xelcezeri's profile picture.

Samet Yiğit

@xelcezeri

내가 좋아할 만한 콘텐츠
Samet Yiğit 님이 재게시함

Today i found a RCE in a bug bounty platform 1. found a bypass admin role with cve confluence 2. access and upload a plugin ( webshell) 3. turn on plugin in server and can run any system command HOPY THEY FAIR #BugBounty

ngosytuanbug's tweet image. Today i found a RCE in a bug bounty platform
1. found a bypass admin role with cve confluence
2. access and upload a plugin ( webshell)
3. turn on plugin in server and can run any system command
HOPY THEY FAIR
#BugBounty

Samet Yiğit 님이 재게시함

The new writup is here: Account Takeover via Insecure Email Change — Critical Vulnerability medium.com/@3bddagg3/acco… #bugbountytips #bugbounty #hackerone


Samet Yiğit 님이 재게시함

Through a simple path manipulation in the hostName parameter, I was able to escalate the issue into a One-Click Account Takeover medium.com/@Zeno_H2r/expl…


Samet Yiğit 님이 재게시함

Tip: When testing, try injecting a null byte (\u0000) into unexpected parameters. You never know how the backend will handle it — sometimes a small injection can completely break features like the invitation system. #BugBounty #bugbountytips #Hacking #Cybersecurity

SalhiMahdi72759's tweet image. Tip:
When testing, try injecting a null byte (\u0000) into unexpected parameters. You never know how the backend will handle it — sometimes a small injection can completely break features like the invitation system.
#BugBounty #bugbountytips #Hacking #Cybersecurity

Samet Yiğit 님이 재게시함

اللهم بارك بس انا عندي استفسار واتمنى ميتفهمش غلط ليه لما بشوف سيناريوهات زي دي بشوفها ساهلة ومع ان اغلب الحاجات دي بطبقها وانا بهانت بس عمرها ما جات لان استحالة حاجة زي دي تكون متسابة ودا بيخليني احس ان الناس دي البروجرامز بتاعتها غير بتاعتنا حرفيا بحسهم حاجة زي لابات بورتسويجر


Samet Yiğit 님이 재게시함

hardcoded credentials in javascript file xxxxxxx/static/js/main.xxxxx.chunk.js 🗣️ dp #bugbounty #bugbountytips #bugbountytip

adrielsec's tweet image. hardcoded credentials in javascript file xxxxxxx/static/js/main.xxxxx.chunk.js 🗣️ dp

#bugbounty #bugbountytips #bugbountytip

Samet Yiğit 님이 재게시함

How I Found a Critical Password Reset Bug in the BB program(and Got $4,000) s41n1k.medium.com/how-i-found-a-… #bugbounty


Samet Yiğit 님이 재게시함

$500 for Punycode email spoofing bug. Used comilav “m” to bypass email uniqueness check: >Register with [email protected] > Use same name as legit user > Invite real user to fake team Real user joins attacker’s team - gets locked out of real one #bugbountytips #BugBounty

jatav_ravi's tweet image. $500 for Punycode email spoofing bug. 
Used comilav “m” to bypass email uniqueness check: 

 >Register with comilav831@lhory.com > Use same name as legit user > Invite real user to fake team Real user joins attacker’s team - gets locked out of real one
#bugbountytips #BugBounty

Samet Yiğit 님이 재게시함

#CryptoSecurity 🚨 - A massive supply chain attack on the NPM registry has compromised popular packages with over 2 billion weekly downloads, aiming to steal cryptocurrency from users. dailydarkweb.net/major-npm-supp…

DailyDarkWeb's tweet image. #CryptoSecurity 🚨 - A massive supply chain attack on the NPM registry has compromised popular packages with over 2 billion weekly downloads, aiming to steal cryptocurrency from users. dailydarkweb.net/major-npm-supp…

Samet Yiğit 님이 재게시함

🔍Discover More Exposed LLM Servers with ZoomEye ZoomEye Dork👉app="Ollama" || app="vLLM UI" || app="LLaMA Board" || app="LLaMA Factory" || app="Chat LangChain" || app="AnythingLLM" || app="Chat LangChain" ZoomEye Link: zoomeye.ai/searchResult?q…

zoomeye_team's tweet image. 🔍Discover More Exposed LLM Servers with ZoomEye

ZoomEye Dork👉app="Ollama" || app="vLLM UI" || app="LLaMA Board" || app="LLaMA Factory" || app="Chat LangChain" || app="AnythingLLM" || app="Chat LangChain"

ZoomEye Link: zoomeye.ai/searchResult?q…

Exposed LLM server queries for @shodanhq port:11434 "Ollama" port:8000 "vLLM" port:8000 "llama.cpp" port:8080 "llama.cpp" port:1234 "LM Studio" port:4891 "GPT4All" port:8000 "LangChain" blogs.cisco.com/security/detec…



Samet Yiğit 님이 재게시함

Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi

viehgroup's tweet image. Cloudflare 403 bypass to time-based blind SQLi:
PL: (select(0)from(select(sleep(10)))v) → 403
but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi  
#BugBounty #SQLi
viehgroup's tweet image. Cloudflare 403 bypass to time-based blind SQLi:
PL: (select(0)from(select(sleep(10)))v) → 403
but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi  
#BugBounty #SQLi

Samet Yiğit 님이 재게시함

Alhamdulillah I got 3 RXSS duplicates on a public Bugcrowd program. Write-up: zuksh.medium.com/how-i-discover… #BugBounty #RXSS #XSS #InfoSec #Bugcrowd

zeyad_ashraf_'s tweet image. Alhamdulillah

I got 3 RXSS duplicates on a public Bugcrowd program.

Write-up: zuksh.medium.com/how-i-discover…

#BugBounty #RXSS #XSS #InfoSec #Bugcrowd

Samet Yiğit 님이 재게시함

1. Register an account using [email protected] 2. Navigate to change email 3. Change it to [email protected] 4. Boom 💥 become the administrator and infrastructure takeover Rewarded $$$$$ #fuckbountytips


Samet Yiğit 님이 재게시함

New Video Out 🔥 “AWS S3 Bucket Hacking Explained (Bug Bounty Hunters Must Watch)” youtu.be/_UlHLjIQeJM?si…

medusa_0xf's tweet image. New Video Out 🔥 

“AWS S3 Bucket Hacking Explained (Bug Bounty Hunters Must Watch)”

youtu.be/_UlHLjIQeJM?si…

United States 트렌드

내가 좋아할 만한 콘텐츠

Loading...

Something went wrong.


Something went wrong.