Akshay Sharma ๐ฎ๐ณ
@akshaysharma71
Followers
3K
Following
800
Media
597
Statuses
1K
Excited to share that I just received another $40,000 bounty for discovering the same issue: "Unauthorised Access to NGINX REST API (Read/Write Access).". TestCase:. https://exampledotcom/path/. ;/api/9/nginx. Reference:.#BugBounty.
16
37
435
๐ Proud to share my 2024 #HackerOne journey! 172 vulnerabilities reported, 3 critical findings, and a special focus on web security. From XSS to access control, every report counts in making the internet safer! #InfoSec #BugBounty
0
0
3
Yay, I was awarded a $20,000 bounty on @Hacker0x01.Bug:.Access to NGINX REST API Interface (Read Write Access) via Normalisation. #TogetherWeHitHarder #BugBounty.
13
6
305
Excited to share that I have assigned with 18 new CVEโs (Common Vulnerability and Exposure). Thanks to @AdobeSecurity ๐. #cve #security #cybersecurity #vulnerability
3
2
91
RT @KHIZER_JAVED47: Just Published "How I Manipulated My Rank on the Bugcrowd Platform" One of my favorites! Waited long for disclosure๐ฏ #โฆ.
0
63
0
Found a slick little SSRF bypass using an HTTP redirect through " and got unrestricted access to juicy internal cloud data!.#bugbountytips #bugbountytip
8
41
227
Just wrote a simple bash script which distributes processing tasks to other VPS machines. Tried probing on huge domains list. Working efficiently. You just need to modify few lines of code (adding machines & command) #BugBounty #bugbountytips .
0
2
10
Excited to share my first tool in Go for discovering AEM CMS websites! Huge thanks to @0ang3el for their awesome research and inspiration. #BugBounty
2
27
79
Reflected value check by extracting hidden params. curl -skL " | grep 'type="hidden"' | grep -Eo 'name="[^\"]+"' | cut -d'"' -f2 | xargs -I@ sh -c 'if curl -skL | grep -q "value=ijkl"; then echo "reflection found from @ param"; fi'.
10
103
283
Yay, I was awarded a 2x $5000 bounty on @Hacker0x01!. VueJS Client-side template injection.Payload used - {{$el.ownerDocument.defaultView.alert(1)}} #TogetherWeHitHarder.
9
49
312
Bought a new Car ๐.Specially & Grateful Thanks to @Hacker0x01 and Infosec community. ๐
45
16
736
Spyse. Excellent Search engine for recon. You can search data using ASN, org, domain, IP, cert, range etc. Check out. @SpyseHQ #Spyse #bugbountytips.
2
19
110
RT @Hacker0x01: Yesterday we kicked off the #h12006 leaderboard with our event partners at @PayPal and it was a fantastic first bounty day!โฆ.
0
13
0
RT @Pouyadarabi: Delete any image on Facebook. 2 May 2020, 09:10 โ Report Sent.2 May 2020, 10:39 โ Triaged.2 May 2020, 22:46 - Fixed.2 Junโฆ.
0
176
0
RT @win3zz: As I previously promised I would publish a writeup on how I managed to find the SSRF bug on the biggest social media website, Fโฆ.
0
654
0
These types of issues are considered as Informational. No Impact.
I wrote an article to describe the issues I reported to the @SetuAarogya. I hope it will allow people to understand the situation and why it's an important issue. I hope you like it, all feedbacks are welcome!. And don't forget: Hack the planet! ๐ค .
6
5
56