Imran Huda(Ahhad)
@imranHudaA
Followers
5,477
Following
743
Media
232
Statuses
2,776
Explore trending content on Musk Viewer
Sánchez
• 1836473 Tweets
Fenerbahçe
• 368208 Tweets
Flamengo
• 250632 Tweets
Gabigol
• 105101 Tweets
Atlético
• 94386 Tweets
Garnacho
• 85719 Tweets
Saints
• 66598 Tweets
Giants
• 65105 Tweets
Bell
• 57526 Tweets
Saquon
• 52834 Tweets
Lions
• 50028 Tweets
Branch
• 49350 Tweets
Cowboys
• 46699 Tweets
Jerry
• 38965 Tweets
Panthers
• 33431 Tweets
Hulk
• 31567 Tweets
#GHDBT9
• 29978 Tweets
Alianza
• 25675 Tweets
Packers
• 25534 Tweets
GABRIEL BARBOSA
• 24640 Tweets
Raiders
• 24374 Tweets
Arrascaeta
• 23590 Tweets
Dolphins
• 23163 Tweets
Titans
• 22434 Tweets
Falcons
• 21238 Tweets
Drake Maye
• 21078 Tweets
NASCAR
• 19070 Tweets
Wesley
• 17644 Tweets
Derek Carr
• 17392 Tweets
#FlyEaglesFly
• 14593 Tweets
Daniel Jones
• 11063 Tweets
Tyler Bass
• 10056 Tweets
Last night I found an IDOR while looking at wayback urls of epicgames target. So here how I have found it.
I used waybackurls and grep to find public api endpoints
$ echo target. com | waybackurls | grep "/api/"
This listed all the public api endpoints.......
15
106
434
Interesting account takeover of the day.
The site was hosting their on amazonaws
While resetting my password I have noticed that the host was getting passed in json body
12
79
296
We are running a promotion for our private program at
@Hacker0x01
New bounty range:
Critical $3000 (1.5x)
High $1125 (1.5x)
Medium $500 (2x)
Low $200 (2x)
Feel free to ping
@iambouali
or me for an invite.
Cheers.
270
13
286
Yay, I was awarded a $4400 bounty on
@Hacker0x01
!
$3350 on epicgames for idor
2 Android issues and 2 idors
#TogetherWeHitHarder
22
18
220
Yay, I was awarded a $5,600 bounty on
@Hacker0x01
!
My highest paid bounty on a single bug $4,450
#TogetherWeHitHarder
23
9
222
Completed 10k+ bounties in January. Its hard to push myself doing a full time job.
Thanks to
@Hacker0x01
and
@Bugcrowd
🙏🏻
43
3
221
Admin adds a user. User receives the invite. Clicks on accept invite and captures the request. Sends to turbo intruder. After the attack is completed admin cannot removed then user. Found this type of issue several times.
10
40
176
Yay, I was awarded a $3,800 bounty on
@Hacker0x01
!
Back on epicgames.
#TogetherWeHitHarder
14
6
161
Yay, I was awarded a $1,500 bounty on
@Hacker0x01
!
- Bypassing idor protection to add admin to the organisation = $1000
- exposing user product unauthenticated idor = $500
#TogetherWeHitHarder
3
10
156
In February, I submitted 39 vulnerabilities to 4 programs on
@Hacker0x01
.
My target was 10k but couldn’t complete.
Earned 7k this month. By far 2022 is going great Alhamdulillah.
#TogetherWeHitHarder
11
3
155
Thanks
@epicgames
Also thanks to
@Hacker0x01
for this opportunity.
Top researcher of
@EpicGames
last quarter.
4
2
155
Yay, I and
@SZ_Mahmud_7
was awarded a $11,625 bounty on
@Hacker0x01
!
Several issues.
We have been collabing for almost a month. Still some issues are pending.
#TogetherWeHitHarder
20
7
146
Yay, I was awarded a $1,000 bounty on
@Hacker0x01
!
Zero user interaction account takeover.
#TogetherWeHitHarder
11
6
152
Yay, I was awarded a $1950 bounty on
@Hacker0x01
!
1android issue =$1000
Idor =$500
Idor= $250
Idor=$200
#TogetherWeHitHarder
12
6
137
Completed 20k+ in bounties this year already. Although my target was less than 20k in whole year. Thanks to
@Hacker0x01
@Bugcrowd
@inspectiv
and some external programs. Hope to learn more from community.
18
5
132
Yay, I and
@XSaadAhmedX
was awarded a $7,000 bounty on
@Hacker0x01
!
Collab on
@EpicGames
#TogetherWeHitHarder
13
4
135
Yay, I was awarded a $2,500 bounty on
@Hacker0x01
!
IDOR on epicgames product
#TogetherWeHitHarder
10
5
133
Here is a story of an account takeover and fix bypass.
The basic open redirect
Which will leak the google clientId,credential,CSRF token to
And I could generate Authorization token and full account takeover.
Resulted in $$$$
5
30
135
Yay, I was awarded a $1,300 bounty on
@Hacker0x01
!
Bounty was adjusted on a previous report
$500+$500+$300
All three bugs was idor
#TogetherWeHitHarder
6
3
127
Yay, I was awarded a $1,875 bounty on
@Hacker0x01
!
Zero click account takeover (total $3000 for this one)
#TogetherWeHitHarder
9
8
122
Yay, I was awarded a $2250 bounty on
@Hacker0x01
!
1000+500+500+250
3idors, 2fa bypass
#TogetherWeHitHarder
7
2
124
Submitted 16 reports last night on
@Hacker0x01
program.Three already triaged and one paid. I call this a good morning.
11
2
122
Yay, I was awarded a $2,000 bounty on
@Hacker0x01
!
Bug: Deeplink allows to bypass security code in android app
#TogetherWeHitHarder
11
8
119
Yay, I was awarded a $2,400 bounty on
@Hacker0x01
!
Several access control and one account takeover.
#TogetherWeHitHarder
11
4
117
Yay, I was awarded a $1,200 bounty on
@Hacker0x01
!
idor on Epicgames product
#TogetherWeHitHarder
8
2
120
If it gets triaged i'm so lucky.
Dork : "ValidAccessToken"
4
9
119
Hackerone brand ambassador club(Dhaka) meetup. Thanks
@Hacker0x01
and
@remonsec
for making it possible.
5
2
116
Logged into one of my old program organisation and this pop upped automatically and reported this sweet stored xss. This didn’t popped when I was testing lol😂
9
0
116
Found simple email verification bypass. Email cannot be changed after signup
{"avatar":null,"firstName":"Test","lastName":"Test"}
modified to
{"avatar":null,"firstName":"Test","lastName":"Test","email":"victim
@gmail
.com"}
email changed to victim email and no verification needed
5
37
113
Yay, I was awarded a $1,400 bounty on
@Hacker0x01
!
Account takeover $1000
Api misconfiguration $400
#TogetherWeHitHarder
11
2
110
Yay, I was awarded a $1,000 bounty on
@Hacker0x01
!
IDOR with $100bonus
#TogetherWeHitHarder
10
2
105
Yay, I was awarded a $2,000 bounty on
@Hacker0x01
!
First bounty of the year finally.
#TogetherWeHitHarder
11
2
103
Yay, I was awarded a $600 bounty on
@Hacker0x01
!
Bug: Exposing users email
#TogetherWeHitHarder
10
5
100
Never thought I would find this when hundreds of hackers smashed the target already. Waiting for dup with happy face :/
8
1
100
Yay, I was awarded a $1,000 bounty on
@Hacker0x01
!
Privilege escalation on Epicgames product
#TogetherWeHitHarder
11
1
99
I was awarded a 1000$ bounty for my two submissions.
Bug: IDOR
9
6
95
Yay, I was awarded a $900 bounty on
@Hacker0x01
!
Tip: Report and forget for 3months😂
#TogetherWeHitHarder
1
0
99
Yay, I was awarded a $625 bounty on
@Hacker0x01
!
Was an issue in 3rd party and the company didn't care and paid without any hassle.
#TogetherWeHitHarder
7
1
100
Yay, I was awarded a $1,000 bounty on
@Hacker0x01
!
Android issue on
@EpicGames
product
#TogetherWeHitHarder
4
2
96
Submitted 20+ reports in last 24hours.When I navigate to submit another one I feel like "why am I even doing this" lol.
9
0
89
In January, I submitted 58 vulnerabilities to 5 programs on
@Hacker0x01
.
#TogetherWeHitHarder
9
1
88
Yay, I was awarded a $1,000 bounty on
@Hacker0x01
!
Two stored xss and two premium feature access
#TogetherWeHitHarder
8
3
92
Shoutout to
@inspectiv
for such an amazing platform they are managing. Bounties on triage and fast responses from the support team.
More issues on the way.
#SecureTheInternet
5
8
91
Was awarded a $1000 bounty on
@inspectiv
Found another fav program to carry hunting .
#SecureTheInternet
4
2
81
Yay, I was awarded a $1,500 bounty on
@Hacker0x01
! For finding two issues on
@epicgames
#TogetherWeHitHarder
7
1
82
Was awarded a $1100 bounty on
@inspectiv
Found some good bugs there and waiting for others to get paid.
#SecureTheInternet
7
6
82
Yay, I was awarded a $1,000 bounty on
@Hacker0x01
!
Full subscription bypass was able to add 12k worth credit to account that will be used for paying the subscription. User can be added and there is a monthly charge for that. Four users subscription for a year is 12k USD. what would be the severity
7
3
22
10
4
79
Was awarded a bounty on
@inspectiv
If you have time I would highly recommend checking
@inspectiv
platform.
#SecureTheInternet
10
4
75
Found a interesting account takeover via GET method where I can change any users email and own the organization. Didn’t imagined will find this on a payment site.
8
1
69
This year has been great compared to 2021
Completed 100k+ across different platform.
Completed 93k from
@Hacker0x01
. My target was 100k but because of numerous problem couldn’t focus few months.
15% of my bounties came from
@inspectiv
. Great platform to focus on.
8
5
76
This gives more joy when I see the restest amount is more then the default one.
Am I the only one who feels happy for this?
4
0
78