Sh O Aib
@Sh_O_A1bEthical Hacker | Security Researcher | Bugcrowd |Hackerone | Stock Investor | Crypto/NFTs Geek | Entrepreneur | MBBS | 🇦🇪🇵🇰
Similar User
@siratsami71
@saurabhsanmane2
@Debian_Hunter
@walidhossain010
@MrSharmax_
@spencer_5cent
@sushantdhopat
@dewcode91
@PD_5ive
@JerryShah33
@itsz4x
@AbhishekKarle3
@K0ngS3ng
@sa1tama0
@gkhck_
I earned $1250 at @Bugcrowd Tip: Log into account -> URL requested by web app-> site.com/sso/session/sy… -> xxx cookie set-> modify xxx-> sess. cookie set to xxx -> sent to victim-> Victim cookie is set by attacker-> Victim auth cookie-> Attacker logs in using cookie #bugbountytip
Add the file `wp-config.php.txt` to your wordlist, and you might discover some juicy data. Enjoy! 😏 #bugbountytips #bugbountytip #cybersecurity #ethicalhacking
Extracting Credentials From Windows Logs : practicalsecurityanalytics.com/extracting-cre…
Tip:- Do wayback on root domain then get endpoints and add it to your list and fuzz on subdomains or other roots.. $ ~ waybackurls root.com |cut -d "/" -f 4-|sort -u > endpoints.txt #bugbountytips #bugbountytip #bugbounty #hackerone #bugcrowd #h1
Google Dorks - Code Leaks 💧 site:pastebin. com "example. com" site:jsfiddle. net "example. com" site:codebeautify. org "example. com" site:codepen. io "example. com"
Subdomain Takeover Detection with Subfinder & Nuclei -new wordpress takeover detection for nuclei template subfinder -d target -o target && nuclei -t wp-xyz-takeover[.]yaml -l target #bugbountytips #bugbounty github.com/schooldropout1…
!['s tweet image. Subdomain Takeover Detection with Subfinder & Nuclei
-new wordpress takeover detection for nuclei template
subfinder -d target -o target && nuclei -t wp-xyz-takeover[.]yaml -l target
#bugbountytips #bugbounty
github.com/schooldropout1…](https://pbs.twimg.com/media/GYcOopObMAAMMzY.jpg)
!['s tweet image. Subdomain Takeover Detection with Subfinder & Nuclei
-new wordpress takeover detection for nuclei template
subfinder -d target -o target && nuclei -t wp-xyz-takeover[.]yaml -l target
#bugbountytips #bugbounty
github.com/schooldropout1…](https://pbs.twimg.com/media/GYcOopAacAAKFCY.jpg)
!['s tweet image. Subdomain Takeover Detection with Subfinder & Nuclei
-new wordpress takeover detection for nuclei template
subfinder -d target -o target && nuclei -t wp-xyz-takeover[.]yaml -l target
#bugbountytips #bugbounty
github.com/schooldropout1…](https://pbs.twimg.com/media/GYcOoo-bcAEzz1Z.jpg)
!['s tweet image. Subdomain Takeover Detection with Subfinder & Nuclei
-new wordpress takeover detection for nuclei template
subfinder -d target -o target && nuclei -t wp-xyz-takeover[.]yaml -l target
#bugbountytips #bugbounty
github.com/schooldropout1…](https://pbs.twimg.com/media/GYcOopAaUAAhDW1.jpg)
Nuclei Template : REFLECTION Potential XSS, SSRF, Cache Poisoning, Open URL Redirection & OAUTH Redirection nuclei -t reflection[.]yaml -u target Credit: @gudetama_bf #BugBounty #bugbountytips
![RootMoksha's tweet image. Nuclei Template : REFLECTION
Potential XSS, SSRF, Cache Poisoning, Open URL Redirection & OAUTH Redirection
nuclei -t reflection[.]yaml -u target
Credit: @gudetama_bf
#BugBounty #bugbountytips](https://pbs.twimg.com/media/GYes6CNaUAA-CtK.jpg)
![RootMoksha's tweet image. Nuclei Template : REFLECTION
Potential XSS, SSRF, Cache Poisoning, Open URL Redirection & OAUTH Redirection
nuclei -t reflection[.]yaml -u target
Credit: @gudetama_bf
#BugBounty #bugbountytips](https://pbs.twimg.com/media/GYes6F9a0AEOzwX.jpg)
![RootMoksha's tweet image. Nuclei Template : REFLECTION
Potential XSS, SSRF, Cache Poisoning, Open URL Redirection & OAUTH Redirection
nuclei -t reflection[.]yaml -u target
Credit: @gudetama_bf
#BugBounty #bugbountytips](https://pbs.twimg.com/media/GYes6EhbcAAnKCE.jpg)
Tip:- Add to your wordlist: auth/jwt/register auth-demo/register/classic auth-demo/register/modern My First P1🥳 #bugbountytips #bugbountytip #bugbounty #hackerone #bugcrowd #h1
A curated list wordlists for bruteforcing and fuzzing - by gmelodie github.com/gmelodie/aweso…
Gotta say man I like the payload, Hope you dont mind I add it to my Github Xss payloads area github.com/shadowByte1/xss
If you're into generating subdomains quickly 🚀 check out this website: husseinphp.github.io/subdomain/ #bugbountytips #bugbountytip #BugBounty
Super Blind SQL Injection- $20000 bounty | Thousands of targets still vulnerable by priyanshu shakya Payload: User-Agent: "XOR(if(now()=sysdate(),sleep(5),0))XOR" #bugbountytips #bugbounty #sqli medium.com/@pranshux0x/su…
What is everyone using for blind XSS these days?
In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found. Here is our writeup: ian.sh/tsa
1-Subdomainer(contain sudfinder,amass whois mode,amass passive mode,crt/.sh,GitHub,gobuster,knockpy,) 2-chaos(Archived Data) 3-frogy(wayback,bbot,subfinder,findomain,crt.sh) 4-assetfinder (certspotter,hackertarget,threatcrowd,wayback ,bufferover,facebook)
United States Trends
- 1. Good Sunday 57,5 B posts
- 2. Xmas Drop 1.320 posts
- 3. Colby 31,2 B posts
- 4. Buckley 19,8 B posts
- 5. #UFCTampa 60,3 B posts
- 6. Heisman 166 B posts
- 7. Jeanty 76,2 B posts
- 8. Donk 6.868 posts
- 9. Travis Hunter 134 B posts
- 10. Munguia 9.717 posts
- 11. Canelo 3.100 posts
- 12. Cub Swanson 6.650 posts
- 13. Vindman 10,2 B posts
- 14. Deion 16,1 B posts
- 15. hanbin 36,8 B posts
- 16. Kemi 74,6 B posts
- 17. Shirley Temple N/A
- 18. Chris Rock 4.259 posts
- 19. #GCWHigh 1.372 posts
- 20. #UFCFightNight 1.437 posts
Who to follow
-
Sirat Sami (analyz3r)
@siratsami71 -
$@urabh $!ddh@®am $@nmane
@saurabhsanmane2 -
~Ankit Tiwari
@Debian_Hunter -
Walid Hossain
@walidhossain010 -
Gopesh Sharma
@MrSharmax_ -
Jon Nichols
@spencer_5cent -
sushant dhopat
@sushantdhopat -
Dewcode
@dewcode91 -
StarKrish
@PD_5ive -
Jerry
@JerryShah33 -
zax
@itsz4x -
Abhishek Karle
@AbhishekKarle3 -
Deepak Sharma
@K0ngS3ng -
TariKul IsLam
@sa1tama0 -
0x496
@gkhck_
Something went wrong.
Something went wrong.