If you found a GitLab instance, try to login as root/admin with those credentials
Username: root & pass: 5iveL!fe
Username: admin & Pass: 5iveL!fe
You can find it with shodan :
org:"Target" http.title:"GitLab"
#bugbountytip
#BugBounty
#infosec
Finally I got hacking hackers badge with a critical vulnerability :) and hackerone will share more details about it to people as soon as possible
#BugBounty
#infosec
I found a Cross-site scripting (XSS) and bypassed the WAF (akamai) on one of the TikTok ads endpoint and could lead it to takeover any account on TikTok ads
#BugBounty
#bugbountytips
If you came across SSTI in a go application, it is worth trying the following payload
{{define "T1"}}<script>alert(1)</script>{{end}} {{template "T1"}}
to achieve XSS and bypass HTML sanitization.
#bugbounty
#bugbountytips
#infosec
really it's not fun for me, some
@Hacker0x01
trigger team don't care about reports without understand the report quickly close it as N/A or dups, i had 4 reports it
was closed as dups and i talked with them to closer look at these reports and they was mistake it was not dups.
I am happy, I am invited to participate in h1-702!
@Hacker0x01
live hacking event but due visa problems i will participate virtually
#BugBounty
#infosec
@sk1dd13
Been saying this for a while now dude. It's the most true statement ever. Some people think that bug bounties look great on a resume, but the truth is, recruiters don't give a flying shit about them. They don't consider it experience.
Not my personal opinion. Just straight facts
In 2023, it was a fantastic year! I managed to find a one-click account takeover with the ability to bypass 2FA on Snapchat, and I found a critical vuln on HackerOne. In total, I submitted 65 reports through my part-time bug bounty efforts, earning a significant amount of $$$$
3 months ago reported >> need more info >> self close >> today triaged as critical 😄
Bug type: sensitive information exposed
#BugBounty
#bugbountytips
#hackerone
I am pleased to announce that I am the new ambassador of Iraq at
@Hacker0x01
. For all fellow hackers from Iraq, if you would like to join our team, please DM me.
The best bug bounty program is
@amazon
when i was found a high bug on there service and i asked them to increase the bounty and they said when we updated the bounty table we will pay you double and they did it 😊
#BugBounty
#bugbountytips
CSRF bypass TIP - If a protection based origin check and null origin allowed try send the request via data protocol it will send null origin
Example:
data:text/html;base64,…..
#bugbountytips
#bugsbunny
#infosec
🏜️ We're live at
#GISEC2024
in Dubai, UAE!
Join PT SWARM for a master class on soldering your smart 🥤 opener or enjoy our ATM hacking contest! 📠
Catch us until April 25 at 5 PM! 🇦🇪
As the most trusted and secure crypto platform, we regularly monitor our systems and actively manage our product to provide the best user experience. In the course of a recent routine review of our systems, we identified some accounts that no longer meet our updated standards.
@Shajjad10853937
Thank you, I think if TikTok haram and other social media apps haram too because all have bad and good content and it depends on the person what they are sharing there are lots of useful accounts using TikTok for good and sharing the Quran and useful content, and for bad too