exploit_msf's profile picture. Certifed : #Ecptxv2 #Oscp #Ecpptv2 #Ceh11 #Ejpt #ECES 
 #Metasploit_pro_specialist #Ewpt #Ceh_master
Snap & instagram : exploit.msf
CVE-2021-40303

Al-hassan abbas | الحسن عباس

@exploit_msf

Certifed : #Ecptxv2 #Oscp #Ecpptv2 #Ceh11 #Ejpt #ECES #Metasploit_pro_specialist #Ewpt #Ceh_master Snap & instagram : exploit.msf CVE-2021-40303

Just scored a reward 1875€ @intigriti #HackWithIntigriti #bugbountytips Tip: I played ctf this year and i found this vulnerability because i solve machine challenge with same bug If you found apache airflow use flask-unsign to found secret key and generate new jwt for admin

exploit_msf's tweet image. Just scored a reward 1875€ @intigriti #HackWithIntigriti #bugbountytips 
Tip: I played ctf this year and i found this vulnerability because i solve machine challenge with same bug 
If you found apache airflow use flask-unsign to found secret key and generate new jwt for admin

3 Simple rewards in last week Tips: 1- Django debug /anypath 2- CVE-2019-11248 /debug/pprof/ 3- Spring heapdump disclosure /heapdump

exploit_msf's tweet image. 3 Simple rewards in last week
Tips:
1- Django debug /anypath
2- CVE-2019-11248 /debug/pprof/
3- Spring heapdump disclosure /heapdump
exploit_msf's tweet image. 3 Simple rewards in last week
Tips:
1- Django debug /anypath
2- CVE-2019-11248 /debug/pprof/
3- Spring heapdump disclosure /heapdump
exploit_msf's tweet image. 3 Simple rewards in last week
Tips:
1- Django debug /anypath
2- CVE-2019-11248 /debug/pprof/
3- Spring heapdump disclosure /heapdump

Just got a reward for a vulnerability submitted on @yeswehack -- Information Disclosure (CWE-200). yeswehack.com/hunters/exploi… #YesWeRHackers #bugbountytips Tip: Read senesitive data for aem cloud in /.json

exploit_msf's tweet image. Just got a reward for a vulnerability submitted on @yeswehack -- Information Disclosure (CWE-200). yeswehack.com/hunters/exploi… #YesWeRHackers #bugbountytips
Tip: Read senesitive data for aem cloud in /.json

Yay, I was awarded a $250 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips Tip: Stored xss via cache in header (X-Forwarded-For)

exploit_msf's tweet image. Yay, I was awarded a $250 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips  
Tip: Stored xss via cache in header (X-Forwarded-For)

I earned $2,000 for my submission on @bugcrowd bugcrowd.com/alhasan_abbas #ItTakesACrowd Tip: ATO using strings tool to read tokens in /headpdump spring file (strings heapdump | grep -i bearer)

exploit_msf's tweet image. I earned $2,000 for my submission on @bugcrowd bugcrowd.com/alhasan_abbas #ItTakesACrowd 
Tip: ATO using strings tool to read tokens in /headpdump spring file (strings heapdump | grep -i bearer)

I was awarded a $500 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips Tip: Wordpress config /old/wp-config.php.bak

exploit_msf's tweet image. I was awarded a $500 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips
Tip: Wordpress config /old/wp-config.php.bak

I was awarded a $100 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytip php opcache information disclosure: /opcache/index.php

exploit_msf's tweet image. I was awarded a $100 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytip 
php opcache information disclosure: /opcache/index.php

I was awarded a $750 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips Tip: I found 0day in cloud app lead to read credential for wordpress database for any domain hosted on this cloud example.com/test/ >> 404 example.com/test/env.json >> 200

exploit_msf's tweet image. I was awarded a $750 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips
Tip: I found 0day in cloud app lead to read credential for wordpress database for any domain hosted on this cloud
example.com/test/ >> 404
example.com/test/env.json >> 200

I was awarded a $125 and bounty and $75 retest on HackerOne hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips Tip: Check php laravel bar in all paths

exploit_msf's tweet image. I was awarded a $125 and bounty and $75 retest on HackerOne hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips
Tip: Check php laravel bar in all paths
exploit_msf's tweet image. I was awarded a $125 and bounty and $75 retest on HackerOne hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips
Tip: Check php laravel bar in all paths

I was awarded a $50 bounty on @Hacker0x01 ! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips Tip: RXSS base64 (PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+)

exploit_msf's tweet image. I was awarded a $50 bounty on @Hacker0x01 ! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips  
Tip: RXSS base64 (PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+)

I was awarded a $300 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips Tip: Node development mode - sometimes you can find sensitive paths

exploit_msf's tweet image. I was awarded a $300 bounty on @Hacker0x01! hackerone.com/exploitmsf #TogetherWeHitHarder #bugbountytips 
Tip: Node development mode - sometimes you can find sensitive paths

Al-hassan abbas | الحسن عباس 已轉發

Today, the Iraq @Hacker0x01 Club came together for a live hacking session, targeting Epic Games & Zomato. Breaking in, diving deep, uncovering exploits, and sharing security insights—pushing the limits of ethical hacking! #BugBounty #EthicalHacking #H1Club


Loading...

Something went wrong.


Something went wrong.