10
4
50
#bugbountytip
#bugbountytips
Anonymous Write Vulnerability in Adobe Experience Manager (AEM) may lead to multiple Stored XSS(s) (SVG+HTML Prop based)
Details here:
Bypasses are really random.
E.g:
/1.css | /.json/ahyejwkw.js | ?.html;%0aaaa.json |
[+]
#BugbountyTip
:
When testing for anonymous write access on Adobe AEM in "/content/usergenerated/*" If you get HTTP 404, try bypassing the dispatcher filter rules like this:
"/ANYEXISTINGFOLDER/..../content/usergenerated/test"
#Bugbounty
#TogetherWeHitHarder
#AdobeAEM
0
17
46
1
20
48
Nibbas be like Ohh AI/ML's gonna takeover BB/Hacking.
Lemme ask you something?
Do you even code bro?
10
2
48
Since this was resolved ✅ and was an interesting find, I'm thinking of sharing it with the community.
What would you guys like?
cc:
@Assass1nmarcos
24
6
171
4
1
49
1
2
49