Sotwe logo Sotwe logo
__the7th's profile banner image
__the7th's profile image

Mostafa Alrefai

@__the7th

All Thanks To My God - الحمد لله
Joined August 2022
1 Following
656 Followers
78 Posts
__the7th's profile image
Mostafa Alrefai @__the7th
The bug get fixed, so I wanted to share the story... Write-up Link: https://t.co/Bi12cCq4Ki
4
232
25
190
27K
__the7th's profile image
Mostafa Alrefai @__the7th
🧵Bug Bounty Diaries ( D6 ) It's still a VDP, but the chain was EPIC => From CSTI (Client-Side Template Injection) to XSS Gadget + WAF Bypass => From XSS to CSP Bypass => From CSP Bypass to fetch requests => From fetch requests to Cookie hijacking
__the7th's tweet photo. 🧵Bug Bounty Diaries ( D6 ) It's still a VDP, but the chain was EPIC => From CSTI (Client-Side Template Injection) to XSS Gadget + WAF Bypass => From XSS to CSP Bypass => From CSP Bypass to fetch requests => From fetch requests to Cookie hijacking https://t.co/a5M76ZSy6d
3
75
4
30
17K
__the7th's profile image
Mostafa Alrefai @__the7th
@HambrickBr76801 I don't
0
0
0
0
10
__the7th's profile image
Mostafa Alrefai @__the7th
🧵Bug Bounty Diaries ( D5 ) Stored-XSS in the user's first and last name fields This was an old bug in a public bug bounty program, and it could be escalated to exfiltrate user cookies...
__the7th's tweet photo. 🧵Bug Bounty Diaries ( D5 ) Stored-XSS in the user's first and last name fields This was an old bug in a public bug bounty program, and it could be escalated to exfiltrate user cookies... https://t.co/z6Qf0h1JjM
2
66
2
24
15K
__the7th's profile image
Mostafa Alrefai @__the7th
@ironCardSec Maybe 1 hour
0
0
0
0
77
__the7th's profile image
Mostafa Alrefai @__the7th
I wanted to add some information about Exploit 1. After testing the exploit on live targets and a local lab, I validated that the XSS payload will work only if it is a DOM-Based Open Redirect, and if it were a Server-Based Open Redirect, the browser will stop the XSS from running
__the7th's tweet photo. I wanted to add some information about Exploit 1. After testing the exploit on live targets and a local lab, I validated that the XSS payload will work only if it is a DOM-Based Open Redirect, and if it were a Server-Based Open Redirect, the browser will stop the XSS from running https://t.co/JjajGx563s
__the7th's profile image
Mostafa Alrefai @__the7th
🧵Bug Bounty Diaries ( D4 ) How to escalate an "Open Redirect" from P5 to P3 or P1 Yesterday, I found an Open Redirect in a public VDP, and I wanted to teach you the exploitation process that you should take before reporting the bug as a P5 ... thread...
__the7th's tweet photo. 🧵Bug Bounty Diaries ( D4 ) How to escalate an "Open Redirect" from P5 to P3 or P1 Yesterday, I found an Open Redirect in a public VDP, and I wanted to teach you the exploitation process that you should take before reporting the bug as a P5 ... thread... https://t.co/zIo0bVjbuI
5
267
29
254
30K
0
27
2
11
2K
__the7th's profile image
Mostafa Alrefai @__the7th
🧵Bug Bounty Diaries ( D4 ) How to escalate an "Open Redirect" from P5 to P3 or P1 Yesterday, I found an Open Redirect in a public VDP, and I wanted to teach you the exploitation process that you should take before reporting the bug as a P5 ... thread...
__the7th's tweet photo. 🧵Bug Bounty Diaries ( D4 ) How to escalate an "Open Redirect" from P5 to P3 or P1 Yesterday, I found an Open Redirect in a public VDP, and I wanted to teach you the exploitation process that you should take before reporting the bug as a P5 ... thread... https://t.co/zIo0bVjbuI
5
267
29
254
30K
__the7th's profile image
Mostafa Alrefai @__the7th
@VAG33K You can bypass authentication and authorization checks, using Math & Replace rules, if it done on the Client-Side only.
0
0
0
1
312
__the7th's profile image
Mostafa Alrefai @__the7th
🧵Bug Bounty Diaries ( D3 ) This was an EPIC hack... TTMG, In this report, I was able to combine 2 vulnerabilities to bypass the login page of an admin portal and log in as an admin, without any username or password Maybe more details in the future...
__the7th's tweet photo. 🧵Bug Bounty Diaries ( D3 ) This was an EPIC hack... TTMG, In this report, I was able to combine 2 vulnerabilities to bypass the login page of an admin portal and log in as an admin, without any username or password Maybe more details in the future... https://t.co/QGshPNk1i4
3
192
6
71
16K
__the7th's profile image
Mostafa Alrefai @__the7th
Sometimes, it just happens...
__the7th's tweet photo. Sometimes, it just happens... https://t.co/BmrTos6HeH
1
90
1
5
3K
__the7th's profile image
Mostafa Alrefai @__the7th
@Hoesenbug The popup appears when I inject the payload manually, or send the payload in an old browser.
0
0
0
0
26
__the7th's profile image
Mostafa Alrefai @__the7th
🧵The Bug Bounty Diaries... This is the first post of a New Series where I talk about bugs that I found in wild Bug Bounty Targets This is a short story about a DOM-Based XSS that I found in a Private Bug Bounty Program, but it was unexploitable due to modern browser mechanisms
__the7th's tweet photo. 🧵The Bug Bounty Diaries... This is the first post of a New Series where I talk about bugs that I found in wild Bug Bounty Targets This is a short story about a DOM-Based XSS that I found in a Private Bug Bounty Program, but it was unexploitable due to modern browser mechanisms https://t.co/JEMZih2XnR
3
87
6
70
13K
__the7th's profile image
Mostafa Alrefai @__the7th
🧵Bug Bounty Diaries ( D2 ) Today, I found my first "Prototype Pollution" vulnerability in the wild, but it can't be a valid bug to be reported on its own, so when you find a PP, you should dig deeper to combine it with a gadget in order to build a valid report...
__the7th's tweet photo. 🧵Bug Bounty Diaries ( D2 ) Today, I found my first "Prototype Pollution" vulnerability in the wild, but it can't be a valid bug to be reported on its own, so when you find a PP, you should dig deeper to combine it with a gadget in order to build a valid report... https://t.co/V90kalfrYs
1
116
8
76
13K
__the7th  retweeted
__the7th's profile image
Mostafa Alrefai @__the7th
@Hoesenbug You send the payload in the parameters part or the fragment part of the URL, to be a part of the document.URL source
__the7th's tweet photo. @Hoesenbug You send the payload in the parameters part or the fragment part of the URL, to be a part of the document.URL source https://t.co/wGZEeAfWca
1
1
1
2
352
__the7th's profile image
Mostafa Alrefai @__the7th
Why can't we send the payload without URL-encoding? Because in modern browsers, when you send anything in the query part or the fragment part of the URL, the browser should URL-encode it automatically, and this will prevent the attack from being successful.
1
5
0
0
774
__the7th's profile image
Mostafa Alrefai @__the7th
DOM-Based XSS is all about (Source + Sink). In this case, the sink was `document.write` and the source was `document.URL` The problem is that the attack will only be valid if the payload was sent to the sink without URL encoding, as you can see the "alert box" in the screenshot.
1
4
0
0
886
__the7th's profile image
Mostafa Alrefai @__the7th
[*] Bug Bounty Skills... (More Parameters = More Vulnerabilities) Did you know that there are 4 types of discovery techniques: 1. Website Crawling (Active) 2. Hidden Parameter Fuzzing (Active) 3. JavaScript Mining (Passive) 4. Searching Public Archives (Passive) 🧵Thread...
4
16
4
26
6K
__the7th's profile image
Mostafa Alrefai @__the7th
Building "AI Hacking Agents" from pure Python...
__the7th's tweet photo. Building "AI Hacking Agents" from pure Python... https://t.co/GRW0KRG1Kn
0
9
1
1
2K
__the7th's profile image
Mostafa Alrefai @__the7th
I like the UI updates by @Bugcrowd
__the7th's tweet photo. I like the UI updates by @Bugcrowd https://t.co/1vBMl5umsf
0
79
1
6
3K

Last Seen Users on Sotwe

layt_king2023's profile image
ليت✨
Seen from Germany
Pecinta_tudung's profile image
Sya
Seen from Malaysia
Stephy_Curry_'s profile image
sᴛᴇᴘʜ⋆✿*°ᵕ̈^ Verified account
Seen from United States
qwertyuiop0642's profile image
红桃A极品视觉 Verified account
Seen from United States
Sagamu385560's profile image
HINDATU SAGAM Verified account
hollyweston09's profile image
清水帅哥脚
aras180000's profile image
aras 18
Seen from Turkey
chapin_xxx's profile image
Chapin xxx (18+)
Seen from United States
Meiya1314's profile image
美吖 Verified account
BokepxnxChudai's profile image
Bokepxnx Chudai
Seen from Singapore

Trends for you

1
Lewis
Under 10K tweets
2
Flag Day
Under 10K tweets
3
Happy Birthday President Trump
Under 10K tweets
4
White House
Under 10K tweets
5
Cucurella
Under 10K tweets
6
Beirut
Under 10K tweets
7
Mr. President
Under 10K tweets
8
Golden Corral
Under 10K tweets
9
Carreras
Under 10K tweets
10
#TheAngelCalledYEOSANG
Under 10K tweets

Most Popular Users

elonmusk's profile image
1
Elon Musk Verified account
@elonmusk
240.2M followers
barackobama's profile image
2
Barack Obama Verified account
@barackobama
119.3M followers
realdonaldtrump's profile image
3
Donald J. Trump Verified account
@realdonaldtrump
111.6M followers
cristiano's profile image
4
Cristiano Ronaldo Verified account
@cristiano
109.5M followers
narendramodi's profile image
5
Narendra Modi Verified account
@narendramodi
107M followers
rihanna's profile image
6
Rihanna Verified account
@rihanna
97.4M followers
nasa's profile image
7
NASA Verified account
@nasa
92.1M followers
justinbieber's profile image
8
Justin Bieber Verified account
@justinbieber
90.7M followers
katyperry's profile image
9
KATY PERRY Verified account
@katyperry
87.1M followers
taylorswift13's profile image
10
Taylor Swift Verified account
@taylorswift13
80.9M followers
ladygaga's profile image
11
Lady Gaga Verified account
@ladygaga
72.5M followers
kimkardashian's profile image
12
Kim Kardashian Verified account
@kimkardashian
69.5M followers
imvkohli's profile image
13
Virat Kohli Verified account
@imvkohli
69M followers
youtube's profile image
14
YouTube Verified account
@youtube
68.6M followers
billgates's profile image
15
Bill Gates Verified account
@billgates
63.6M followers
theellenshow's profile image
16
The Ellen Show
@theellenshow
62.5M followers
cnn's profile image
17
CNN Verified account
@cnn
61.9M followers
neymarjr's profile image
18
Neymar Jr Verified account
@neymarjr
61.6M followers
x's profile image
19
X Verified account
@x
60.9M followers
selenagomez's profile image
20
Selena Gomez Verified account
@selenagomez
60.2M followers