Olivia
Online
Amirabbas Ataei
@ImAyrix
Bug Hunter & Web Application Pentester
Joined September 2021
475 Following
4.3K Followers
599 Posts
I just dropped a new blog post, happy hacking :)
https://t.co/I9qh8cpNe9
@AmirMSafari OnTop 🔥🔥
I wrote this story in a blog post, starting with my old challenge and leading up to this point. Chromium has since patched this attack vector. The full post is linked below, hope you enjoy reading it ;)
https://t.co/cRm6YTGAND
I published one of the techniques that I've been using against OAuth providers, honetly, it's led me to discover many flaws, and recently I used it to find a 1-click ATO on one of the most widely visited websites,I hope you find it useful :-)
https://t.co/o7OO8Y7e3K
Feb 24, 2026 08:35PM ➜ submited
Feb 24, 2026 10:46PM ➜ report was triaged
Feb 25, 2026 12:23PM ➜ bug patched
Mar 17, 2026 02:55PM ➜ bounty awarded
@YShahinzadeh On Top 🔥❤️
It's time for sharing, this is not a simple write-up, we are sharing our methodology and reasoning, detailing how we approached and hunted the flaw, I hope you like it :]
https://t.co/MNmJyNZVBg
![YShahinzadeh's tweet photo. It's time for sharing, this is not a simple write-up, we are sharing our methodology and reasoning, detailing how we approached and hunted the flaw, I hope you like it :]
https://t.co/MNmJyNZVBg https://t.co/Ic6RbsQutn](https://pbs.twimg.com/media/HB3ROYbXEAAENUT.jpg)
We got permission from the Samsung Security team to disclose this uXSS that we found in Samsung Browser, it was assigned a CVE (CVE-2025-58485) and patched.
Here is the PoC, expect the write-up in the next upcoming days.
Both challenges were interesting
Thanks for sharing.
Yousef (@samm0uda) gave me a challenge few days ago, it's a redesign of Amir's recent challenge, the solution is quite interesting, I was able to solve it in 10 minutes as I'd previously debugged QS library it, I highly RECOMMEND it, the source code:
https://t.co/D2cgR6v9PA
Thanks for participating in this challenge! I analyzed the qs parser source code and wrote about the inconsistency between the backend and frontend query parsers, along with two possible solutions. Hope you enjoy it!
https://t.co/BRPp2L7TS6
I recently discovered several vulnerabilities in MCP servers across different attack scenarios (DOM XSS, Stored XSS, SSRF, etc.) and decided to publish a blog post to share my knowledge. Hope you enjoy it! :D
https://t.co/LvElwhVO1r
@YShahinzadeh On Top 🔥❤️
After filtering for the most common ones, it became a really useful part of my workflow. Definitely worth a try if you're looking to enhance your fuzzing lists.
For the past year, I've been using a private wordlist generated from actual bug bounty reports.
I grabbed disclosed report texts by simply appending .json to the report URLs (as shown below) and fed them into fallparams to mine parameters from the included requests and snippets.
https://t.co/9O5zUjv8YA
A great article from Hamid about GIS SDK challenges
He explains how he escalated a DOM XSS into a full Account Takeover. Definitely worth your time 👇
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers