Olivia
Online
PARIKSHIT PINGLE
@paresh_pingle
Do smart work, not hard work 😎😎
Pune, India
Joined July 2015
308 Following
207 Followers
434 Posts
Android app vulnerabilities for bug bounty hunters
Here’s a thread to guide you through common vulnerabilities, how to find them, and some examples to kickstart your journey.
Let’s level up your skills! 🧵
#BugBounty #AndroidSecurity #CyberSec #cybersecurity #EthicalHacking
Arjun + Piper + Knoxnl + @KN0X55 = XSS
cc: @xnl_h4ck3r @KN0X55
Found a path for creating address.
Used Arjun for finding parameters
Used Knoxnl + Piper + Knoxss API key
Found Reflected XSS, Escalated to Account Takeover.
Chat GPT is a cash machine
But most people don’t know how to make more than $6,200 a month with it
Here are my 4 simple steps to do it ↓
Use #ProxyChains to trick #WAF. I was working with @jayesh25 yesterday on an SQLi and had trouble with the WAF. However, by using ProxyChains, I successfully bypassed it WAF. Make sure you know how to configure it correctly and use good proxy lists.
#bugbountytips #SQLi
Find Easy XSS during your recon process beginners guide #bugbounty #bugbountytips https://t.co/53Nyjn0LNX
#BugBounty #bugbountytips #bugbountytip #blindxss
This script can crawl the website and find URLs that contain HTML Forms. Very useful for me to find Forms for Blind XSS.
https://t.co/CgioRiHF2k
Great weekend on H1 @Hacker0x01
Found /.git/config while fuzzing ( medium )
used GitTools : https://t.co/a0DhwhXhpZ to dump whole .git directory form server
Found DB creds in dumped files which are not accessible directly ( Critical )
#bugbountytip #bugbountytips
@krishnsec which automated tool is it ?
“My First Account Takeover Via Password Reset Poisoning” by cyberpro151
https://t.co/4ybbUhyFqH
“Shodan - “Unauthorized access to setup panel”” by mo9kHu93r
https://t.co/FOnTlVgpAr
“How I Discovering the Origin IP In Bug Bounty — Bug Bounty Tuesday” by kerstan
https://t.co/3dQRCKmKBj
XSSHunter-go by @AdamJSturge 🚀
📲 Sends notifications to Slack, Discord, Telegram, and 18 other options
https://t.co/TQ94LYa3KZ
How I found my first RCE on Bentley in 2020
Give it a read, Maybe you will learn something new.
https://t.co/ra4DKKmTOI
#bugbountytips #bugbountytip #BugBounty #cybersecuritytips #TogetherWeHitHarder #pentest #pentesting #CyberSecurity #appsec
When you are hunting for blind XSS. Go to forget password and add admin@company .com and add your blind XSS payload on the header.
Easy way and it will logged on admin log, if he checked his account you will exploit his account.
#bugbountytips
Finding origin IP is super useful to test for vulnerabilities when there's a WAF protection.
Here’s how you can find Origin IP 👇
#bugbountytips #bugbounty
Automation Hacks: Unearthing a Critical RCE the Easy Way
https://t.co/WVXxpj6s83
Here's how fast the #KNOXSS API can reply with a FULL PoC, ready to be reported!
Just 1 second 🤩
in the classic TestPHP VulnWeb search page!
curl https://t.co/T3tFrmW0oA -d "target=https://t.co/dUJaLdu8dC" -H "X-API-KEY: exxxxxx3-0xx9-4xxc-9xxe-6xxxxxxxxxx6"
Try it yourself!
And yes, Jenkins CVE-2024-23897 was accepted !
Tip: Always use shodan to search for CVES.
here is the shodan query -> product:Jenkins -"2.442"-"2.426.3" then use @h4x0r_dz POC
#BugBounty #vulnerabilities #rce #bugcrowed #bugbountytip #bugbounty #CVE #security #Jenkins
8 one-liner commands to make your bug bounty life easier 👇
Slides of my talk in bsidesodisha
about
•Build your setup for hunting
Tools , Extensions , Etc…
• Quick Orwa Methodology 2023
• SQL Injection
• and for sure #bugbountytips
https://t.co/CJY6VgUKP2
feel free to ask about anything in comment and will try explained ❤️❤️
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers