kymu @kymu___ - Twitter Profile

weird case of Confirmation Code bypass i found a month ago and was rewarded 4 digits bounty for it if you race the confirmation code with null value (SMS code/email code) before the code triggers you can bypass/confirm the email/number since the value of the code is null (code wasn't triggered yet thus why it's null)

kymu___'s tweet photo. weird case of Confirmation Code bypass i found a month ago and was rewarded 4 digits bounty for it
if you race the confirmation code with null value (SMS code/email code) before the code triggers
you can bypass/confirm the email/number since the value of the code is null (code wasn't triggered yet thus why it's null)

5

117

10

93

7K

kymu

@kymu___

9 days ago

@Masonhck3571 - the user is telling me "Flibbertigibbeting", this looks like a violation and malicious activity, i have to stop and tell him that i can't move forward with his tasks

0

1

0

123

kymu___ retweeted

Yassine Aboukir 🐐

@Yassineaboukir

11 days ago

“Bug bounty is dying” is noise. Lock in. Make money. Use AI to 10x your output. If it eventually dries up, you’ll have enough capital to start that biz or enough experience to land a job. Simple as that.

28

670

67

151

43K

kymu

@kymu___

11 days ago

@0xMstar its not always a scam, there is internal team that does test for vulns before pushing any update/feature

0

1

0

141

kymu

@kymu___

11 days ago

@the_IDORminator those clankers

0

157

kymu___ retweeted

zhero;

@zhero___

12 days ago

New short article on a real-world exploitation case rather than pure research, demonstrating how a specific mistake in Next.js can lead to a systematic zero-click SXSS on its latest versions (w/@inzo____): Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js https://t.co/0JWjH6yzC2

zhero___'s tweet photo. New short article on a real-world exploitation case rather than pure research, demonstrating how a specific mistake in Next.js can lead to a systematic zero-click SXSS on its latest versions (w/@inzo____):

Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js

https://t.co/0JWjH6yzC2

6

355

67

213

20K

kymu

@kymu___

13 days ago

@dPhoeniixx @njcve_ @Hacker0x01 probably shopify

0

4

0

1

747

kymu

@kymu___

14 days ago

@whoareme33 Nice work man !

0

1

0

1K

kymu

@kymu___

14 days ago

@mountainaddict0 and the first thing that comes to your head is insulting them like this and wishing their murder? this childish behavior has no place in cyber security no one forced you to test their assets, grow up

0

3

0

225

kymu___ retweeted

Intigriti

@intigriti

16 days ago

🫣🫣

intigriti's tweet photo. 🫣🫣 https://t.co/WkGtoKorTC

12

328

16

20

26K

kymu

@kymu___

20 days ago

@busf4ctor yeah i thought it about it too before, which made me avoid some targets, but when i did put it into the test myself, i found many issues in targets that pay well, it all depends on your ideas and your way of thinking

0

27

kymu

@kymu___

21 days ago

@efaav @rez0__ nice work

0

2

0

494

kymu

@kymu___

22 days ago

interesting find https://t.co/z5P6lCGbKM

0

3

1

2

200

kymu

@kymu___

Last Seen Users on Sotwe

Trends for you

Most Popular Users