I have been inactive due to the recent super typhoon. Now that our electricity has been restored, I would appreciate it if you could update me on what you have learned this week :D

TF, while browsing i noticed i am top 10 in one of adult website BBP program 😂

When you know almost everything about an application then you know where to find vulnerabilities, what to check, where to look for missing checks :D

Suggest them to implement a useful feature that can help upgrade your severity level 😂

They just using GPT wrapper lol

I wonder how many AI startups will fail without integrating OpenAI or other giants? Almost all of them ? Lol

This one special, this vulnerability was there for many months/years, until i changed my approach and tested the app in depth lol

Yay, I was awarded a $2,000 bounty on @Hacker0x01! https://t.co/IwcOKQIrdA #TogetherWeHitHarder

When you know something shady is going on but you can't find some impact to report 🤣

i am not verified, not the guy i want to message but messaging is premium feature now? wtf

U need to pay to message someone here? F you

What's the weirdest/strangest vulnerability you've discovered so far

if u cannot DM for some reason, comment here I will try to DM you thanks

whose report is this #2380261? DM me.

such as if you have CRLF injection , you can inject your own expired session cookies into victim browser and when victim visits website to login, the cookies you set become active. ATO by UI

this was because once you logout and login again the old cookie was used in request and server sets that old cookie as our new session cookie. Hence a logged out/expired cookie becomes active again. It can be achieved by other means methods ... check below 👇

.. even check the report i stated its not a vulnerability but he was sure it was vulnerability lol. After a long back and forth convo i provided him video POC and he finally closed and changed username😂

Funny thing i was invited to collaborate on a report in 2024. I didn't even know the guy but i accepted to see what he really found since i was Hunting on H1 at that time. This guy was making some bet and changed his username afterwards Before the triager could even ...

Hey @grok , based on your analysis of the last 365 days, list in sequence 10 accounts that frequently visit my profile. Do not mention the person, only @.username and the rate of visits to the profile per month

Getting $XXX to promote some shit online lol . Not worth it