Olivia
Online
Singh Aditya
@linuxadii
Bounty hunter
Joined June 2024
627 Following
43 Followers
1.4K Posts
🚨 $3,000 TikTok Bug Bounty 🤑🔥
An IDOR let a researcher tag themselves on a TikTok artist's video, earning a $3,000 bounty. 👀
📖 https://t.co/ni9fIFA79b
👉 Join team 👉 https://t.co/FeMz53HSN0
Big #Bugbountytip / #bugbountytips
Google Services Hunting
Google services are amazing, and for bug hunters, it's amazing as well. In some cases, you can get some P1-P2-P3 from these services, such as
Workspaces / Sheets / Groups / Drives / Etc...
In groups: you can access emails / internal data/ credentials
In Sheets, you can access PIIs / Edit access
In Drive: you can access backups/ PII / Etc...
still hard to find and
It was an issue how to make good and at the same time fresh dorks for bug bounty programs
Then I found out that a lot of links have the same path, and it was like this
All Google resources I've found
https://t.co/2SixYDAKvE
https://t.co/tbE8WaX9CX
https://t.co/5D7Clds9cH
https://t.co/OfodYVKOk0
https://t.co/ZyA0JFkax4
https://t.co/mhIbyMF03b
https://t.co/QwByRWofh8
https://t.co/vAwAEX8KxI
https://t.co/4y1UMeZdq7
https://t.co/u7mOVPnus3
https://t.co/V9ALsFoqP9
https://t.co/2eLIaEPCGm
https://t.co/VxllqvwT6n
https://t.co/c1vkp8YrBt
https://t.co/2EkMSEUpIt
UrlScan Dorking:
page.url:"https://t.co/qb3s3f8koJ*"
page.url:"https://t.co/BNLIA1rXht*"
You can replace * => the program domain
Google Dorking:
site:https://t.co/qb3s3f8koJ* "inurl:/a/"
Or for specific domain
site:https://t.co/qb3s3f8koJ* "inurl:/a/domain.com"
GitHub Dorking:
"https://t.co/qb3s3f8koJ"
Or for a specific domain
"https://t.co/FKHqr19e0o"
Shodan Dorking:
"https://t.co/3vQLeWEs54"
Web Archive
https://t.co/c8tGyvVlH7
Don't forget:
It's not just https://t.co/pbqxKC9P4s
still you have to look for docs/groups/mail/drive/spreadsheetsX
still working in Google Research and will add more and more soon ......
Happy Hunting♥
#bugbounty
@mehrabopi33500 Congratulations 🎉
🚨 New blog post: CSPT Forced Post Deletion
I wrote about a real-world authorization issue where improper access control allowed an attacker to delete posts they should not have access to.
Full writeup 👇
https://t.co/Xxk2bicDHj
#BugBounty #WebSecurity #CyberSecurity
From failures to $32,000 — I’ve shared my complete bug bounty journey.
The write-up also includes the PoC for a GitLab IDOR bug.
https://t.co/ymad1a5TPo
#bugbounty #pentesting #bugbountytip #cybersecurity #hackerone #ethicalhacking #reports #bounty #bugbountytips
Exploiting an API Endpoint Using Documentation by Praditya Arga
https://t.co/KUZ4UKWcpz
#bugbounty #bugbountytips #bugbountytip
Another OSM Writup: Client-Side Path Traversal (CSPT):
https://t.co/rtQukHpaeg
@Magn4_
#bug #bugbountywritup #bughunt #cspt #clientsidehacking
Cracking SameSite for a $2,000 Web Cache Deception
https://t.co/jmmJ2FmZFg
#bugbounty
$1,500 Recon Secrets: Dorks to Dollars
https://t.co/zCP69OhuA7
A $3,250 OAuth Crit. This was so basic, surprising how no one found it on the main site.
The team recognized it and fixed it in 24hrs.
Taking my time to finish the writeup. For now, you can read my:
$2,000 web cache deception: https://t.co/CAxfKAC0eP
One of the most important lessons that I have learnt is that whenever you are making some important decisions in life be very carefully to choose. Specifically when you say ‘YES’ to things. Decisions will impact your life very much.
New write-up 🚨A seemingly harmless Android deep link turned into a full account takeover vulnerability. By chaining insecure deep-link handling with automatic session propagation, a victim's account could be compromised with a single click. Sometimes the most dangerous bugs hide behind "convenience" features.
Read more: https://t.co/yi4JfkikAX #BugBounty #AndroidSecurity #MobileAppSec
@cryptoshan484 It will probably be XSS because MSRC mostly gives bounty for that.
@cryptoshan484 It's a web application vulnerability or os vulnerability?
How I Made Over $72,000 From a Single Private Bug Bounty Program Without Chasing Hundreds of Targets
https://t.co/GiXp6o9tkT
$2,200 Zoho Bug Bounty 🤑
Zoho Account Takeover: How a Single Click Can Lead to Full Control over your Zoho account by Abdalla Ali 🤯🔥
👨💻 Abdalla Ali (x/abdallaEg1)
🔗 https://t.co/Imv7chkDac
🔗 https://t.co/BqauJGCaTo
🔗 https://t.co/OFghVH9WMp
🔗 https://t.co/FeMz53HSN0
Last Seen Users on Sotwe
helda
Seen from Malaysia
Cleo✨ 
Seen from Mexico
热播短剧 🔥 每日更新
Seen from Thailand
Kakeru
Seen from United States
Türk Porno | AYGÜL
Istri binal
Seen from Thailand
❌INNOCENT ❌
Seen from Pakistan
Harynny Oliveira
Seen from Italy
淫妻lvnu(0553)绿奴男娘
Seen from United States
JILBAB PREMIUM POOP
Seen from Malaysia
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers