Twitter Beğeni Hilesi

Told you 👀 Admin endpoint allow me to use PUT request without authentication. Which give me the right to edit/delete/add users also ATO 🎩

Leak of Onesignal Key from a JS file Allow me to Send Notifications to all users. And The notification can be injected with XSS/HTML > Mass Account Take Over..

Sensitive data leak from js file 🎩 I earned $2,500 for my submission on @bugcrowd bugcrowd.com/gotcha1g #ItTakesACrowd

⚡️Goodbye my friend, Dr Refaat Al-Ar’eer (Refaat in Gaza 🇵🇸), one of Gaza’s best academics. Refaat was murdered in an Israeli airstrike on his home. Every day I feared that I would have to type this tweet out, but here we are. Thank you for the few conversations that we had, may

Blind sql injection payload used > '%3bWAITFOR+DELAY+'00%3a00%3a5'-- Microsoft sql server

New Triaged report Sql Injection 😍 > Payload used time-based poc. ,%27%29%20AND%20%28SELECT%209683%20FROM%20%28SELECT%28SLEEP%285%29%29%29FKuq%29--%20wXyW MySQL

I didn’t hunt long time ago.. but here i got an sql in 15minutes 😇 was lucky i guess

First vulnerability discovered using my new laptop 🙃 P2 High severity - Idor lead to leak all customers data 🔥

Thanks to bugcrowd ! my life has totally changed 🔥

Thanks Tal_bugcrowd, You are the best 🫡 Bug type : Authentication Bypass - P1

My latest findings ☠️

best feeling is when you access something that you're not supposed to! that's why i love hacking 😍

Finding of the day 🥳 Idor/ Possibility +140k PII leak