You might like
How I reverse-engineered an Android app, bypassed custom encryption layer, achieved server-side RCE, and earned a $5000 bounty. read the full story here (TLDR; but worth reading) blog.voorivex.team/from-an-androi…
public program on BugCrowd, tip: in OAuth, check every "login with" seprately. Google, Apple, etc. each might have different implementaion and flaw, btw I'm going to write a blog post for 0-click, the scenario was interesting, happy hacking
Another one on Google VRP. this one is an old-buggy-pettern storing data as an object in State parameter and processing it in OAuth callback. I couldn't manipulate final url using attacker/domain or attacker@domain, but with attacker\u002fdomain. I expect 20k or 13k for this ;]
![YShahinzadeh's tweet image. Another one on Google VRP. this one is an old-buggy-pettern storing data as an object in State parameter and processing it in OAuth callback. I couldn't manipulate final url using attacker/domain or attacker@domain, but with attacker\u002fdomain. I expect 20k or 13k for this ;]](https://pbs.twimg.com/media/G6ISjlTWIAA1_5u.jpg)
why are most SPA web apps vulnerable to DOM XSS? I've found MANY bugs in Oauth when custom implementation gets involved, many ATO and DOM XSS. never overlook custom OAuth setups, like what? storing DATA in state parameter, happy hunting :]
![YShahinzadeh's tweet image. why are most SPA web apps vulnerable to DOM XSS? I've found MANY bugs in Oauth when custom implementation gets involved, many ATO and DOM XSS. never overlook custom OAuth setups, like what? storing DATA in state parameter, happy hunting :]](https://pbs.twimg.com/media/G4rr61XXUAANIXf.jpg)
This one was easy: searched JS files → revealing endpoints → JSON HTTP request → exposed PII. Tip: account for lazy-loading. many hunters miss endpoints. Method: click to trigger lazy-loaded JS, then search again for endpoints. Happy hunting :]
![YShahinzadeh's tweet image. This one was easy: searched JS files → revealing endpoints → JSON HTTP request → exposed PII. Tip: account for lazy-loading. many hunters miss endpoints. Method: click to trigger lazy-loaded JS, then search again for endpoints. Happy hunting :]](https://pbs.twimg.com/media/G4SM64xXQAAhU47.png)
I haven’t fully returned to BB since my H1 acc was suddenly closed, but this week I tried to start working again. I spent some time on BC and found an XSS and an IDOR, the XSS was easy with a simple payload :]
![YShahinzadeh's tweet image. I haven’t fully returned to BB since my H1 acc was suddenly closed, but this week I tried to start working again. I spent some time on BC and found an XSS and an IDOR, the XSS was easy with a simple payload :]](https://pbs.twimg.com/media/G4Hu2cNXsAAG0Er.jpg)
If a CSPT bug can't be exploited on the same origin, you can pivot it to another one. Cloudflare Image Transform can act as a cross‑origin gadget to reach more sensitive endpoints on different origins - you can read more about it here ;) blog.voorivex.team/cloudflare-ima…
20 days ago I found a uXSS and reported, it got triaged now, I'll publish a blog post after fix and vendor permission, it's my first bug that I'm not happy with due to recent H1 situation 🖤
Due to the repeated screw-ups and zero transparency around bans by @Hacker0x01, I’ve chosen to leave with dignity. My account is now fully deactivated and to be removed. If you need my services, I’m still available at @Bugcrowd @intigriti @immunefi @HackenProof @StandoffBB
I’ve been hunting on H1 for almost 3 years, ranked #18 in 2025, have always tried to contribute positively to the hacker community. I’ve earned around $500k in bounties and was on the road to $1M. Yet I don’t even have HSM, and I feel I haven’t been recognized as I should 1/4
Really disappointed to see @Hacker0x01 do this. I also had a similar interaction with h1 about a month ago where they questioned my nationality and place of residence after 10+ on the platform.
@Hacker0x01 is now banning people without explanation or providing how the terms and conditions were violated. While other platforms are advancing, H1 revolutionary new vision is to track hackers on social media, make assumptions and ban them without a real proof.
Bit late but this is a nice challenge, worth trying if you haven't already :D Otherwise, my solution is below, it's a really fun technique that makes me re-evaluate all the .source checks I've seen before...
I love engaging with programs being professional and communicating in a well-mannered way, especially when assessing severity, worked on a private program recently and reported 3 High bugs that earned +12k, the bugs were found reading JavaScript codes
poking around with @AmirMSafari on a public program, no WAF bypass, no special payload 3x Dom XSS: javascript:alert(origin) CSPT + parameter pollution: critical CSRF HTMLi: leaking URL equipped with token Tip: read JS files curiously, do not rush for bug, enjoy the process :]
![YShahinzadeh's tweet image. poking around with @AmirMSafari on a public program, no WAF bypass, no special payload
3x Dom XSS: javascript:alert(origin)
CSPT + parameter pollution: critical CSRF
HTMLi: leaking URL equipped with token
Tip: read JS files curiously, do not rush for bug, enjoy the process :]](https://pbs.twimg.com/media/GzMgP_8W8AAttHk.png)
United States Trends
- 1. Luka 63.1K posts
- 2. Happy Thanksgiving Eve N/A
- 3. Clippers 18.3K posts
- 4. Lakers 49.4K posts
- 5. Good Wednesday 18.7K posts
- 6. #DWTS 96K posts
- 7. #LakeShow 3,545 posts
- 8. Jaxson Hayes 2,511 posts
- 9. Kris Dunn 2,725 posts
- 10. Collar 45.2K posts
- 11. Robert 137K posts
- 12. Kawhi 6,349 posts
- 13. Reaves 12.7K posts
- 14. Jordan 113K posts
- 15. Ty Lue 1,631 posts
- 16. Alix 15.1K posts
- 17. TOP CALL 14.3K posts
- 18. Colorado State 2,493 posts
- 19. Elaine 46.2K posts
- 20. Zubac 2,293 posts
You might like
-
mohammed eldeeb
@malcolmx0x -
Amirabbas Ataei
@ImAyrix -
Sadra
@MrMSA16 -
Mohammad Nikouei
@NikoueiMohammad -
Lu3ky13 ⚡️⚡️
@lu3ky13 -
یاشو
@voorivex -
AmirMohammad Safari
@AmirMSafari -
A.fahimi
@af4himi -
Abbas Heybati
@abbas_heybati -
MorningStar
@0xMstar -
Sep
@bubanisepehr -
LIL NIX
@thelilnix -
Patrik Fehrenbach
@ITSecurityguard -
Vegeta
@_justYnot -
Arman
@m7arm4n_
Something went wrong.
Something went wrong.