Similar User
@malcolmx0x
@ImAyrix
@MrMSA16
@NikoueiMohammad
@lu3ky13
@voorivex
@AmirMSafari
@af4himi
@abbas_heybati
@0xMstar
@thelilnix
@ITSecurityguard
@_justYnot
@m7arm4n_
@H_Mosafer
I just published Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear Text #BugBounty #bugbountytips link.medium.com/EL8SzwamN7
we are using @hashnode for our team blog (blog.voorivex.team). I submitted several reports, which they triaged however we are still discussing about the amount of bounty, but they have added my name to the Hall of Fame. thanks hashnode.com/hall-of-fame
A few months ago, @YShahinzadeh and I were working on a famous company and managed to chain some flaws + CSP bypass, which resulted in an account takeover and a $3500 bounty. You can read the full article here. blog.voorivex.team/a-weird-csp-by…
since my last tweet about OAuth was welcomed, I decided to expand on my methodology in a blog post, do not skip OAuth authentication, even when testing public and well-known companies in bug bounty programs. I hope you find it useful blog.voorivex.team/drilling-the-r…
In OAuth, always look for custom implementations. In this case, there were two redirects. One was stored in the redirect_uri, which was completely safe (handled by Google). 2nd redirect was stored in the state parameter (JSON object), making it vulnerable to 1-click ATO :)
just reported a DOM based XSS on a famous public program (payment section), can you spot the vulnerability? can you write an exploit code for it?
Hunting in an empty house while the maintenance crews are working, we’re both getting things done 😎
got 26k in Q3 (I'm not a full time hunter). Still my favorites vulns are ATOs related to oAtuh, SSO and etc + DOM XSS. gonna publish some blog posts soon
Recently, two of my bugs (totally 15 vulns, critical, high, medium, etc) got CVE number, CVE-2024-29849, CVE-2024-42024 (on Veeam product). I'm thinking of writing a blog post about my methodology in near future
Great tip! But how does removing email from the scope lead to account takeover? Let’s look at how OAuth works. After you verify your identity with the OAuth provider and return to the app with a token, the app asks the OAuth provider to validate the token and return user info \1
According to @itscachemoney, this sometimes leads to account takeover vulnerabilities. 🤯#BugBountyTip #HackWithIntigriti
After a long time, I decided to disclose a DNS Rebinding vulnerability (including CloudFlare’s automated Python code) that I found a few months ago. I hope you find it useful: blog.voorivex.team/account-takeov…
I saw this bug bounty tip recently, but have you thought about how it happens in an app? For implementing authentication mechanism, there are methods like tokens, sessions, and more. Imagine we have an app that uses JWT. This app relies on a secret key to sign the JWT tokens \1
#bugbountytips #bugbounty How I was able to find multiple critical vulnerabilities to get Full Account Takeover with the help of PlayStore and AppStore region settings.
This month, I managed to earn around $18.5k bounty from a public program on @Hacker0x01 after a year full of effort. One year ago, I earned $16.3k from a single report on a public program by creating a custom Nuclei template (merged in official repo). #BugBounty #bugbountytips
I've designed a web challenge based on a real-world vulnerability. the stack is NextJS and you should dig the web application, so drop tools and start hunting :) r.voorivex.academy
United States Trends
- 1. Mike 1,84 Mn posts
- 2. #Arcane 167 B posts
- 3. Serrano 243 B posts
- 4. Jayce 28 B posts
- 5. Canelo 17,2 B posts
- 6. Vander 7.853 posts
- 7. MADDIE 13,3 B posts
- 8. #NetflixFight 74,7 B posts
- 9. Father Time 10,8 B posts
- 10. Logan 80,1 B posts
- 11. #netflixcrash 16,7 B posts
- 12. He's 58 28,4 B posts
- 13. Boxing 309 B posts
- 14. ROBBED 101 B posts
- 15. Rosie Perez 15,2 B posts
- 16. Shaq 16,6 B posts
- 17. #buffering 11,2 B posts
- 18. Tori Kelly 5.408 posts
- 19. Roy Jones 7.316 posts
- 20. Muhammad Ali 20,1 B posts
Who to follow
-
mohammed eldeeb
@malcolmx0x -
Amirabbas Ataei
@ImAyrix -
Sadra
@MrMSA16 -
Mohammad Nikouei
@NikoueiMohammad -
Lu3ky13 ⚡️⚡️
@lu3ky13 -
یاشو
@voorivex -
AmirMohammad Safari
@AmirMSafari -
A.fahimi
@af4himi -
Abbas Heybati
@abbas_heybati -
MorningStar
@0xMstar -
LIL NIX
@thelilnix -
Patrik Fehrenbach
@ITSecurityguard -
Vegeta
@_justYnot -
Arman
@m7arm4n_ -
Esmaeil Rahimian
@H_Mosafer
Something went wrong.
Something went wrong.