Olivia
Online
TheHatedOne
@3ugman
Bug Bounty Hunter.
Until death, all defeat is psychological.
India
Joined June 2024
103 Following
133 Followers
79 Posts
Pinned Tweet
Got my first bounty $$$ on @Hacker0x01 🥹.
#CyberSecurity #BugBounty #bugbounytips
#hackerone #bugcrowd
@DuckyWantDucky Thanks bro 🤍
Always take a shot. Now they gave me a bounty of $150 and total $250 bounty.
#TogetherWeHitHarder #bugbounty
@alial1shan Nice finding 😳 and congrats for the bounty. Keep hacking.
A simple OTP bypass resulted in a €2,000 bounty.
1. Request some OTP codes.
2. Test one of them randomly.
3. If accepted, try to bypass the OTP request limit.
How the exploit works: enter victim's email, request 99999 OTP codes, then submit any random code like 77777 and log in.
$2000 for a web cache deception bug. As always I share my methodology 👇
Identifying a deception bug is always easy but exploiting it can be hard due to SameSite restrictions on victims cookie
I bypassed this to steal victim JWT. Read about it here:
🔗 https://t.co/CAxfKAC0eP
Found a cool bug at Meta.
From misconfigured Grafana instance to R/W access on 507 private Meta repositories.
Wrote up the full chain here:
https://t.co/LYQ0prc68d
$157k bounty awarded by @metabugbounty
ًWrite-up is now available
you can read it here
https://t.co/gYRRya8swV
Follow Me to Stay updated with more Findings
@4osp3l I will suggest At&t
Deleting any user’s account from the platform via exposed /admin/manage-user
#BugBounty
https://t.co/dwBFbZVHDw
Bypass for the earlier reported issue leading to Organization Takeover via IDOR ($3,700)
#BugBounty
https://t.co/aGKpK0DyR8
Organization Takeover via IDOR ($3,700)
https://t.co/tdKBNJRDbm
#BugBounty
If the admin panel you targeted has a username enumeration , you can brute-force using a wordlist. This has worked many times for me in this case, the username was "admin"
My password wordlists:
Basic: https://t.co/dwZXsZISiJ
Advance: https://t.co/2AvuC5qTqz
Usernames wordlist:
https://t.co/cKCjZbmS39
#bugbountytips #bugbounty
@arth_bajpai @Fabrikat0r Actually it's two different programs not https://t.co/PtjFM8J6xc & https://t.co/t3AFPjMGeN it's like https://t.co/mZbeRZ9x37 & https://t.co/YTcZlcXcOp. Anyways they just closed it as informative but thanks for explanation
IDK why informative? The web restrict users from email changing and I bypassed it completely and still they are saying informative. What is this logic ? If I'm wrong on this, hunters can change me.
#bugbountytips #bugbounty #hackerone
Got invited to 2 similar prgms on @Hacker0x01 1 tested earlier & 1 recently. Noticed both used identical APIs, but only the newer prgm allowed email changes. By swapping its endpoint into the older prgm, I bypassed the restriction & successfully changed the email
#bugbountytips
@arth_bajpai Yeah That's right 🤍
@sin99xx Ok lil bro. I understood everything, now take some rest 😭
Last Seen Users on Sotwe
Đức Nguyễn
Seen from Vietnam
Cafe Guy Gay fun
Seen from Vietnam
T.Selvaraju,
Seen from Ukraine
Menu Spesial
Seen from Indonesia
ibua ayos 
Seen from Indonesia
family sex
Seen from Pakistan
ชอบเย็ดตามทุ้งนาเย็ดคนอ้วนสาวไหญ่
Seen from Thailand
Sağlam Aktif
Seen from Turkey
Charly Lopez
Seen from Guatemala
CiraBunBun 🐇
Seen from Israel
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers