Olivia
Online
cmx
@Clim4xog
Joined February 2022
860 Following
42 Followers
85 Posts
~ tried @deepseek_ai w @claudeai code
~ consumed 350M tokens in a day
~ cost me just about 6$ in total
~ found a SSRF bypass worth 2500$ ๐ธ๐ฐ
#BugBounty #bugbountytips
@gilileoB ืื
@thedawgyg No brain sometimes is great luck. I guess you already know that.
@KarivGilad ืืืื ืืจืืื
@hasolidit ืืช ืืืื ืขืื ืืชืขืกืงืช ืืืืจืื ืฉืงืฉืืจืื ืืืืืื?
ืื ื ืฉืืื ืืจืฆืื ืืช ืืื ืืงืืข ืจืข.
ืคืฉืื ื ืืจืื ืฉืืช ื ืื ืืงืืข ืขื "ืืืืฉืื ืืจื".
Top 8 MCP servers for cybersecurity:
1. Wiz MCP Server
โ cloud security
๐ https://t.co/fDEXJwbTd5
2. Cloudflare MCP Server
โ Infrastructure and security
๐ https://t.co/sO9LQPPRHJ
3. PortSwigger MCP Server
โ Webapp security testing
๐ https://t.co/EyPoPUCqCB
4. GitHub MCP Server
โ ย Developer security & automation
๐ https://t.co/JTpHwGtcR3
5. https://t.co/TUC3UaFy4m MCP Server
โ API Security
๐ https://t.co/7tPWfYvsuA
6. Check Point Software Point MCP Server
โ Network and threat prevention
๐ https://t.co/Yr15KnTUrP
7. Google MCP Security
โ Cloud security and threat intelligence
๐ https://t.co/8IXJTz99u8
8. Elastic Security MCP Server
โ SIEM and detection
๐ https://t.co/0BI4Xw6OaB
Race Condition + Host Header Injection + Redis(Cache)= Zero Click XSS
The first attempts were not successful and the reflect was not observed, but using the RACE, I saw that my sampler is displayed for the rest of the users
๐ซฅ
I will publish it after permission.
#BugBounty
๐ Sensitive data leakage using .json
Hereโs a tip to achieve sensitive data leak using .json extension.
Notice the added .json extension in our request which resulted in obtaining the secret token!
#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp
Nuclei Bug Hunter
I will upload more #nuclei templates that help bug bounty Hunters.
https://t.co/pxt5eHLYg6
#infosec #pentesting #bugbounty
How i am hunting for phpmyadmin logins:-
nuclei -l live-subs.txt -t nuclei-templates/http/exposed-panels/phpmyadmin-panel.yaml
## Then :-
- Test for default creds : root & password,..etc
- Fuzzing
- Test SQLi
- Response Manipulation
#bugbountytips #cybersecurity #Security
Credit - @wadgamer10
#bugbountytip #bugbountytips
i found phpmyadmin template on nuclei
phpmyadmin-setup.yaml
next step edit that template for
/admin/
template endpoint was [/pma/setup/index.php]
i found 2 on [/admin/pma/setup/index.php]
happy hunting โฅ
#BugBounty
![GodfatherOrwa's tweet photo. #bugbountytip #bugbountytips
i found phpmyadmin template on nuclei
phpmyadmin-setup.yaml
next step edit that template for
/admin/
template endpoint was [/pma/setup/index.php]
i found 2 on [/admin/pma/setup/index.php]
happy hunting โฅ
#BugBounty https://t.co/Ao1aAlJ0ww](https://pbs.twimg.com/media/FrvX-urWcAIEXJz.png)
Easy P1 ๐ #bugbountytips #bugbounty
Endpoint
/elmah
/ELMAH
or you can use the below Template to find out the issue
https://t.co/FoVjxHBnki
Bug bounty hunters: want a #bugbountytip on finding the right public programs to participate in?
1๏ธโฃ Look at some of the more successful bounty hunter's profiles (if they are public)
2๏ธโฃ Scroll down to their most awarded or participated in.
3๏ธโฃ Hack those. There's vulns there.
95% from hunters remove pics from endpoint
my steps
gathering all target endpoints
filter the results just for pic extensions
(cat endpoints.txt | egrep 'jpg|jpeg|png' > results.txt)
filter to live
send results for screenshot tool
1/2
#bugbountytips #bugbountytip #bugbounty
url/?f=etc/passwd ==> 403
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
#bugbountytips #bugbountytip
Tip :
1-Site https://t.co/HsP3izDRcl
2-Add first subdomain in first directory .sql.gz like
https://t.co/hYyYcTdjur
Severity depending on content of files most of time is (Critical)
#bugbountytip #bugbountytips #bugbounty #hackerone #bugcrowd #h1
๐จ Bug Bounty hunting - Udemy Couse ๐จ
Source : https://t.co/BV3igqzzZp
#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp
Last Seen Users on Sotwe
Koyu mavi
Seen from Turkey
แแแแปแแแแแแแ
แปแ
Seen from Thailand
kaka lionel
Seen from Indonesia
เธเธนเธซเธเธฑเธ เธซเธเธฑเธเนเธซเธกเน เธเธฅเธดเธเธซเธฅเธธเธเนเธเนเธเน ๐๐ฆ
Seen from Thailand
ุชุบุฑูุฏ ุฎุงูุฏ
เธชเธฒเธงเธชเธญเธเธฃเธฑเธเธเธฒเธเธญเนเธญเธเธเธธเธ
Seen from Thailand
Hunter x
Seen from United States
ููู ู
ุญุงุฑู
ุนุงุฆูู ุงู
ูุงุช ูุงุฎูุงุช
๐ป๐ณ Ivan Dang ๐ป๐ณ
Seen from Vietnam
้ขๆ
Seen from Korea
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers