25 Invites today 🔥🤑🤖

#BugBounty #bugbountytips

CLI Tools for admin

#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosec urity #cyberattacks #security #oscp #cybersecurity awareness #bugbounty #bugbounty tips

XSS filter bypass using : 'JSFuck'

#BugBounty #bugbountytips #togetherwehitharder

If you are trying to access an endpoint and get 403
try this
/api/docs/index.html ==> 403 Forbidden
/api/Docs/index.html ==> 200 Ok

By:Zayed 🇵🇸

#BugBounty #bugbountytips

Sql Injection

Payload : -10'XOR(if(now()=sysdate(),sleep(20),0))XOR'Z

Credit:Lu3ky13 ⚡️⚡️

#bugbountytips #BugBounty

💡Some applications will only block basic XSS payloads containing tags <script>, <img> etc..

Use portswigger XSS cheatsheet
portswigger.net/web-security/c…

❌alert()
✅prompt(document.domain)

Double , triple encode as well
(HTML,URL,base64,etc...)

#BugBounty #bugbountytips

🚨Open Redirect Bypasses🚨

Join Telegram for More t.me/brutsecurity/3…

#bugbounty #bugbounty tips #ethicalhacking #cybersecurity

Bypass open redirection whitelisted using chinese dots: 👀🔓🔍

%E3%80%82

Tip: Keep eyes on SSO redirects 😉🔀

credit: elsec

#bugbounty #bugbounty tips

what a nice day, 500 reputation on hackerone and google swag arrived:)

#bugbounty #hackerone #googlevrp

Reached 500 Reputation on HackerOne 🥳🤩
#BugBounty

Google Dorking with ease.

Dorki.io - dorki.io

#bugbounty #ethicalhacking #recon #osint #hackforgood #infosec

WORDPRESS JUICLY ENDPOINTS :)
#bugbounty #bugbounty tips

Sql Injection

Payload : -10'XOR(if(now()=sysdate(),sleep(20),0))XOR'Z

#bugbountytips #BugBounty #SqlInjection

Common!!!!😭

.
.
.
.
#BugBounty #bugbountytip #pentest #CyberSecurity #bugcrowd #hackerone

First day on a new private program and a very interesting account takeover. This may be a duplicate, but let's hope and see the first reply!🙏

Read comments for a full bug description and how the takeover was made⤵️

#BugBounty #bugbountytips

Yay, I was awarded a $500 bounty on HackerOne! hackerone.com/divyansh2401 #TogetherWeHitHarder #bugbounty

Hey Hackers! 👋

Share & Bookmark these BugBounty Writeups!

Credit Links:

- writeups.io
- pentester.land/writeups
- infosecwriteups.com/tagged/bug-bou…
- github.com/fardeen-ahmed/…

#Hacking #infosec #Pentesting #redteam #bugbountytips #cybersecuritytips #BugBounty

Hey hey hey, hello kids, tun4hunt is back in business after 100 years 😂😂😂

Tip: An application that accepts an email address during registration might not accept it when updating the profile, be careful 👀

#bugbounty #bounty #pentest #redteam #bugbounty tips #vulnerabilities

Added a new 'Search' feature in iScan.today. Now you can search for any keyword in the already scanned docker layers.
Using this you can scan a docker hub account and then manually search for keywords instantly.

#buildinpublic #bugbounty #iScanToday

Attachment functionality has existed on HackerOne for years, But I still can not believe this IDOR bug has existed for years and no one found it before.

well done xklepxn
hackerone.com/reports/2442008
#BugBounty