@bug_vs_me profile picture
Deepak bug_vs_me @bug_vs_me

security researcher | Bug Bounty hunter

Joined March 2020
  • Tweets 5,576
  • Following 714
  • Followers 13,693
423 Photos and videos
Pinned Tweet
Deepak bug_vs_me@bug_vs_me
16 May 2025
medium.com/@bug_vs_me/how-to…

How to escalate a SQL injection if there is a strict WAF?

So while testing a website with my buddy https://x.com/akincibor1, we found an API endpoint like:

medium.com
7
34
206
24,002
fixed just clear all memory, switch to opus4.7, and use smart prompt input.
Deepak bug_vs_me@bug_vs_me
Jun 6
Any solution for this i have cyber use case enable, i have tried fresh session, clear all memory logout login still same, any solution? #bugbounty
10
1,304
Deepak bug_vs_me retweeted
Deepak bug_vs_me@bug_vs_me
Jun 6
Any solution for this i have cyber use case enable, i have tried fresh session, clear all memory logout login still same, any solution? #bugbounty
4
1
23
5,400
🥲 khn se lau experience
7
88
7,303
any bug bounty hunter have Akamai ?id=</script> ( close script tag payload bypass Dm me i have 6 xss we can do 50/50
4
1
58
5,389
Replying to @RBI
@RBI @PSBIndOfficial As oer new guidelines all banks need to use .bank.in domain but as old domains still index into Google search and bank should hold old domains and redirect user to new domain, but @PSBIndOfficial released there domain and it is takeover scammer,
2
11
2,245
punjabandsindbank.co.in/ >>> redirect to random website, is this what banks manage security i hold a account in this bank and i am worried now, even same website is at m.rbi.org.in/Scripts/Complai…
1
627
In collaboration with @coco_melon95043 $7,500 on Github, DOM - XSS.
7
2
379
10,758
Just came home from hospital with random approx 0.4 millisievert radiation exposed. 🫠
2
7
1,199
Yay, I was awarded a $$$ bounty on @Hacker0x01! hackerone.com/bug_vs_me #TogetherWeHitHarder Just AI integration with my XSS scanner, Good results, still many things needs to upgrade

HackerOne profile - bug_vs_me

🧑‍💻 -

hackerone.com
2
1
104
2,598
What should i test on this 🤔
0:04
4
1,039
What about $20 anyone interested 🤔
Deepak bug_vs_me@bug_vs_me
Apr 18
Thinking to sell a cources where i will teach, How and where to test xss without WAF triggering, XSS automation, WAF Bypass technique in depth, xss types, CSP bypass , XSS to ATO chain and many moree for $200 there will be live session and recorded videos, and notes and scripts.
30
72
6,626
Thinking to sell a cources where i will teach, How and where to test xss without WAF triggering, XSS automation, WAF Bypass technique in depth, xss types, CSP bypass , XSS to ATO chain and many moree for $200 there will be live session and recorded videos, and notes and scripts.
8
1
85
12,207
Nothing is Unhackable, change my mind
2
2
34
3,287
Cause of death :- Mythos
3
9
1,414
What's your experience with @Flipkart bug bounty program on HackerOne? I think they are just scammers
6
37
5,540
Anthropic
@AnthropicAI
Mar 6
We partnered with Mozilla to test Claude's ability to find security vulnerabilities in Firefox. Opus 4.6 found 22 vulnerabilities in just two weeks. Of these, 14 were high-severity, representing a fifth of all high-severity bugs Mozilla remediated in 2025.
1
11
1,794
Registration = ₹5 Post /register {"Id":"123"} > already registered {"Id":"123 "} > 200 Ok ₹5 Repeat 🔁 until you become millionaire Thanks me later
4
1
103
8,028
nicee
3
52
4,399
I spent 12 hours on an XSS and WAF bypass, and chained it to ATO for a $$$$ bounty 🙂. It was fun and I learned many new things. However, I noticed that I can’t leave work until I finish it. It’s kind of crazy that I worked straight for 12 hours. It was a vuejs ssti to xss
13
2
209
8,193
Is bug bounty going to be dead in the next 5 years?
32
2
118
17,245
Load more