l0da (Mohamed Walid)
@L0daW
Followers
598
Following
3K
Media
9
Statuses
270
very pleased to announce the release of my new article based on my research that led to CVE-2024-46982 titled: Next.js, cache, and chains: the stale elixir https://t.co/UFndJxNYLI note: does not cover the latest findings shared in my recent posts enjoy reading;
45
241
1K
الحمدلله دائما وابدا I've managed to hit my own goals and even way beyond them ❤️
Note: I only hack on BBP 2024 goals: - more collaborations ( only did 1 in 2023) - more bounties (can't tell a number) - read the books I bought - in December 2024 I should be getting ready for military service in Egypt 💀😭 اللهم إعفاء
6
0
26
I would suggest a feature would help in such cases When a reporter edits a percentage,this should send other collabs an email and add double confirmations @Hacker0x01 @jobertabma
This is really crazy for HTML injection $2500 Someone invited me for his report. I changed his report from low to medium. He gave me $13 and received $2,500 Then I guess he blocked me 🤣 #bugbounty #bugbountytips #hackerone #htmlinjection
0
0
8
Here is a write-up about SSRF bug I've found in a private engagement with @CyberARLLC's internship 🌟
🌟Exciting News from the @CyberARLLC Internship Program!🌟 🔍Topic: How an Automation Feature in a Cloud Service Led to Accessing EC2 Metadata? 👏Join us in congratulating @L0daW on this achievement! Writeup Link : https://t.co/WDX6ibG8dQ
#CyberAR #internship
2
1
18
The Worst Mediation Ever @Hacker0x01 , You help the Companies to steal our efforts and time cause they pay you 🤮🤮
8
3
48
Hi @jobertabma I have some concerns regarding HackerOne Triager team they are behaving so weird lately and even mediation takes 2-3 months for a reply Are you thinking to resolve these issues with @Hacker0x01 platform otherwise we must switch the Platform to a better one which
21
10
114
This literally sums up everything 👌
@fattselimi @jobertabma @Hacker0x01 bb sometimes it's good, sometimes it's a scam depends on programs, I started accepting the scamming recently. I dont ask for meditation, Its useless as you see. They dont listen and dont even help you. H1 will never lose a client paying thousands for a hunter asking for 500$
0
0
2
we got an ~RCE on M365 Copilot by sending an email by ~RCE I mean full remote control over its actions - search for sensitive content (sharepoint, email, calendar, teams), execute plugins and outputs - bypass DLP controls, manipulate references, social engineer its users on our
24
342
1K
Right now is my third try to at least know What's going on Which is ranting on twitter P.S: the report has a video POC and screenshots of everything ,any help?,
0
0
1
First I made a comment mentioning the analyst to recheck and ask the team if they applied a fix 2ND I tried mediation (never worked) been 17 days until now I even emailed an important person @ hackerone asked him about that issue , honestly he replied so fast,but nothing happened
1
0
1
I don't like bug bounty ranting on twitter but this case may happen to anyone. I submitted a report to a public bbp on h1 , h1_analyst closed it as informative, the program fixed the bug. Good for them but no reward for me? 😀 Will list below everything I tried so far #hackerone
3
0
4
I think that tweet was not clear enough, all I wanted is instead of visiting h1 support login there click on that tickets button and then check my ticket ,why cant I just see it in right side of the report ? @Hacker0x01
If a hacker requested mediation why can't hackers see it in the right, similar to how the program sees the meditation, it should include mediation state and I think there should be some transparency of what's going on ,recently mediation feature isn't working for me @jobertabma
0
0
2
If a hacker requested mediation why can't hackers see it in the right, similar to how the program sees the meditation, it should include mediation state and I think there should be some transparency of what's going on ,recently mediation feature isn't working for me @jobertabma
4
0
28
Still trying to find your first SSRF vulnerability? Or trying to escalate an existing one? 🧐 Here are a few advanced SSRF exploitation techniques! 🤑 A thread! 🧵👇
2
29
151
Check this out 🗣️🔥
Me and @L0daW were working on a private program on HackerOne, focusing on an AI chat application. Check out what we discovered: https://t.co/vnPxXmaISb
#bugbountytips
1
0
5
I had the pleasure of collaborating with @Hacker0x01 on an article discussing GraphQL attacks. You can find it here: https://t.co/m1QgnbkeCY
0
4
25
If you analyze JavaScript files using Burp Suite and use tools like GAP JS Miner, always replace `^If-None-Match.*$` with an empty string to load the files in Burp. Otherwise, on subsequent loads, you'll always get a 304 Not Modified response. #bugbountytips
7
80
456