Bug Bounty – Telegram
Bug Bounty
@Bug0x
5.5K subscribers
14 photos
134 links
@HackerOne
Admin : @Offensive
Download Telegram
About
Blog
Apps
Platform
Join
Bug Bounty
5.5K subscribers
Bug Bounty
medium.com/geekculture/bug-bounty-methodology-v4-0-demonstrate
5.48K viewsAmir Kiani
Bug Bounty
Remote code execution in cdnjs of Cloudflare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
blog.ryotak.net
Remote code execution in cdnjs of Cloudflare
Preface
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
5.57K viewsAdeL
Bug Bounty
https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md
GitHub
awesome-burp-extensions/README.md at master · snoopysecurity/awesome-burp-extensions
A curated list of amazingly awesome Burp Extensions - snoopysecurity/awesome-burp-extensions
5.55K viewsAmir Kiani
Bug Bounty
https://ahmadaabdulla.medium.com/how-i-found-sql-injection-on-8x8-cengage-comodo-automattic-20-company-c296d1a09f63
Medium
How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company
How I Found Sql Injection on 8x8 , Cengage ,Comodo ,Automattic ,intel ,IBM ,MTN Group ,uis.cam.ac.uk ,volvocars.biz ,asus.com
5.6K viewsAmir Kiani
Bug Bounty
CVE-2021-22945:
UAF and double-free in MQTT sending

 https://hackerone.com/reports/1269242
HackerOne
curl disclosed on HackerOne: CVE-2021-22945: UAF and double-free in...
# Vulnerability Denoscription
libcurl version 7.77.0 has a [Use-After-Free](https://github.com/curl/curl/blob/curl-7_77_0/lib/mqtt.c#L559) and a...
5.32K viewsAdel
Bug Bounty
https://pwnsauc3.medium.com/weaponizing-reflected-xss-to-account-takeover-ae8aeea7aca3
Medium
Weaponizing Reflected XSS to Account Takeover
Hi fellow hunters, this is my first writeup for the community in which i will explain how i found a reflected cross site noscripting bug and…
6.58K viewsAdel
Bug Bounty
https://youtu.be/pbRk8sCvcsg
YouTube
Analyze, Reverse and Exploit CVE-2021-40444
In this video, we dive into Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444).
[English subnoscripts added]
#cve202140444 #debugging #reversing #exploit #analyze #0day #CVE 202140444
Related Links:
https://github.com/aydianosec/CVE2021-40444…
7.63K viewsAmir Kiani
Bug Bounty
Privilege Escalation vulnerability in steam's Remote Play feature leads to arbitrary kernel-mode driver installation

 https://hackerone.com/reports/852091
HackerOne
Valve disclosed on HackerOne: Privilege Escalation vulnerability in...
_Tested on Windows 10 x64_

* On Steam starting, it will check all installed files' Integrity, and re-download the modified file(s). This step makes every single file in Steam installation folder...
8.88K viewsAdel
Bug Bounty
https://jakearchibald.com/2021/cors/
Jakearchibald
How to win at CORS
The 'how' and 'why' of CORS, from start to finish.
8.81K viewsAmir Kiani
Bug Bounty
Bug Bounty pinned Deleted message
Bug Bounty
https://hackerone.com/reports/1443211
HackerOne
Mattermost disclosed on HackerOne: Bypass Email Verification in...
Hi team hope you doing well :)
i found a vulnerability [ OTP Bypass ] on [ https://portal.test.cloud.mattermost.com ] .
Summery :
I was able to use the otp that was sent to victim email and i...
7.1K viewsAmir Kiani
Bug Bounty
https://allinfosecnews.com/
foo🦍
foo🦍 ~/all coding
The career platform for coders, builders, hackers and makers.
6.91K viewsAmir Kiani
Bug Bounty
https://blog.yeswehack.com/yeswerhackers/getting-started-smart-contract-bug-bounty/
YesWeHack
YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends
Explore bug bounty insights on the YesWeHack Blog. Stay updated with vulnerability disclosure trends, hacker stories, and tips to excel in bug bounty programs.
7.59K viewsAmir Kiani
Bug Bounty
https://github.com/shabarkin/CodeAllTheThings
GitHub
GitHub - shabarkin/CodeAllTheThings: A list of threat sinks used in the manual security source code review for application security
A list of threat sinks used in the manual security source code review for application security - shabarkin/CodeAllTheThings
7.42K viewsAmir Kiani
Bug Bounty
https://medium.com/@ittipatjitrada_72022/how-i-found-ssrf-external-interaction-on-bugcrowd-public-program-in-5-min-9f51adca3f3e
Medium
How I found SSRF external interaction on Bugcrowd Public program in 5 min
Tools
- https://subdomainfinder.c99.nl/
- burp suite
- burp Collaborator 
- assetfinder : https://github.com/tomnomnom/assetfinder
- httpx…
9.06K viewsAmir Kiani
Bug Bounty
https://hackerone.com/reports/1555582
HackerOne
U.S. Dept Of Defense disclosed on HackerOne: RXSS on █████████
I found RXSS on https:// ███████/ ██████

## Impact

Perform any action within the application that the user can perform.
View any information that the user is able to view.
Modify any information...
10K viewsAmir Kiani
Bug Bounty
https://ahmdhalabi.medium.com/pii-disclosure-of-apple-users-10k-d1e3d29bae36
Medium
PII Disclosure of Apple Users ($10k)
How I hacked Apple and was able to Disclose Apple Users Private Shipping Information and Mobile Numbers.
13.4K viewsAmir Kiani
Bug Bounty
https://0xdarkvortex.dev/shuriken-android-kernel-on-steroids/
0xdarkvortex.dev
Shuriken – Android Kernel on Steroids
Dark Vortex provides various cybersecurity trainings, products and other services.
9.12K viewsAmir Kiani
Bug Bounty
9.09K viewsAmir Kiani
Bug Bounty
11K viewsAmir Kiani
Bug Bounty
https://twitter.com/safe_mode01/status/1603284212047552515?s=21
X (formerly Twitter)
Reza Sharifzade (@safe_mode01) on X
I found a vulnerability on @LinkedIn and reported it in @Hacker0x01!
I could hijack any otp code and send same otp to any phone number! But @Hacker0x01 triage team set Informative for this vulnerability and they did not pay attention from my comment!
#bugbountytips…
10.6K viewsAmir Kiani