Abhi Sharma 𝕏
@a13h1_
Followers
1,643
Following
39
Media
140
Statuses
766
Cybersecurity Researcher | Bug Bounty || Weekly Bug Bounty Write-ups on Medium 📝 #CyberSecurity #InfoSec #bugbounty #hackerone
🇮🇳
Joined August 2016
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
الهلال
• 627177 Tweets
River
• 268870 Tweets
Dubois
• 111276 Tweets
Michigan
• 95874 Tweets
#रामचरितमानसअनुसारमोक्षकैसेहो
• 95166 Tweets
Romero
• 85135 Tweets
Riquelme
• 80448 Tweets
Watch Factful Debates YouTube
• 77446 Tweets
Oklahoma
• 50359 Tweets
#仮面ライダーガヴ
• 39563 Tweets
Janet Jackson
• 35880 Tweets
Tennessee
• 34465 Tweets
Iowa
• 31984 Tweets
秋分の日
• 31859 Tweets
秒速5センチメートル
• 30206 Tweets
Auburn
• 23014 Tweets
#ブンブンジャー
• 19927 Tweets
ショウマ
• 15320 Tweets
ADLK NEVER ENDING
• 14960 Tweets
ダブルドライバー
• 13599 Tweets
Bristol
• 13244 Tweets
設営完了
• 11803 Tweets
#MostRequestedLive
• 11730 Tweets
サンシーター
• 10835 Tweets
#อ๋อมอรรคพันธ์
• 10749 Tweets
Finally, November has ended, and I got 1838$ in bounty and 3 report bounties are still pending. This month I got 8 duplicates, 2 informatives, 4 triages, and 3 in pending review and 3 are in new.
Gearing up for December.
#bugbounty
#bugbountytips
#Happy
#Hacking
#hackerone
10
3
180
Beginner’s Guide to Bug Bounty Hunting: Start Small, Learn Big!
Starting out in bug bounty hunting can be overwhelming. You don't have to dive into complex programs right away. Instead, start with some simple steps to build your skills and even earn some cash along the way.
3
19
131
“850$ IDOR:Unauthorized Session Revokation of any user” by Abhi Sharma
0
22
109
“1000$ IDOR : Unauthorized Project Inclusion in Expense” by Abhi Sharma
3
11
108
“Bypass Rate Limits on authentication endpoints like a pro………!” by Abhi Sharma
0
31
106
“Bypass Rate Limit on authentication endpoints like a pro………!” by Abhi Sharma
1
18
99
Top 50 Google Dorks for
#BugBounty
and
#Responsible
#Disclosure
Programs For Beginners
inurl:"/bug bounty"
inurl:"/responsible disclosure"
inurl:"/security.txt"
inurl:"/responsible-disclosure/reward"
inurl:"/responsible-disclosure/swag"
"submit vulnerability report" | "powered
Beginner’s Guide to Bug Bounty Hunting: Start Small, Learn Big!
Starting out in bug bounty hunting can be overwhelming. You don't have to dive into complex programs right away. Instead, start with some simple steps to build your skills and even earn some cash along the way.
3
19
131
2
34
99
“$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover” by Abhi Sharma
7
20
91
In May, I submitted 6 vulnerabilities to 2 programs on
@Hacker0x01
& one was a duplicate and the rest 5 got me 3850$ in bounties.
#TogetherWeHitHarder
#BugBounty
7
0
88
Hi everyone,
1st week of the month is over, we're slowly heading towards year end.
I was
#hacking
into a program in which I
#submitted
10 reports in a week and received 3 bounties totaling 1350$.
How's your year-end hacking going?
#BugBounty
#bugbountytips
#hackerone
#cyber
9
1
88
11
2
87
“417$ Simple IDOR: Unauthorized Contact Details Modification” by Abhi Sharma
4
12
83
The OCT is over and I received 2350$ bounty, more are in pending, but 6 reports were resolved this month, 7 were duplicated, 6 were in pending review, and 2 were in triage overall a good month.
#bugbounty
#Happy
#Hacking
3
2
84
After a break yesterday, I submitted two reports and got two bounties today, one report get resolved, and the other was triaged for total 700$ in bounties. I am very pleased with this program and plan on hunting onto this for a while because they are fast to resolve and pay out.
8
1
81
“My $1000 Bounty Bug: How I Stopped Companies from Losing Money with an IDOR Flaw” by Abhi Sharma
2
13
78
1200$ IDOR Flaw: Allow Attacker To Approve Project Time Tracking :-
#BugBounty
#bugbountytips
#CyberSecurity
#infosec
0
17
78
In December 2023, I earned 2150 dollars in
#bounties
. I earned more than half of it in the first week, but then I lost focus and consistency, which I think was my bad habit. From now on, I'll have to be more consistent, focused, and stop wasting time.
Wishing you all a Happy New
9
2
73
Now available for non medium members also, Go checkout now :-“Another 1500$: CR/LF Injection” by Abhi Sharma
0
11
74
1/4
Here's a realistic approach for getting into bug bounty hunting:
(in this specific order)
- 𝐒𝐭𝐮𝐝𝐲 𝐒𝐩𝐞𝐜𝐢𝐟𝐢𝐜 𝐅𝐮𝐧𝐝𝐚𝐦𝐞𝐧𝐭𝐚𝐥𝐬
• How common protocols work
• How HTTP and DNS works
• What happens when a website loads
• Common web-app infrastructure
2
19
71
“My $750 Privilege Escalation Bug: How I Prevented Unauthorized Role Changes” by Abhi Sharma
0
15
70
“Regeneration of API key by low level user: 500$ Access Control bug” by Abhi Sharma
1
13
64
$1000 Bounty Bug: How I Stopped Companies from Losing Money with an IDOR Flaw:-
#IDOR
#BugBounty
#bugbountytips
#Cybersecurity
#infosec
2
14
56
My last month was horrible in bugbounty since I only made 425$ mostly from retests. But today's report got triaged and bountyed in just six hours with a little bonus, Its a well required boost up for me.
#BugBounty
1
2
55
“How I Earned $469 Bounty: Bypassing Plan Restriction” by Abhi Sharma
1
8
54
This month I only got two bounties, one low and one high, and got 50$ for retesting, and eight reports got duplicated, which was disappointing, but I still got 1700$ in total. Half the month I had a cold and cough, so I had a hard time getting motivated. My goal next month is to
8
2
54
Thanks everyone for helping we decided.
As a result, I have written some write-ups of my last month's findings, and I have already scheduled them to get published every Saturday at 8 pm starting this week.
Here is a little glance of all the planned write-ups and hope you guys
I'm thinking about restarting one of these two, help me choose!
My write-up shares the bugs I've found, and the techniques I used to find them.
Daily CyberSec polls check ->
#100DaysOfCyberSecPoll
Vote⬇️
#BugBounty
#CyberSecurity
#Hacking
#informationsecurity
#Writeups
0
1
7
4
8
53
Do you guys wanna read a write-up about how to pick a target and is it a good target based on your skills and strengths?Let me know in comment because a lot of beginner's questioning about this in Dm, so I'm sure I'd love to write about it if you're interested, not just for
13
2
52
“Unauthorized Deletion of Forms by Low-Level Unlicensed Users: A 500$ Access Control Bug” by Abhi Sharma
0
8
52
“Privilege Escalation: Unauthorized Low-Privilege Users Creating Feature Bundles” by Abhi Sharma
0
8
52
“$800 Improper Authorization Flaw: Unauthorized Project Reclaiming Post Transfer” by Abhi Sharma
0
6
50
Yesterday, while waiting to board my flight back home at Goa airport, I decided to kill time by bug hunting. Found this little bug! Hoping it'll reimburse my trip expenses! 🕵️♂️💸
#BugBounty
3
0
49
Bypass Rate Limits on authentication endpoints like a pro.........!
🕵️♀️ Remove or nullify captcha parameters to bypass captcha requirements. Fallback methods might expose vulnerabilities.
🌐 Rotate your IP using services like Brightproxy or Burp Suite IP rotate extension. A
3
13
48
“My $1000 Bounty Bug: How I Stopped Companies from Losing Money with an IDOR Flaw” by Abhi Sharma
1
12
46
“500$ Access Control Bug: Performed Restricted Actions in Developer Settings by low level user.” by Abhi Sharma
1
6
46
“921$ Privilege Escalation: Unauthorized User Addition to Shared APP Connections” by Abhi Sharma
0
5
45
How to succeed in bug bounty?
Focus on your skills and develop your own methodology. Everyone thinks differently. Start with any method, but as you encounter more duplicates, realize you need to innovate. Create your unique approach and you'll start seeing results.
#BugBounty
1
8
45
As the first month of the year ended, I only did bug bounty for one week in January since I'm working on a personal project that will be launched in February end. I submitted 5 bug reports, 3 of which were resolved, and 2 of which were informative, resulting in a bounty of 1200$
4
4
45
Hi Everyone,
The week is over, and we're just one week away from the new year. How close are you to your goal? This week I only got 300$ in bounty, and two more report got triaged but are still in pending bounty status.
what about you guys?
#BugBounty
#Hackerone
#Happy
#Hacking
1
4
45
“921$ Privilege Escalation: Unauthorized User Addition to Shared APP Connections” by Abhi Sharma
1
4
42
🔐 Simple 2FA Bypass Tips & Tricks 🔓
1. Response manipulation
2. Status code manipulation
3. Use 2FA codes more than once when you can ♻️
4. Watch out for 2FA codes spilling out in response or somewhere else💧
5. Lack of brute-force protection or Look for places where brute
0
10
40
“Unauthorized Deletion of Forms by Low-Level Unlicensed Users: A 500$ Access Control Bug” by Abhi Sharma
0
2
39
“The UI Slip I Hit 750$: UI Manipulation Leading to Unauthorized Permission Changes” by Abhi Sharma
2
5
38
“Bypassing 2FA for Password Reset : By Request Manipulation 500$ Bug” by Abhi Sharma
0
10
35
Hi Everyone, how are u all doing!
As the 2nd week of this end of year month comes to an end, I get only two low bountys totaling 500$ this week; I got 3 duplicates, 1 in pending review, and 4 are new reports.
What about u guys?
#bugbounty
#Hackerone
#CyberSecurity
#Hacking
4
2
35
What is wrong going on
@Hacker0x01
triage team, today they marked report duplicate to already resolved report.
#bugbounty
#hackerone
2
1
31
“NewLine Character Cause DoS: Folder & File Deletion Flaw” by Abhi Sharma
1
4
31
Sometimes choosing a new
#program
to
#hack
is more harder then finding a
#bug
#BugBounty
#Hacking
#bugbountytip
#hackerone
6
1
29
I am giving away 2 passes to students(worth 1600 ₹) for IWCON 23' organized by
@InfoSecComm
To win:
1. Follow
@a13h1_
and RT
2. Comment whose talk are you highly looking forward to?
➡️ Speakers list:
#bugbounty
#infosec
#giveaway
#Hacking
8
9
29
“500$ Privilege Escalation: Unauthorized Low-Privilege Users Creating Feature Bundles” by Abhi Sharma
0
6
29
Today when I was publishing my new article, I noticed
@bilalresearcher
had copied all my
@Medium
articles, even my profile about too. I don’t know why because all those are my personal findings articles i can report copyright violation but i believe after this tweet
3
1
30
“1200$ IDOR Flaw: Allow Attacker To Approve Project Time Tracking” by Abhi Sharma
0
17
28
Stop wasting time on labs/CTFs with pre-packaged problems/solutions! Why not focus on real-life targets instead?
Labs are designed to teach you specific bugs or problems, but they limit your creativity and problem-solving skills. Plus, when you get stuck, it’s too easy to just
Top 50 Google Dorks for
#BugBounty
and
#Responsible
#Disclosure
Programs For Beginners
inurl:"/bug bounty"
inurl:"/responsible disclosure"
inurl:"/security.txt"
inurl:"/responsible-disclosure/reward"
inurl:"/responsible-disclosure/swag"
"submit vulnerability report" | "powered
2
34
99
1
5
27
“How to Write an Effective Bug Bounty Report: Tips, Structure, and Examples” by Abhi Sharma
1
6
28
Hey Everyone!
I'm excited to share that after a long break, I'm back with new bug bounty write-ups!
Get ready to dive into some fascinating discoveries. Check out the sneak peek of my upcoming write-ups below!👇
I’ve scheduled all these write-ups for every Saturday at 7 p.m.
0
6
24
Hi everyone, whats ur's
#Hacking
plan for Dec are u going to stick to one particular program, what is your aim to achieve for this month! I'm aming to get 10 duplicates, get depressed, go to Manali, drink, laugh, and come back with new hope🙃
#BugBounty
#bugbountytips
#hackerone
8
0
23
Have you guys been banned from any private programs?
I got my first tonight without any reason, just because I disagreed with their severity and reported Closer and provided them with the info that they requested to reconsider the report.
#BugBounty
#bugbountytip
#hackerone
1
0
22
When you start feeling burnout from
#BugBounty
, remember why you started it in the first place. If it was money, take a vacation or buy something you want; if it was
#Hacking
, take a break from bug bounty and try to do some
#exploitation
.
#Hack
a website or take it down do some
1
5
22
“Privilege Escalation: How I Earned $500 by Discovering the Ability to Delete Documents as a Student” by Abhi Sharma
1
6
22
2
1
22
There's lots of space for stickers on my new Mac if you're coming to
@bsidesgoa
bring some cool sticker with you
5
2
21
3
5
21
“How to Write an Effective Bug Bounty Report: Tips, Structure, and Examples” by Abhi Sharma
0
5
21
“Why You Should Attend Cybersecurity Conferences: Unlock Opportunities” by Abhi Sharma
1
8
20
Go check it out now before it’s locked again for member only...
Read it while it’s free! 🕒
#CyberSecurity
#BugBounty
#Infosec
Now available for non medium members also, Go checkout now :-“Another 1500$: CR/LF Injection” by Abhi Sharma
0
11
74
4
1
20
You don’t get results by focusing on results. You get results by focusing on the habits and behaviour that produce results.
0
1
20
What a good start to the month! Today Morning i crossed 1k followers on Medium, a number I never imagined when I started writing in August last year, but now I have 1k peoples who love to read my articles. It motivates me to keep writing good, informative articles.
I am
1
0
18
3/4
- 𝐋𝐨𝐨𝐤 𝐀𝐭 𝐂𝐨𝐦𝐦𝐨𝐧 𝐌𝐞𝐭𝐡𝐨𝐝𝐨𝐥𝐨𝐠𝐲
• Jhaddix's methodology
@Jhaddix
• Zseano's methodology
@zseano
• Nahamsec's YouTube videos
@NahamSec
• STÖK's YouTube
@stokfredrik
1
1
17
4/4
- 𝐔𝐭𝐢𝐥𝐢𝐬𝐞 𝐑𝐞𝐬𝐩𝐨𝐧𝐬𝐢𝐛𝐥𝐞 𝐃𝐢𝐬𝐜𝐥𝐨𝐬𝐮𝐫𝐞
• Use Google dorks to find small programs
• Use platforms like Open Bug Bounty
by
@danielmakelley
#bugbountytips
#BugBounty
#Hacking
0
0
17
True feeling 😂
#BugBounty
#CyberSecurityAwareness
#CyberSecurity
#infosecurity
#bugbountytip
#Hacking
2
1
17
“Frontend Fumbles: The 250$ Curious Case of API Key Permissions.” by Abhi Sharma
0
4
16
2/4
- 𝐏𝐢𝐜𝐤 𝐎𝐧𝐞 𝐎𝐫 𝐓𝐰𝐨 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐓𝐲𝐩𝐞𝐬
• Examine how it works
• What makes something vulnerable
• How developers can patch it
• Real-world reports involving it
• Different ways to identify it
1
1
15
Hi Everyone,
Today I booked my spot for
@bsidesgoa
I'm wondering who else has booked a slot, or is thinking about attending the event in April. Let's catch up and connect here before we meet at the event.
#BSidesGoa
#CyberSecurity
#BugBounty
#Hacking
#infosecurity
6
2
14