Olivia
Online
6
@bev_ben
Christ is king
Joined January 2024
555 Following
24 Followers
157 Posts
@BentleyAudrey 21 years?
Wtf
Y'all expired already fr
@Shabosec A security company full database was exposed
I noticed they do not have a bug bounty program so I sent mail to all their public contacts.
Till today, none of em respond
@spaceboy2O Thanks boss
2000: I lost my mom to cancer
2001: I found out I was adopted
2002: I started doing drugs
2004: I started playing football
2007: I battled depression
2010: I went to college
2012: I met my future wife
2018: I became a father
2020: I was in $30k credit card debt
2021: I started a Twitter account
2022: I made my first dollar online
2023: I quit my job and went all in
2024: I hit my first $1M year
2025: I will hit my first $2M year, move into our dream home, and continue to pursue a life of meaning
The one thought I had the entire time was that the only person who could get me out of this is myself
Don't ever give up on yourself
These things take time
bug bounty is simple: identify the rules, break them
"There are several dumb triagers (who got in because they took referrals from friends and such)"
This is what i am talking about, know a friend that need a job? just refer them hahah
Referrals are bullshit, there are many talented people who submit resume and yet they prioritize recruiting dumb people just because their "employee" referred.
I hope companies do something about such people, filter them out and replace them with deserving candidates.
@0xpaier Congrats mate
Yay, I was awarded a total of $5,500 in bounties on @Hacker0x01! https://t.co/unepjTWUuT
Vulnerabilities Found:
1. Privilege Escalation (Trial User → Platform Admin)
1. While reading the site's JavaScript files, I found an API endpoint and noticed it accepted an "author" parameter in the request body.
2. The JS hinted that the "author" value was used to identify who the request belonged to — and that this value needed to be an admin's email for certain actions.
3. I collected 15–20 employee emails through public sources (OSINT).
4. I tested them one by one as the "author" value. One matched a platform admin account, and that request was accepted.
5. Using that admin's email as "author" along with my own account ID, I changed my account "plan" from "trial" to "internal". The request went through, and my role was updated.
6. Root cause: the endpoint was authorizing the request using a value from the request body instead of the role from the user's authenticated session.
2. SSRF → Cloud Metadata Credential Exposure
1. The app had a feature that fetched user-supplied URLs from the server side.
2. Confirmed by pointing it at a public echo service — the response showed a cloud server IP, not mine. The server was making the request.
3. The URL filter blocked the metadata service IP in its standard dotted form, but didn't normalize alternate representations. Converting the same IP to its decimal form bypassed the filter cleanly.
4. From there, the standard two-step metadata flow worked: first request returned a session token, second request used that token to return temporary instance role credentials.
5. Root cause: block-list URL filtering without IP normalization. A single canonicalization step on the resolved address would have caught this.
3. IDOR Exposing 285,000+ Customer Invoices
The invoice download endpoint used sequential IDs with no ownership check. Changing the ID returned other customers' invoices.
4. IDOR Enabling Cross-Tenant Audit Log Manipulation
A "log move" endpoint trusted client-supplied IDs, which allowed moving log entries across tenant boundaries and tampering with audit history.
5. Unauthenticated Path Traversal
A public endpoint accepted file paths without sanitization, allowing partial file reads across the platform with no authentication required.
Key lessons:
→ Never authorize based on request-body fields. Use the session/JWT role.
→ URL-fetch features need allow-lists, and must normalize alternate IP forms.
→ Sequential IDs are fine; missing ownership checks are not.
→ "Unauthenticated" doesn't mean "untrusted input is safe."
#bugbounty #securityresearcher #ethicalhacker #cybersecurity #vulnerability #penetrationtesting #securityaudit #digitalsecurity #tech #innovation #hackerone #freelance #freelancer #pentester #ssrf #idor #privilegeescalation #pathtraversal #appsec #infosec #TogetherWeHitHarder #bugbountytips
Use pentest kit extension by owasp if proxy connection is blocked.
Pretty same as burp to me
One of my biggest flex is, I can survive without any form of modern technology.
@Dz10Chiheb How did u bypassed this bro
I have been struggling with myphpAdmin since 2 days ago
@shivangmauryaa dude i submitted this same thing on hackerone and they closed it as info
@theXSSrat Am not the only one haha
@Tur24Tur Nice catch bro
@igbaisaacA Happy birthday big bro
@zseano Already a farmer
I will invest every penny i have in it and continue
@0X20MAR Bro, I submitted a privileged escalation issue 4 times before it was accepted.
They kept closing it as N/A without reviewing
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers