Tobi Weißhaar @_kun_19 - Twitter Profile

Pinned Tweet

over 1 year ago

Got a $12,000 bounty on @Hacker0x01! https://t.co/Gogh73TvTd #TogetherWeHitHarder My highest single bounty ever 🙂 And…it was a mobile bug 📱 Unfortunately can‘t share any details, but Android permissions used across multiple apps of the company can be an issue ;)

7

182

7

30

6K

Tobi Weißhaar @_kun_19

20 days ago

@rootxharsh @HacktronAI What I observed is that CloudFront, Akamai, etc. are most of the time used and are blocking the suspicious payload

0

98

_kun_19 retweeted

pwn.ai @pwn_ai

2 months ago

🚨 ZERODAY: ImageMagick 🚨 Our autonomous pentester https://t.co/zHUcIkHqvr just dropped multiple zeroday chains in ImageMagick that achieve RCE and File Leak from a single .jpg or .pdf file, bypassing EVERY security policy (Default, Limited, AND Secure). 🤯 💥 Affects Ubuntu, Debian, WordPress & millions of servers globally. Happy Monday and Happy Hunting! 🥰 https://t.co/nNAvFAvPOx

pwn_ai's tweet photo. 🚨 ZERODAY: ImageMagick 🚨

Our autonomous pentester https://t.co/zHUcIkHqvr just dropped multiple zeroday chains in ImageMagick that achieve RCE and File Leak from a single .jpg or .pdf file, bypassing EVERY security policy (Default, Limited, AND Secure). 🤯

💥 Affects Ubuntu, Debian, WordPress & millions of servers globally. Happy Monday and Happy Hunting! 🥰

https://t.co/nNAvFAvPOx

7

468

123

415

43K

Tobi Weißhaar @_kun_19

3 months ago

Took a long break from bug bounty hunting but feels good to know muscle memory is still there 😅 Got a $800 bounty on @Hacker0x01! https://t.co/Gogh73TvTd #TogetherWeHitHarder

1

67

2

9

2K

Who to follow

Sourav Khan🇧🇩 🇵🇸

@Br0k3n_1337

Bug Bounty Hunter | Muslim❤️

Fares

@_2os5

Hacker | Bug Bounty Hunter

Valeriy

@Krevetk0Valeriy

Security enthusiast, bug bounty hunter at @Hacker0x01 and @Bugcrowd https://t.co/RjYvPJaXTW https://t.co/dkUfA2vywe

Tobi Weißhaar @_kun_19

3 months ago

Thrilled to announce the start of a new chapter @codewhitesec 🙂 Thank you for the welcome package 🙃

5

38

1

6

2K

Tobi Weißhaar @_kun_19

11 months ago

..to exploit it in 2025 I recommend https://t.co/38VqENznWi

0

19

1

31

532

Tobi Weißhaar @_kun_19

11 months ago

Yay, I was awarded a $900 bounty on @Hacker0x01! https://t.co/Gogh73U3IL #TogetherWeHitHarder #bugBounty Cross-Site attacks become very rare with the latest browser security mechanisms but found a cross-site web socket hijacking vulnerability recently. If you want to know how..

3

79

3

10

3K

Tobi Weißhaar @_kun_19

12 months ago

First experience with the @SamsungMobile Bug Bounty Program. Takes a looong time to get rewarded and the reward was not as expected…but anyways what stays is a CVE for Samsung (Browser App) 😅 Thanks @_m1tZ for the collab!#bugBounty #hacking https://t.co/rnw5zchWyc

0

20

1

2

1K

_kun_19 retweeted

Shopify Engineering

@ShopifyEng

about 1 year ago

🪲 Bug bounty disclosure: account vulnerability Here's how @_kun_19 highlighted a security gap in Shopify Collabs 🧵

2

16

2

7

3K

Tobi Weißhaar @_kun_19

about 1 year ago

...the configured redirect uri in the Facebook Dev Portal. On this way I showed how I'm able to steal the Oauth authorization code, which also allows me to log into the victim's account

0

1

0

1

259

Tobi Weißhaar @_kun_19

about 1 year ago

Got a $500 bounty on @Hacker0x01! https://t.co/Gogh73TvTd #TogetherWeHitHarder Exploited an Intent Redirection in a mobile app. It's a kind of equivalent to an Open Redirect in web apps. 🧵

4

69

0

17

2K

Tobi Weißhaar @_kun_19

about 1 year ago

...I created an own Facebook OAuth Client in Facebook's Developer Portal and started the activity with the appropriate OAuth config. The victim is now prompted to log in via Facebook and after doing that, the OAuth victim's authorization code is sent to my web server due to...

1

2

0

2

279

Tobi Weißhaar @_kun_19

about 1 year ago

@bogbounty @Hacker0x01 had the source code 🤷🏻‍♂️😄 So no real advice sorry😅

0

28

Tobi Weißhaar @_kun_19

about 1 year ago

Got a $6,000 bounty on @Hacker0x01! Hmm…seems SQL injections are still a thing 🙃 https://t.co/Gogh73TvTd #TogetherWeHitHarder

4

224

7

35

6K

Tobi Weißhaar @_kun_19

about 1 year ago

@AatankBadb16659 @Hacker0x01 I had the target‘s source code and just saw it in the code so it was no black box for me 😅

0

1

0

67

_kun_19 retweeted

publiclyDisclosed @disclosedh1

about 1 year ago

Shopify disclosed a bug submitted by @_kun_19: https://t.co/5FuSXlZK3V - Bounty: $800 #hackerone #bugbounty

0

37

6

11

3K

Tobi Weißhaar @_kun_19

about 1 year ago

One of my reports to @ShopifyEng was disclosed. ATO with some preconditions that must be met, but maybe interesting for you 😉 #BugBounty @Hacker0x01 https://t.co/TYatqQ7PxH

1

110

8

35

4K

Tobi Weißhaar @_kun_19

over 1 year ago

And now it‘s weekend 😫

0

47

0

4

2K

Tobi Weißhaar

@_kun_19

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users