Most open redirects are low-severity or N/A.
But used creatively, they can become high impact gadgets.
Here are 4 ways to show impact with open redirects:
1️⃣ SSRF Chaining
Use it to bypass filters where the domain is allow-listed.
2️⃣ OAuth Abuse
Exploit it in auth flows to leak access tokens and sensitive parameters.
3️⃣ Iframe Embedding + postMessage
Embed your attacker-controlled redirect page via iframe for postMessage exploits.
4️⃣ Client-side Path Traversal
Inject ../../ in dynamic fetch or iframe src to hit the redirect and potentially trigger XSS.
Loads more gadgets like this in this @ctbbpodcast HackerNotes: https://t.co/yqZ28tTdyP
Hidden or disabled fields are commonly overlooked, but they can still open the door to some cool bugs.
Try creating a bookmarklet to instantly reveal these fields.
Here are some quick examples you can copy and paste:
🔖 Enable all disabled or readonly fields:
javascript:(function(){document.querySelectorAll('[disabled],[readonly]').forEach(el=>{el.removeAttribute('disabled');el.removeAttribute('readonly');});})();
🔖 Unhide elements styled with display: none:
javascript:(function(){document.querySelectorAll('[style*="display: none"]').forEach(el=>{https://t.co/026Bdpf7aY.display='block';});})();
the research paper is out:
Next.js and the corrupt middleware: the authorizing artifact
result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical)
https://t.co/GZkbnr6o9H
enjoy the read!
I'm a hacker and AI researcher who has reported vulnerabilities to OpenAI, Google, and others. I wrote this guide as a reference of all of the ways that you can hack AI.
It has saved me hours. Bookmark this if you need a reference for what all to try (AND includes mitigations).
Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website https://t.co/lGRfqhmcVK for early access and the slides!
Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! 🐈
Oauth redirect URI research paper by Tommaso Innocenti et al.
https://t.co/CDhpGcW9Sn
#BBRENewsletter73
Subscribe to get the next issue: https://t.co/qyKDmBSVQM
The Censys search engine (https://t.co/JO1rvqsRrN) gives you a great opportunity to discover hosts and all kinds of services running on your target 🔍
Be sure to use the built-in features to get more accurate results to suit your needs!
#bugbounty#bugbountytips
NEW FREE ROOM: SSRF
Gain a detailed understanding of methods and techniques to exploit SSRF vulnerability that includes:
🙌 Basic SSRF
🙌 Blind SSRF
You'll also learn protection measures against the vulnerability!
https://t.co/6Uh0Kc8bJb
Our boy @nahamsec has been TEARING IT UP lately in the bug bounty scene with 500k made in 2023.
We brought him on the pod this week to discuss bug bounty strats and how he is popping a shitton of Blind XSS with some custom tooling and methodology.
https://t.co/tNKNUBO30E
Elevate your security game in 2024!
Join us next week for an exclusive webinar and live demo to see how revamping your pentesting strategy can deliver impactful results.
📅 January 9, 2024
⏰ 12 p.m. EST | 5 p.m. GMT
Register now to secure your spot. https://t.co/jI2Je5oh4p
Ok fam. I’m giving away TWO free tickets to my course which takes place in two/three weeks.
All you have to do to win is like, retweet this tweet, and reply with “https://t.co/VnOqGJ5Yyo!”
I’ll pick winners next week!
If you haven’t seen my course, check out the link!
I often find IDORs by searching in JS Files for interesting endpoints, but how do I automate this while also performing manual hunting?🤔
#bugbountytips
I mostly use my custom @trick3st workflow for finding unique domains & secrets in JS files, here is how it works👇
1/4
`Count every “bugless” night as a learning opportunity: learning new skills to add to your testing methodology, learning about new uncovered assets, or just another night getting closer to a valid/unique finds.` 💪🏻
In case you missed it, I wrote a blog post about the lessons I learned from working for myself full-time and doing bug bounties for the majority of my income. What do you think? Are bug bounties worth it?
https://t.co/nIGbMWNDhL
Did you know that you can integrate Burpsuite with SQLMap to scan for SQL Injections?
If not, check out SQLPy!👇
A Burpsuite extension available for CE as well as the Professional edition to help you send requests to SQLMap API! 😎
https://t.co/tumwP5BKxZ