Excited to share that I just received another $40,000 bounty for discovering the same issue: "Unauthorised Access to NGINX REST API (Read/Write Access)."
TestCase:
https://exampledotcom/path/..;/api/9/nginx
Reference:
#BugBounty
Yay, I was awarded a 2x $5000 bounty on
@Hacker0x01
!
VueJS Client-side template injection
Payload used - {{$el.ownerDocument.defaultView.alert(1)}}
#TogetherWeHitHarder
Yay, Today I was awarded with 7 x $4,000 + $500 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
About to cross $100k soon ...😉😉
Bugs - Sensitive Info Disclosure
Thanks Again to
@verizon
Found a slick little SSRF bypass using an HTTP redirect through "" and got unrestricted access to juicy internal cloud data!
#bugbountytips
#bugbountytip
This is my first writeup as well as my first finding using Knoxss tool. As a security researcher everyone knows Brute "The God of XSS". So, its already been seven days i was trying to find a bug in a program on...
One year back, On this day I have started doing BugBounty. A great thanks to all peoples who encouraged me.
Statistics of this year - Got huge no. of duplicates
Reports Submitted- 53
Reports Duplicate- 40
Reports Resolved- 10
Bounty Earned- $18500
Thanks
@Hacker0x01
@verizonmedia
I wrote an article to describe the issues I reported to the
@SetuAarogya
. I hope it will allow people to understand the situation and why it's an important issue. I hope you like it, all feedbacks are welcome!
And don't forget: Hack the planet! 🤘
What is Sn1per ? Sn1per comes in two different versions i.e Sn1per Professional & Community edition. Sn1per Community Edition is an automated scanner that can be used during a...
Just wrote a simple bash script which distributes processing tasks to other VPS machines. Tried probing on huge domains list. Working efficiently. You just need to modify few lines of code (adding machines & command)
#BugBounty
#bugbountytips
Is this sensitive information ? An endpoint was leaking this info.
According to
@Paytm
, It's not a sensitive information. Even they fix it after reporting.
Found & Reported Critical Bug to
@VodafoneGroup
@VodafoneIN
@Idea
last night. Got weird reply from their end. They don't care about their security & their customers data.
@Hacker0x01
@verizonmedia
@tumblr
Reported one month back when Tumblr was a part of VerizonMedia. Report got triaged. And now when tumblr is no longer a part of VerizonMedia, they are asking me to close the report as N/A.
@jobertabma
@NahamSec
Can you please clarify ?
The Yuki Chan is an Automated Penetration Testing tool this tool will auditing all standard security test method for you. WARNING I highly recommend using this tool by using Kali Linux OS By using...
Anonymity is one of the most important elements for the penetration tester. Tools can be used in order to hide the user’s identity from being exposed. VPN (Virtual Private Network),...
@Rhynorater
What can be done with application.wadl file ? I got an wadl endpoint but there is no sensitive info available there. Only methods , resource path, request response type available in the file. What can I do with this info ?