![GodfatherOrwa's tweet photo. Hello everyone ♥
a little bit write-up of #bugbountytip #bugbountytips I am going to write here .....
Title:
getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon
we know that its helpful to look for google
groups/docs/etc..
Slack as well just like when the amazing @h4x0r_dz shared days ago ..
Use google dork "site:https://t.co/ravW2tHHcP"
so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one
for EX:
https://t.co/wPxAHXvC18
https://t.co/hs3VHvhT92
https://t.co/ravW2tHHcP
and here is just an example you can add more similar workspaces for your checklist
thin I extracted all internet endpoints and as example here join[.]slack[.]com
https://t.co/OlHQSEQ6Qz
https://t.co/e8jB8H6nMS
https://t.co/w5h4VkESyQ
you can use the ready tools to do it such as waymore
important note: you have to keep your checklist updated every week
and from here I just keep looking for the company name or domain name to see if there's anything connected
and mostly the company name or domain name in the URL it self EX: tesla
https://t.co/QesyI4MHu2
Ex For Bugs found:
1 unauthorized access to the workspaces
(PII | Information disclose)
2 account takeover as Ex: valid signup employee link
3 account takeover as Ex: valid reset password employee link
now about Slack, as an example if you found an invitation link for tesla
Tesla https://t.co/QesyI4MHu2 and that link was not valid, don't stop here
it will redirect for Ex:
tesla-internal[.]slack[.]com
here back and start looking manually for endpoints of this subdomain as well EX:
https://t.co/w2dhvfdBhL
now there are a lot of 3rd party's/workspaces I just shared here
slack & Google Docs/groups
What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here.
#Bugounty
don't forget to retweet if you like it ♥♥♥](https://pbs.twimg.com/media/GhQSCs4WAAA0DSc.png)
Olivia
Online
StarKrish
@PD_5ive
Top 100 on @Bugcrowd
403
Joined March 2010
418 Following
2.1K Followers
2.1K Posts
Pinned Tweet
A few months ago, I found a Prompt Injection vulnerability on Google Tasks.
It was simple, yet tricky.
Google rewarded me with a $15,000 bounty for it.
Here's the full story:
Hello everyone ♥
a little bit write-up of #bugbountytip #bugbountytips I am going to write here .....
Title:
getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon
we know that its helpful to look for google
groups/docs/etc..
Slack as well just like when the amazing @h4x0r_dz shared days ago ..
Use google dork "site:https://t.co/ravW2tHHcP"
so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one
for EX:
https://t.co/wPxAHXvC18
https://t.co/hs3VHvhT92
https://t.co/ravW2tHHcP
and here is just an example you can add more similar workspaces for your checklist
thin I extracted all internet endpoints and as example here join[.]slack[.]com
https://t.co/OlHQSEQ6Qz
https://t.co/e8jB8H6nMS
https://t.co/w5h4VkESyQ
you can use the ready tools to do it such as waymore
important note: you have to keep your checklist updated every week
and from here I just keep looking for the company name or domain name to see if there's anything connected
and mostly the company name or domain name in the URL it self EX: tesla
https://t.co/QesyI4MHu2
Ex For Bugs found:
1 unauthorized access to the workspaces
(PII | Information disclose)
2 account takeover as Ex: valid signup employee link
3 account takeover as Ex: valid reset password employee link
now about Slack, as an example if you found an invitation link for tesla
Tesla https://t.co/QesyI4MHu2 and that link was not valid, don't stop here
it will redirect for Ex:
tesla-internal[.]slack[.]com
here back and start looking manually for endpoints of this subdomain as well EX:
https://t.co/w2dhvfdBhL
now there are a lot of 3rd party's/workspaces I just shared here
slack & Google Docs/groups
What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here.
#Bugounty
don't forget to retweet if you like it ♥♥♥
![GodfatherOrwa's tweet photo. Hello everyone ♥
a little bit write-up of #bugbountytip #bugbountytips I am going to write here .....
Title:
getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon
we know that its helpful to look for google
groups/docs/etc..
Slack as well just like when the amazing @h4x0r_dz shared days ago ..
Use google dork "site:https://t.co/ravW2tHHcP"
so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one
for EX:
https://t.co/wPxAHXvC18
https://t.co/hs3VHvhT92
https://t.co/ravW2tHHcP
and here is just an example you can add more similar workspaces for your checklist
thin I extracted all internet endpoints and as example here join[.]slack[.]com
https://t.co/OlHQSEQ6Qz
https://t.co/e8jB8H6nMS
https://t.co/w5h4VkESyQ
you can use the ready tools to do it such as waymore
important note: you have to keep your checklist updated every week
and from here I just keep looking for the company name or domain name to see if there's anything connected
and mostly the company name or domain name in the URL it self EX: tesla
https://t.co/QesyI4MHu2
Ex For Bugs found:
1 unauthorized access to the workspaces
(PII | Information disclose)
2 account takeover as Ex: valid signup employee link
3 account takeover as Ex: valid reset password employee link
now about Slack, as an example if you found an invitation link for tesla
Tesla https://t.co/QesyI4MHu2 and that link was not valid, don't stop here
it will redirect for Ex:
tesla-internal[.]slack[.]com
here back and start looking manually for endpoints of this subdomain as well EX:
https://t.co/w2dhvfdBhL
now there are a lot of 3rd party's/workspaces I just shared here
slack & Google Docs/groups
What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here.
#Bugounty
don't forget to retweet if you like it ♥♥♥](https://pbs.twimg.com/media/GhQS5zjWcAAJjPz.png)
🚀 Recon on autopilot! @prettyrecon’s new Global Scan is live! 🛡️⚡️
Our smart AI engine now scans your targets daily. Users are already getting email alerts with fresh findings delivered straight to their inbox! 📩✨
📊 Visit : https://t.co/gOhbHe8GuN
#BugBounty #Infosec #AI
Who to follow
Omkar Mali🇮🇳
@OMK4RM4LI
• Yogosha Strike Force • Red Team at @pentabug• CEH• CPENT• LPT• CTF Player ⛳• Gamer🎮• Security Researcher
SherlockSecure
@sherlocksecure
Security Engineer | I'm that SherlockSecure ;(
All views are very obviously just mine
Vegeta
@_justYnot
Curious. Hungry for knowledge. Just why not? Acknowledged by @Apple security | eWPTXv2 |eCPPTv2 | eJPT | @Synackredteam member | Bug Bounty Hunter
It’s time to lock in. If you’re struggling with bug bounties, spend the next few weeks finding a target you personally enjoy. Bigger the scope the better! Then focus on them everyday for the entire year. Aim to hack 2-3 hours minimum a day. You’ll learn lots and find bugs.
GL!
Big things brewing at PrettyRecon 🔥
Our UI is getting a full makeover.
More clarity. More speed. More wow.
Excited? 👀
Stay tuned.
#PrettyRecon #Security #ProductUpdate
Let's do interactive #bugbounty learning. Path-based IDORs. Fun!
You visit a webpage with your browser, which should be Firefox, at https://www[.]place[.]com/user/12345.
The webpage forces a client request to
https://api[.]place[.]com/api/v3/users/12345
This request responds with JSON about that user, to populate into your Firefox web browser. Its sensitive PII.
Let me break down my thought process here.
1] The first thing I do with this in less than 5 seconds, is try the number 12344 in the path. Iterate a bit, make sure you get 401/403s back. If not, you probably are looking at someone else's PII. Yay, GG.
2] I try to change the path to /v1/, /v2/, /v4/. Remove it entirely too. Sometimes different API versions are less secure. Those still in development, older ones, etc.
3] Then I run parameters at the end like ../api/v3/users/12345?userId=12344.
I try every parameter from the JSON response(s). Did the response change? If it changed the parameter did something. Investigate. (Intruder here)
4] I search JS files for "/api/v3/users" or keywords in the path to find where and how the API path was built, or where there may be other API paths. This is usually in the JS. Sometimes there are deprecated, hidden, or admin APIs laying there. Then I try all of those. Pivot pivot pivot.
5] I usually try appending ?, /, #, and/or URL encoded versions of each of these to the end of the API path. Sometimes that results in a bypass. One time I bypassed the security on thousands of APIs using a trailing slash due to ... well... bad code. This trick also works good when the mitigation was a WAF block.
6] Traverse backwards down the API. Check /api/v3/users/, /api/v3/, /api/, -- fuzz for obvious swagger or API schema paths. Add extra slashes, it looks cool. ///api//v3//users///// . Who knows right?
7] Throw a single quote in there, /12345'. Did it blow up? Add another quote in there, /12345'' - did it un-blow up? Might be SQLi. Don't try XSS, XSS is stupid.
8] Fuzz the words "users". What else could be there?
9] Sometimes APIs reserve keywords, like "ALL". Try things like /users/all instead of /users/12345. Run the US Websters Dictionary through that path. Watch case sensitivity, if it uses lower, its probably always lower. So dont send uppercase stuff to a lowercase API.
10] If none of this worked, I'm probably on another API at this point. Less than 10 minutes gone.
What else would you do?
another research effort with @inzo____ led to the discovery of two new vulnerabilities in React Router (14M+ downloads/week), resulting in:
- CVE-2025-43865 (High-8.2)
- CVE-2025-43864 (High-7.5)
New Target info page looks cool, @PrettyRecon
Take a look at my blog w/ @Bugcrowd where I talk about RCE and one of the ways it landed me a critical payout!
https://t.co/iaqONivw4H
🚀 Major update to @PrettyRecon CLI!
✨ Complete rewrite featuring:
• Latest API integration
• Custom subdomain scanning
• Real-time monitoring
• Interrupt handling
Repo: https://t.co/CBKyeN0PA8
Faster, more reliable, and packed with new features! 🛡️
#BugBounty #Recon
We’ve just given our platform a makeover with a fresh new UI and exciting features! Dive in at https://t.co/KlEjcFSqOL and experience the upgrade for yourself. Full reveal coming soon. #PrettyRecon #UIUpdate #NewFeatures
How we gained full control over 3,000 companies and all their registered branches.
This took us about 3 weeks of studying the target to find about all the vulnerabilities explained.
Hope you enjoy reading!
https://t.co/Gz1xlo7LJb
Got 2FA? Here are 13 ways to test its security.
https://t.co/TSxCMK8gcP
Elevate your security this winter with PrettyRecon! ❄️ Get huge discounts on annual & semi-annual plans. Domain monitoring, advanced JS analysis, and more! #cybersecurity #websecurity #PrettyRecon #BugBounty
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers