Finally today I achieved P1 Warrior Level 1, In Sha Allah soon I'll achieve P1 Warrior level 2 😍 Thanks @Bugcrowd #ItTakesACrowd #bugbounty bugcrowd.com/HammadAhmed Keep pushing yourself to achieve your goals and one day you will 🫡😎
37
10
241
Found another SQLi on @Bugcrowd 's private program #ItTakesACrowd #BugBounty #bugbountytips #bugbountytip Tip: Use this payload 0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z In the value of every parameter and check if response delays according to the provided time in payload
25
178
664
43,351
Reported my 3rd P1 on @Bugcrowd Thanks @RelentlessT7 for the fast Triage 😍 #ItTakesACrowd bugcrowd.com/HammadAhmed Tip: Used this payload /0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z/ in the URI Path. #BugBounty #bugbountytips #bugbountytip #infosec
22
89
341
Wow the fastest Triage on @Bugcrowd I have ever experienced. Triaged in 4 minutes 🫣😍 Tip: payload used in POST request parameter (SELECT*FROM(SELECT(SLEEP(10)))a) #bugbounty #bugbountytip #bugbountytips #SQL #infosec #bugcrowd #ItTakesACrowd
9
46
269
Started my journey in BugHunting from Nov 2021 and here is my 2022 report: -Earned $12600 in total -Submitted 130 reports -74 Duplicate -29 Rejected -27 Accepted #BugBounty #infosecurity @Bugcrowd #ItTakesACrowd
16
19
245
12,897
Another hit! Let's hope it gets accepted 🙌🏻 Bt the way Is it just me or everyone facing Slow Triage experience on @Bugcrowd from last week? #bugbounty #infosec #infosecurity #bugbountytip #bugbountytips Tip: site.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd
16
13
234
12,863
This week was very exciting for me. Reported my first P1, Thanks @Bugcrowd for an Amazing platform. #ItTakesACrowd #BugBounty #infosec #bugbountytips #bugbountytip
12
11
204
Happy Ramadan to everyone 🌙✨ and thanks @Bugcrowd for being such a great platform #bugbounty #bugbountytips #ItTakesACrowd #infosecurity Tip: If you find any SQL Injection in a target, send me the target I will give you more SQLs😂
15
11
207
13,494
Spent 8 hours straight on @bugcrowd to identify these 😮‍💨 let's see how it goes👀 #bugbountytips #bugbounty #ittakesacrowd #infosecurity Tip: always try to find places where you are able to store values and test them for Stored XSS
14
10
196
15,501
Al-Hamdulillah All Triaged got Accepted ☺️ Thanks @Bugcrowd for providing opportunities #Ittakesacrowd #bugcrowd #bugbounty #infosec
15
1
184
11,483
Al-Hamdulillah, my highest bounties of all time 🤩 Thanks @Bugcrowd for these great opportunities #Ittakesacrowd #bugbounty #infosec #informationsecurity 2x Critical 😉
9
3
197
7,934
Al-Hamdulillah reported 2 more SQLi on @Hacker0x01 #bugbounty #SQL #informationsecurity Tip: take some time to hunt on other platforms also 😉
17
5
180
17,105
Reported my 2nd SQLi on @Bugcrowd #ItTakesACrowd Hope its not dup it will be my first Accepted P1 on Bugcrowd 🫣 #BugBounty #bugbountytips Tip: You always not get error using a ' (single quote). See the thread below How I found and confirmed it
18
28
182
Al-Hamdulillah 😍 SQLi everywhere 😅 3 Triaged 1 Triaged -> Duplicate on @Bugcrowd #bugbounty #bugbountytip #bugbountytips Tip: Don't just fire the payloads blindly, try to understand the application where the request is interacting with the Database and then go for it !
13
11
181
13,886
Al Hamdulillah made some nice bounties before my exams so that I can focus on studies but new invitations are distracting me from studies😂 Thanks @Bugcrowd for providing good programs to hunt #bugbounty #ItTakesACrowd #infosec Bugcrowd always send good invitations on my exams 🥹
8
3
175
12,712
Eid Mubarak to everyone 🌛 First Exceptional report on @intigriti BBP program let's see how it goes 💪🏻 I don't hack for free #bycottVDP #BugBounty #infosec
13
7
177
9,968
After alot of duplicates I was awarded my first bounty of 2023 on @Bugcrowd #ItTakesACrowd #BugBounty
13
6
156
8,648
That's really amazing 👏🏻 Trim_Bugcrowd is Triaging submissions even on Sunday 🫣 #BugBounty @Bugcrowd #infosec #infosecurity
10
4
156
9,314
Al-Hamdulillah for everything❤️. Getting my hard work paid off! Thanks @Bugcrowd for the opportunities you provide! #ittakesacrowd #bugbountytip #bugbountytips #bugbounty #infosecurity Tip: Master 1 vulnerability type and keep learning more n more of it, +make notes of it too
11
4
165
8,748
When you are addicted to hacking 😅 Hunting during exams, found 3 RXSS on @Bugcrowd #ItTakesACrowd #BugBounty #bugbountytips #bugbountytip #infosec Tip: Didn't found anything to test on this subdomain from any source but found a juicy path using urlscan.io/search/#yourtarge…
3
22
155
13,833
Halfway done for August, not spending much time this month. Sometimes, you need to take care of your health too ✌️ Thanks @Bugcrowd #Ittakesacrowd #BugBounty #infosec #infosecurity
16
3
159
6,470
Does anyone know why getting empty 0 size files while downloading the .php files from a Directory Listing? when .php files have size on Directory Listing? #bugbountytips #bugbountytip #BugBounty
29
7
150
52,757
Everyone should hunt on different platforms also, I usually hunt on @Bugcrowd but sometimes I hack on @Hacker0x01 also when I am bored Reported 2 SQLis on Hackerone 1 Got Duplicated and other Got Triaged Al-Hamdulillah 🥰 #BugBounty #bugbountytip #infosec
8
2
137
15,968
Took me 13 min to bypass the fix and report the XSS again on @Bugcrowd #ItTakesACrowd #BugBounty #infosecurity Lets see how it goes 😅
6
138
7,181
In June I submitted 11 vulnerabilities to 4 Programs doing only little hacking on @Bugcrowd and earned some Good bounties $$$$ #bugbounty #ItTakesACrowd #infosec
12
3
129
8,331
First P1 of 2023 on @Bugcrowd #ItTakesACrowd bugcrowd.com/HammadAhmed #bugbounty #bugbountytips Tip: used ' (single quote) in POST request parameter and got this MySQL error after that gave it to github.com/r0oth3x49/ghauri by @r0oth3x49 and successfully fetched the Database
7
20
136
10,597
Just discovered a new CVE Severity: Medium Bug type: RXSS #BugBounty #bugbountytips #infosecurity Shoot me a DM for collab if anyone is interested Note: You should know how to find targets using specific service
6
2
132
8,248
Was unaware that P3 level XSS are OOS and got -1😂 Then escalated it to P2😉@Bugcrowd #bugbountytips #bugbounty #infosecurity #Ittakesacrowd Tip: Always upgrade your XSS to P2 atleast, Steal session cookie, Update password/email or other sensitive information. DM if you can't😂
4
6
120
7,320
This month I am trying to get on monthly Top 10 Leader Board on @Bugcrowd let's see how it goes 🙂 #bugbountytips #bugbountytip #Bugbounty #infosecurity see the (🧵) below for tip:
10
2
123
10,806
Yay I was awarded my first bounty on @Hacker0x01 #BugBounty #infosec It was a Stored XSS but they set the severity to Medium because it required 1 user interaction according to them. Even though it was triggering on Admin-role and it was possible to takeover Admin-role.🫤😂
14
3
121
8,309
The program is slow but it's worth hunting it ! I hope will be able to climb monthly leaderboard first time😂 on @Bugcrowd #bugbounty #infosecurity #ittakesacrowd
11
3
115
9,862
In the previous month, I worked a lot to get my name in the monthly leaderboard, and successfully, I secured the 5th rank, but that made me too much restless. Had decided to rest this month, but some programs are just love ❤️ #bugbounty #infosec #Ittakesacrowd @Bugcrowd
10
113
6,522
19 Reports pending on @Bugcrowd and Just found a Stored XSS with help of ChatGpt cuz I don't know about these languages very much like Python etc Tip: Use AI to get help in things you don't understand or don't know #bugbountytip #bugbountytips #bugbounty #infosec #infosecurity
5
1
108
6,054
Al-Hamdulillah hard work payed off! Secured 5th rank in P1/P2 and 9th rank in P1/P2/P3/P4 in April's Leaderboard on @Bugcrowd @codingo_ #Ittakesacrowd #bugbounty #bugbountytips Tip: "Don't be a Jack of everything and King of nothing." Master 1 vulnerability type atleast
13
111
6,086
Hi Bug bounty hunters! I am first time going to analyze the JS files to find security vulnerabilities e.g Finding endpoints/parameters/secret data/info leak anything. I have 0 experience in this. Can anyone share some tools/tips to do so? #bugbountytips #infosec #bugbounty
6
9
113
14,885
Missed so many opportunity because I checked the new scope very late and the program also didnot made any announcement😥 It will be a duplicate rain on XSS😂 But SQLi got Triaged🫰by #Tal_Bugcrowd within 15 min of submitting #bugbounty #infosec @Bugcrowd #ittakesacrowd
13
1
108
10,117
3 Triaged remaining 5 are yet to be Triaged😉 @Bugcrowd #BugBounty #infosecurity But not satisfied with severity it should be P1 as I'm able to takeover other researcher's account. Since Stored XSS doesn't require user interaction & ATO without user interaction is P1 @codingo_ ?
9
1
98
7,751
This type of feeling is different🤩 Thanks @Bugcrowd for every opportunity #ittakesacrowd Program Resumed 11:04 Reported 8 Stored XSS Program Closed again 11:09 Program Owner Be like: I should not have resumed it😅 #bugbounty #infosecurity #infosec
8
1
106
15,617
Resolved? No problem 😜 Bypassed both reports and Alhamdulillah Triaged @Bugcrowd #bugbounty #bugbountytips #ItTakesACrowd #infosecurity Tip: Use ` ` back quotes when () parantheses are blocked
6
8
98
6,535
Al-Hamdulillah, even having a very busy routines managed to secure some programs on @Bugcrowd #bugbounty #bugbountytips #infosec Tip: For stored xss, when you store input somewhere, do check page source of every page bcuz sometimes your payload executes on other paths
6
1
95
7,030
It's better to create mediation when you are not satisfied with the severity decision and also show the maximum impact of your bug ✌🏻 @Bugcrowd #bugbounty #informationsecurity #infosec
2
2
95
3,673
Al-Hamdulillah😍 The preparation of getting my name on April's Top 10 Leaderboard is going very well. Thanks @Bugcrowd for every opprtunity #Ittakesacrowd #BugBounty #infosecurity
7
85
4,904
Thanks @bxmbn for motivating me that I can find something juicy during my exams and I scored my highest bounty of all time on @Bugcrowd #ItTakesACrowd #BugBounty
11
1
91
7,778
Al-Hamdulillah, now I am Top 250 worldwide on @Bugcrowd #ItTakesACrowd #BugBounty #infosec #infosecurity Next goal to get in Top 200 😎
7
86
4,531
Yeeeet😬 Hope it get Accepted long time I have not submitted a P1 bug 😂 @Bugcrowd #bugbounty #infosec #infosecurity
3
2
89
4,662
My 3rd submission Rewarded on @intigriti #bugbounty #infosec
5
1
81
5,207
Al Hamdulillah , severities updated to High 💪🏻 @Bugcrowd #BugBounty #infosecurity #ItTakesACrowd
1
81
5,092
My frist accepted vulnerability on @intigriti Many more to come 😉 #bugbounty Hey @intigriti send me some good private programs haha 😆
7
1
80
6,087
My 2nd Accepted Submission on @intigriti More to come In Sha Allah ♥️🙌🏻 #bugbounty #infosecurity
12
2
81
4,411
Al-Hamdulillah I am Ranked 5th [ P1 , P2 ] & 6th [ P1 , P2 , P3 , P4 ] in July Leaderboard on @Bugcrowd #BugBounty #infosecurity #infosec
7
77
3,591
Another hit found another SQL injection and is now pending for program review on @Hacker0x01 #bugbounty #infosec
3
1
80
5,282
#2023goals #infosec #BugBounty My Goals for 2023 🎉 - Reach 1000 reputation points on @Bugcrowd (current points 331) - Reach P1 Warrior lvl 4 (current lvl 1) - Earn $50k bounties in Total (current $12k) - Buy a New House🏡 - Buy my Dream Bike😂
5
3
73
4,558
Al Hamdulillah secured the Top 10 monthly leaderboard in May also 🥳 Thanks @Bugcrowd for the opportunities #Ittakesacrowd #bugbounty #infosecurity
4
73
5,097
SQL Tip: parameter=value = 200 OK parameter=value' = SQL Exception Error Exploited further with #ghauri and fetched the database names
5
3
68
9,796
Back after a long break 😂 I earned $300 on @Bugcrowd #ItTakesACrowd #bugbounty #bugbountytip Tip: Always try to bypass resolved reports. also take a break it really worth.
3
70
When a program doesn't reward bounty for Low and Medium 😏 Just escalate your bug to High or Critical 😉 #BugBounty #infosecurity @intigriti
1
66
3,361
Satisfaction level 😮‍💨 time to take some break and rest Thanks @Bugcrowd for great opportunities #Ittakesacrowd #BugBounty #infosecurity #infosec
5
63
4,532
Good Bye @2023. It was a great year with alot of experiences ✨ 1. I don't hunt much but earned more than in bounties from 2022 💰💰💰 2. Learned alot from twitter 🧑🏻‍💻 3. Completed many of dreams with the help of Bug Bounty🙌🏻 4. Got Married✌🏻 #bugbounty #infosec #HappyNewYear2024
4
62
5,101
Failed to exploit them using SQL-Map then tried #Ghauri from @r0ot_h3x49 and by using simple commands, successfully fetched the Database😀
Everyone should hunt on different platforms also, I usually hunt on @Bugcrowd but sometimes I hack on @Hacker0x01 also when I am bored Reported 2 SQLis on Hackerone 1 Got Duplicated and other Got Triaged Al-Hamdulillah 🥰 #BugBounty #bugbountytip #infosec
13
61
5,328
I was awarded $500 for my submission on @Bugcrowd #BugBounty #ItTakesACrowd It was R-XSS
6
62
Some ASEs are headache😮‍💨 Even you write a detailed POC they will not able to reproduce🙂 #BugBounty #infosecurity
This type of feeling is different🤩 Thanks @Bugcrowd for every opportunity #ittakesacrowd Program Resumed 11:04 Reported 8 Stored XSS Program Closed again 11:09 Program Owner Be like: I should not have resumed it😅 #bugbounty #infosecurity #infosec
7
58
6,039
Thanks @Bugcrowd for this amazing swag "bugcrowd gaming mat" Looks Cool with my setup 🙌🏻🔥 #ItTakesACrowd #BugBounty
3
61
5,855
The beginning on @Hacker0x01 was very bad when I didn't had much experience in Bug Bounty and made my profile Signal (-1)😂 Time to start hunting on Hackerone also and building my profile😇 Wish me luck🥺 1 Triaged on BBP 1 Triaged on VDP #bugbounty #togetherwehitharder #infosec
3
1
57
3,660
Joining @Hacker0x01 was a good decision at least getting something better than nothing #TogetherWeHitHarder #bugbounty #infosec Why the severity is set to Low can anyone from hackerone explain? Target have Low in CVSS section so it means if I find critical it will be still low?
5
1
51
7,002
I was awarded $250 for my submission on @Bugcrowd #BugBounty #bugbountytips #ItTakesACrowd @x_shebi_x @XSaadAhmedX @osamaavvan Finally its accepted 😂🙌🏻
8
4
51
After 2 months of Triaged report I was awarded $$$ on @Bugcrowd #ItTakesACrowd #bugbounty Reward range was $100-$750 for P3 and they choosed to pay $100 😂, Submitted them 1 more XSS will have to wait 2 months again to get that $100 again 😂
4
2
49
3,557
🧵(1/1) Scenario I faced: First got 302 So I put ' and got 200 OK I confirmed like this No value --> 302 Response ' --> 200 OK '' --> 302 ''' --> 200 '''' --> 302 ''''' --> 200 Then I gave it to SQL Map to confirm
2
10
47
Now I have to wait 2 months again to get rich 😂💰 #ItTakesACrowd #BugBounty @M7arm4n #bugbountytips Tip: Don't waste your time in this BBP Hunt other programs instead! 🫤
2
1
47
3,259
Replying to @akita_zen @Bugcrowd
I usually put %20'"><details open ontoggle=alert(1)> but if I get any WAF I then try sending half of payload to check which is blocked and try bypassing it
2
3
44
1,459
When you report a bug and Company immediately disable the feature causing that issue. Thank God I had made the PoC just before the feature was disabled. @Bugcrowd #ItTakesACrowd #BugBounty #bugbountytips #bugbountytip See the (🧵) for tip.
3
3
41
3,700
When program validation time is this. I report and move on😂 #bugbounty #ItTakesACrowd
3
2
39
3,948
What the hell is going on @Hacker0x01 ? First report is Triaged then duplicate from a report made after me? Is it a joke? #BugBounty #infosec @bug_vs_me
11
40
7,041
In January I submitted 14 vulnerabilities to @Bugcrowd , 12 Vulnerabilities to @Hacker0x01 , 4 vulnerabilities to @intigriti and 1 vulnerability to @HackenProof #bugbounty #infosecurity
4
36
3,086
Note: [ I will upgrade to latest top variant of any brand, Apple , Dell , Lenovo , Hp etc ] Your suggestions would be appreciated @hakluke @badcrack3r @h4x0r_dz @OriginalSicksec @0x_rood @fattselimi @Masonhck3571 @codecancare #bugbounty #infosec #infosecurity
Hello guys, I want to upgrade my Laptop, what are your recommendations? Is there any benefits to move from Windows to Mac ? Rn I have Dell Inspiron 5515. My requirements: I want to do automation stuff Load heavy files Multi tasks Plus, that damn Burp that cosumes a lot of memory
17
32
7,488
Al Hamdulillah ♥️, First time qualified for a Bugcrowd MVP Program 🙌🏻 Thanks @Bugcrowd for an amazing platform #swag #MVP #ItTakesACrowd #infosec #bugbounty
1
1
31
2,336
Only way to overcome this issue is all bug hunters should unite to not hunt on VDPs , they will automatically turn their programs into BBP when they will need to pay platforms without getting submissions. I have seen VDPs turning to BBPs when they were not recieving submissions.
Agreed 👍 Bug bounty platforms @Hacker0x01 @Bugcrowd @intigriti …… should stop accepting VDP programs for companies that worth billions #bugbountytip #bugbounty #infose
3
33
2,408
Hello Hackers, Can anyone tell how can I extract all the scopes of all bug bounty + VDP programs ( Private and Public) that ai have in my account? @ajxchapman @GodfatherOrwa @h4x0r_dz @HusseiN98D @Masonhck3571 #bugbountytips #bugbounty
3
24
3,984
Share your tips. It will help every bug bounty hunter in the community who see this post🙌❤️ #bugbountytips #bugbountytip #infosecurity #infosec @h4x0r_dz @hakluke @garethheyes @GodfatherOrwa @OriginalSicksec @badcrack3r @bxmbn @zseano @codecancare @jayesh25
Hi Bug bounty hunters! I am first time going to analyze the JS files to find security vulnerabilities e.g Finding endpoints/parameters/secret data/info leak anything. I have 0 experience in this. Can anyone share some tools/tips to do so? #bugbountytips #infosec #bugbounty
3
25
3,739
Refelcted XSS through redirecting parameter on @Bugcrowd #ItTakesACrowd #bugbountytip #bugbountytips Tip: when you see any parameter that redirects you to some path e.g redirectUrl/returnPath, try injecting javascript:alert(1) and send the request which sends you to this path
1
3
21
Who is Adam-bugcrowd ? anyone know do he have twitter? I want to do friendship with him 😂 #bugbounty #bugcrowd @Bugcrowd @Masonhck3571 you might know
3
18
5,673
Tip: Stick to 1 program and go deeper and deeper as you can. Do find bugs manually cuz scanner found nothing in this program and I did. 🙃
1
18
Is there any way to check our target's all subdomains list that are using a specific technology e.g like HSTS,Wordpress,SQL ? I am using Wappalyzer but it will consume alot of time to check each single domain @GodfatherOrwa @naglinagli @zseano @codecancare @h4x0r_dz @hakluke
5
3
18
3,877
Hello guys, I want to upgrade my Laptop, what are your recommendations? Is there any benefits to move from Windows to Mac ? Rn I have Dell Inspiron 5515. My requirements: I want to do automation stuff Load heavy files Multi tasks Plus, that damn Burp that cosumes a lot of memory
5
15
11,601
I closed the program after reading that 😂 They believe their site is built like people will not fall for such attacks? #BugBounty #infosec #shit 💩
4
17
2,952
Does @Toyota operate a BBP on @intigriti? DM me if anyone know #BugBounty
6
16
8,401
Replying to @bxmbn
I wish I may also have a month like this btw congratulations 👏
1
14
6,117
Happy Eid ul Adha Mubarak to everyone ✨️❤️ #infosecurity #eid
1
16
1,421
Thanks to @imranHudaA and @iambouali for this opportunity ❤️
Yay I was awarded my first bounty on @Hacker0x01 #BugBounty #infosec It was a Stored XSS but they set the severity to Medium because it required 1 user interaction according to them. Even though it was triggering on Admin-role and it was possible to takeover Admin-role.🫤😂
2
14
2,171
A quick question for Triagers: 1 XSS on domain.com/abcd.jsp?f=payloa… and xyz.domain.com/abcd.jsp?f=pa… is vulnerable and both main domain and subdomain have different IP addresses: domain.com hosted on IP 111.222.333.44 and xyz.domain.com hosted on IP 111.222.888.00
65% New/Different report
35% Duplicate report
71 votes • Final results
1
2
12
2,175
Tip: Think out of the box. This asset was not listed in In-scope but it had an impact to In-scope asset 🫡
2
8
1,646
Does anyone have Cloudfront SQL bypass? #bugbountytips #bugbounty #infosecurity @nav1n0x
12
1,954
you found admin/campaigns.php by fuzzing?
1
1
11
No I haven't any idea when I started just struggled hard didn't gave up and continued learning and applying everything learned from all available sources.
1
11
937