RCE Bug On T-Mobile's Custom Header Vulnerable Header: X-Export-Format: pdf ; Payload Tip: Always test your payloads on custom headers, as the header may be vulnerable, as in this case #BugBounty #bugbountytips #redteam #cybersecurity #Developers #pentest

Vertical Privilege Escalation (Employee to Manager) Bypass via Header X-HTTP-Method-Override #BugBounty #bugbountytips #CyberSecurity #Security #developers #PenTesting #bypass #EthicalHacking #bug #code

An API misconfiguration at a major airline resulted in a critical PII leak, exposing sensitive employee data You can add " /api/v3.2/users/export/all " to your wordlist #BugBounty #bugbountytips #CyberSecurity #patlama #developer #PenTesting #Security

RCE Bug On T-Mobile's Custom Header Vulnerable Header: X-Export-Format: pdf ; Payload Tip: Always test your payloads on custom headers, as the header may be vulnerable, as in this case #BugBounty #bugbountytips #redteam #cybersecurity #Developers #pentest

Bypass the uploader and upload any file the attacker wants just by using the null byte %0d%0a Bypass technique used : shell.php%0d%0a.jpg Tip: Always test all null bytes #bugbountytips #bugbounty #CyberSecurity #Developers #RedTeaming #bug #Security

Bypass Admin Panel with SQL injection Use payload for bypass: ' OR '1'='1' -- #bugbountytips #BugBounty #RedTeaming #Developers #bugbountytip #CyberSecurity #Security #turkey #bug #tech #bypass #redteam #code #hack

Using a very simple technique of using base 85 encoding and XOR in the Endcode algorithm in my scripts, I was able to easily bypass antiviruses. In simple versions of this script, antiviruses would detect and prevent #RedTeaming #readteam #bugbountytips

Bypassing antiviruses using simple encoding technique algorithm in PowerShell and Python scripts, credential extraction script for browsers #redteam #RedTeaming #BlueTeam #bugbountytips #bugbounty #Security #dfir #CyberSecurity #forensic

Bypass file upload on xiaomi With this method .extentions./%00.png Example : .php.%00.png #bugbounty #bugbountytips #bug #CYBER

Two simple SQL injection bugs on Stanford and Kings University #bugbountytips #BugBounty #bugbountytip #bug #university #hunt #cybertech #cyber #develop #Security Use this payload: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z

Bypass file upload on xiaomi With this method .extentions./%00.png Example : .php.%00.png #bugbounty #bugbountytips #bug #CYBER

Access to wealthsimple backup file and payment of 2k bonus from the company #bug #bugbountytips #bugbountytip #security #h1 Tips: First, I make a wordlist based on the company name, and then using the ffuf tool, I tested