Olivia
Online
Oki
@oshackx
OSCP | InfoSec Enthusiast
Joined December 2019
77 Following
1 Followers
17 Posts
Pinned Tweet
https://t.co/pnkvgGeiun
Protecting personnel from harm should always be the most important goal of any security.
Lesson learned :
- If you want consistent income, bug bounty might not be the best fit (in my opinion).
- Don’t take it personally. Even if you’re sure your report has a security impact, the final decision is up to the program owner.
- Just submit it, move on, and forget it!
Bug bounty is unpredictable.
Here’s my real story:
2023:
- Submitted the report
- Closed as “Informative”
2026:
- Reopened 🙂 (I almost forgot what the report even looked like)
- Triaged
- Received a bounty reward
Thanks pak.. 👍🏻
Dont let me in... 😁
From rate-limit to ATO.
TLDR; Broken authentication - exploiting reset passwd endpoint.
Tips: Coloring your POC script to looks like 1337 hackrzzz and showing the greater impact for client. 😅😊
I'm using projectdiscovery data to built bounty search target test with typesense.
Here are some of the things i'm interested in
- lightning fast
- search-as-you-type
- highlighting
- auto-correction
✌️
who said "there is no free lunch"? i gave this critical bug for free.. 😉
Payload: '%20or%20sleep(10)%3d'
No boring alert() anymore, just cat!
2022 will end, and its still there.. 😅 Valid SQLi, and see so many interesting tables.. What will you do next..?
- Directory bruteforcing
- Found .zip file, containing backup apps.
- Found credentials in config.php file.
- Try to login admin panel with it. Success! Apps compromised!
Escalating:
- Try to login creds for ssh also works! and it has root priv.
Game over!
Bismillah,
Pentest story : How i fully compromise server with root access. Easy way!
TLDR; its like play vulnhub / CTF machine but in real world :)
Adding cookie path restriction.
Bismillah.. Extracting some informations from Web Application Hacker Handbook, Chapter 7 - Attacking Session Management. I hope this is useful
Easy ATO!
My mom when I told her to chews a secure password... #ItTakesACrowd
Last Seen Users on Sotwe
doubledd
Seen from Malaysia
Stephen
Seen from Vietnam
roza
Seen from Indonesia
brazzers
Seen from Turkey
incesto de mama e hijo
Seen from Guatemala
Çift ve AP
Seen from Turkey
Arabian Masters
Seen from United Kingdom
اعــ ــشــق الطــ ــيــ ــز الكــــبيرة
Seen from Egypt
คู่บ้านๆสกล
Seen from France
AZGIN LİSELİ
Seen from Turkey
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers