Abu Maryam Rahmat
@abumaryamrahmat
Followers
992
Following
186
Media
23
Statuses
587
Explore trending content on Musk Viewer
WEIBO LIVE X FAYEYOKO
• 164010 Tweets
Sant Rampal Ji Maharaj
• 136911 Tweets
百鬼夜行
• 94285 Tweets
#HUEAreMyEverything
• 61154 Tweets
#휴닝카이가수놓은여름밤의은하수
• 57998 Tweets
#الهلال_الاهلي
• 55128 Tweets
Martes 13
• 49739 Tweets
ゴリラ審神者
• 38636 Tweets
#愛され天使ヒュニンカイ
• 37494 Tweets
D-14 TO CHANYEOL SOLO
• 34046 Tweets
OUR BAND LEADER HUENINGKAI
• 33321 Tweets
ガラスの仮面
• 30863 Tweets
サブスク解禁
• 28602 Tweets
CRAZY TRACK SAMPLER
• 21458 Tweets
LEAVE BLACKPINK ALONE
• 17760 Tweets
さんま御殿
• 16259 Tweets
警告試合
• 15959 Tweets
Colbert
• 14330 Tweets
高津監督
• 14282 Tweets
Jaime Garzón
• 11969 Tweets
チェンソーマン
• 11625 Tweets
横井さん
• 10672 Tweets
ポケモン赤緑
• 10612 Tweets
Pinned Tweet
Biidznillah, finally got the first place (all-time) in the LinkedIn bug bounty program, It took 2 years to achieve this :)
#bugbounty
#bughunter
#hackerone
#infosec
#linkedin
21
4
156
Biidznillah, I was awarded a $2,500 bounty on
@Hacker0x01
1. Type "amr" in the search feature
2. GET /user/api/search?keywords=amr&q=keywords
3. Change to
4. GET /user/api/search?email=victim
@gmail
.com&q=email
Sensitive information about the victim was disclosed
#bugbountytips
28
95
592
Biidznillah, I was awarded a $5,000 bounty on
@Hacker0x01
!
a simple IDOR
❌ GET /api/v1/user/detail?type=1&user_id=123
✅ GET /api/v1/user/detail?type=0&user_id=123
alwys try changing the value if u find parameters similar to that (type, role, scene, etc.)
#bugbountytips
16
50
377
Alhamdulillah, I was awarded a $4,500 bounty on
@Hacker0x01
!
Add any item to the basket->Intercept->checkout->in the parameter "address_id":"123" change it to the victim's address_id->look at the order->the victim's identity is disclosed
#bugbountytips
#TogetherWeHitHarder
33
34
367
Looking for bugs on LinkedIn in early November 2022, Alhamdulillah the achievements for one year:
- Ranked 2nd all-time
- 1209 Reputation
- 50+ Paid reports
If you want to hunt there, LinkedIn has a lot of issues on access control and logic errors :)
#hackerone
#bugbountytips
12
6
155
Alhamdulillah Another bypass reports on LinkedIn, very interesting looking for bugs here :)
#hackerone
#bugbountytips
11
2
128
@Moohd_Ilham
@tanyarlfes
Saya awal liat dia udah ragu, ntah kenapa seperti perasaan aja. Biasanya orang ikhlas keliatan dari gimick dan cara bicaranya
2
0
26
Hopefully
@Hacker0x01
will soon reduce the VDPs program, for beginners VDP is very good but in reality many VDPs are used to boast points and this is very strange, they do that without being paid!
3
1
23
Alhamdulillah this is my trick to avoid self-duplicate when finding bugs with the same impact but on different urls/endpoints
#hackerone
#bugbountytips
0
2
23
alhamdulillah my first critical report, hits linkedin :)
tips? always test the approve button on the admin side
#bugbounty
#bugbountytips
#hackerone
3
2
20
1
0
12
@696e746c6f6c
@Hacker0x01
found IDOR in a unique way, the endpoints and sources were very different, instead of paying for dozens of my IDOR reports they paid for 1 and duplicated it all with the explanation that this was a "known issue" :) hmm
3
0
12
@_public_void
@Hacker0x01
yep you are right, from a small recon I found in several requests that the type=0 response corresponded to the highest user access and when I found this vulnerable request I tried changing it from type=1 to type=0 and yap it worked
2
1
12
3
0
9
@yossygirsang
@worksfess
True, kalau bener bener big company udh terstruktur dan gak terkait sama 1 orang doang
0
1
10
@neozupernova
@SammiSoh
Lah malah ustadz khalid paling anti sama ghulluw habib habiban gini, persiapkan di hari kiamat ketemu beliau untuk pertanggung jawabkan foto itu.
0
0
8
@Rhynorater
Wow good story, btw get 50 valid reports about IDOR and logic flaw, any suggestions? Does it continue to deepen or does it add other vulnerabilities? i've been in for almost a year (november 2022 i'm playing on h1)
1
0
7
@kingcoolvikas
@Hacker0x01
I once read a write-up whose case involved disclosing information via email
2
0
7
@Annisamuch_
@ayatsucii
@BosPurwa
Maaf hadist nya tidak kuat semua, sudah sering dibahas permasalahan ini
1
0
6
@shakti_sec
@Bugcrowd
@Hacker0x01
Yes, you have to maximize performance but don't forget to lower expectations
0
0
5
@badcrack3r
Want something even more surprising? in Indonesia, people get a certificate from NASA's VDP and then they are invited to television and they are given the label "professional HACKER" to this person, now that person is opening a course because he is famous from a certificate. Hmmm
4
0
5
@confievil
@Hacker0x01
That's right, requests don't appear in general, you have to do A B C before the request appears + when it appears you have to change the type to 0. The point is, read lots of writeups.
0
1
6
@Arif3114y
@SammiSoh
Dari video aja keliatan ngelesnya, orang keliatan dari gimick gerakan dan perkataan dia, apalagi pas baca bahasa arab nya malah amburadul
1
1
4
@Rafilsafat
@bosmaryam
Bilang aja mas males belajar agama, itu video dipotong2 saya sudah lihat penuhnya di youtube, nabi muhammad adalah manusia paling berilmu maka fatal anda mengatakan semakin dalam ilmu agama semakin aneh
0
0
4
@Biliyan7
@ArchTheodore
@rynzifary
@sosmedkeras
Kaum LGBT lebih sadis, bagusnya lemparin dari atas gunung aja biar ga jadi penyakit kek di amerika sekarang, makin jadi aja kaum nabi luth
3
0
2
@spaceboy2O
@Hacker0x01
still there but they are getting worse now, lastly reporting PII email,address,phone any user and they set confidentiality to low, i mean what this is? this is too much hahaha
2
0
4
@hastapurnomo
@Notarealgorilla
@KemenperinRI
Nggak juga sih, mereka itu tegas bukan keras.. saya dulu ngiranya begitu kok orangnya diem pendingin semua ternyata mereka lebih memilih diam daripda banyak bicara, sekali bicara no ghibah dan bermanfaat. Alhamdulillah sering dengerin pengajian dari ustadz salafi hati tenang
0
1
4
1
0
3
@Fabrikat0r
Thats same endpoints, Even though the method is different,but thats the same root cause
0
0
3
@errorrsec
@being__aman
I don't think so, they pay big according to the severity but sometimes you will meet staff who are not thorough with cvss calculations but that's rare
1
0
2
@Bo7sain72
alhamdulillah, have to use unique methods for example I like changing parameters or trying to change the response from false to true which will then make the UI change and lead to hidden features.
The point is to think outside the box
0
0
3
0
0
3
@NoobHunter0x01
@alien2exe
I read a lot of Idor & Logic Error Writeups, especially here and . Just learn enough, practice more on live targets
0
3
3
0
0
3
@daffainfo
@_JohnHammond
@M_alphaaa
@kkevsterrr
@RagnarSecurity
@HuskyHacksMK
@matl4c
@nightwolf780
@Soups71
@BuildHackSecure
@NahamSec
MasyaAllah ini beda level sih, GG bang
1
0
2
@MR_Prey3r
@Hacker0x01
seeing the responses to several requests and inspiration from the writeups I read
0
0
3
@thebinarybot
every 30 minutes away from the desk, do something else. or when you are very bored, get out of your house and go for a walk or pray
0
0
3
0
0
2
@GrabID
@ovo_id
@benihbaik
Alhamdulillah uninstall meskipun suka banget pakai GRAB. Bismillah mengurangi dan boikot terhadap pendukung zionis
0
0
2
@scriptalert999
@0xfxiii
I prefer to test all existing functionality first, after everything is finished then do a recon, for example looking for another subdomain (if the target uses wildcards).
1
0
2
@im4x7
I've been like that too, read the code and how the app works and then add something to the body parameter and it generates idor.
1
0
2
@SirBagoza
‘’Sending the vuln parameter in other endpoints’’ can you explain this? I don’t get it
1
0
2
@amihewman
@anvie
Bener bang tapi windows untuk server dibandingan linux untuk server kita udah jelas tau mana yang lebih aman apalagi kebanyakan virus ya targetnya nya untuk windows :)
1
0
2
@x0verloadx
@_nnxxrr_
@ssherlock_1
@w_n1rmala
Branding dia udh kuat bang, ada kata kata gitu langsung inget siapa wkwkw
0
0
2
@7odamoo
I once found a bypass bug up to 5 times, when the first report was resolved I reported the second bypass, if the second was resolved that day I reported the bypass. So far they have been fair to me
0
0
1