App was behind akamai: I tried duplicate parameter, One loaded with junk of 64kb and other with payload and finally time based sqli🙂. #bugbounty #bugbountytips #Bugbounty #Bugbountytips

How a Simple Comment Box Almost Cost a Fintech Giant $15,000 medium.com/@21bec131/how-a-s… #bugbounty #bugbountytips #bugbountytip

Admin Dashboard Accessible Without Authentication medium.com/@GR1M/admin-dashb… #bugbounty #bugbountytips #bugbountytip

You asked for it — we built it. 🚀 Pingback.sh now supports correlated injections (Pro users). Save the original HTTP request before inserting your payload. If it fires hours or days later, the callback links directly back to the exact injection attempt. Track: • Label • Bug type • Target URL • Injection point • Request method • Responsible HTTP request No more guessing which payload triggered the callback. #BugBounty #BugBountytips #BlindXSS #SSRF #CyberSecurity #Infosec

What do you guys think about this? #bugbounty #bugbountytips

Easy P1 😀 #bugbountytips #bugbounty Endpoint /elmah /ELMAH or you can use the below Template to find out the issue github.com/projectdiscovery/…

#Bugbountytip #bugbountytips Install JS Miner extension over Burp After crawling all endpoints Click on the target ==> Extensions > Js Miner > Run All Passive scans I got a result [Js Miner] Dependency Confusion The package is unclaimed over NPM Next step Create an account on NPM Then install the NPM in Linux ~ npm login ~ mkdir (Package Name) ~ cd package name ~ npm init -y ~ npm publish --access public And I claimed the package Next Step: I edit the package.json file to the RCE POC github.com/orwagodfather/NPM… And in the end, I got a nice P1 😍 This amazing man @m359ah , taught me 6 months ago about understanding and exploiting the Dependency Confusion, so big thanks to him ♥ #bugbounty Happy Hunting ♥

New Struts2 Remote Code Execution Exploit Caught in the Wild medium.com/wallarm/new-strut… #bugbounty #bugbountytips #bugbountytip

Business Logic Vulnerability Leading to the Owner's Inability to Manage Tags medium.com/@hgr00x/business-… #bugbounty #bugbountytips #bugbountytip

(ES) - Guía Fundamental Sobre Information Disclosure medium.com/@jpablo13/gu�%A… #bugbounty #bugbountytips #bugbountytip

A solid directory of 1,000 security tools, neatly categorized from open-source utilities to enterprise solutions. - Perfect for mapping out your testing stack. Check out: hackersonlineclub.com/hocsec… #Cybersecurity #BugBountyTips #AppSec #Infosec

Lets see #bugbounty #bugbountytips #hackerone