Roland Hack @rolandhack6 - Twitter Profile

Windfall - Unauth RCE in Windmill & Nextcloud Flow (CVE-2026-29059) Path traversal to credential leak to root shell. No authentication required on any deployment type, including behind Nextcloud's proxy. Metasploit modules + full toolkit included. Also publishing a new technique for dumping PostgreSQL databases by reading heap files from disk. If you have filesystem access as root, you can extract every table without credentials or SQL access. Full binary parser with JSONB support. Write-up: https://t.co/ylSXW0dtmn PG heap dump technique: https://t.co/Se2dQJ761r PG heap dump tool: https://t.co/E95f12mVZF Exploit toolkit + labs: https://t.co/5dtsSR6Jvn

Chocapikk_'s tweet photo. Windfall - Unauth RCE in Windmill & Nextcloud Flow (CVE-2026-29059)

Path traversal to credential leak to root shell. No authentication required on any deployment type, including behind Nextcloud's proxy. Metasploit modules + full toolkit included.

Also publishing a new technique for dumping PostgreSQL databases by reading heap files from disk. If you have filesystem access as root, you can extract every table without credentials or SQL access. Full binary parser with JSONB support.

Write-up: https://t.co/ylSXW0dtmn
PG heap dump technique: https://t.co/Se2dQJ761r
PG heap dump tool: https://t.co/E95f12mVZF
Exploit toolkit + labs: https://t.co/5dtsSR6Jvn

2

159

52

78

19K

Roland Hack @RolandHack6

2 months ago

@Chocapikk_ Well done bro 👏

1

2

0

331

Who to follow

Cybastion

@cybastion

Cybastion is an American technology company that delivers world-class cybersecurity and digital solutions to accelerate digital transformation in Africa.

𝑨𝒖𝒃𝒆𝒓𝒊𝒊𝒄 👑🇧🇯

@auberiic

Security Analyst.. || ethical hacker || love food as well as networking😋😋||

Hlucas

@Htchedem

Roland Hack @RolandHack6

3 months ago

@_vielite_ @Hacker0x01 Thank you 😊

0

89

Roland Hack @RolandHack6

3 months ago

Yay, I was awarded a Х,000$ bounty💰 on @Hacker0x01! https://t.co/sU1EFvioS9 #TogetherWeHitHarder

5

94

0

5

2K

RolandHack6 retweeted

Renwa @RenwaX23

3 months ago

I think I have completed client-side security , just one report: Self-XSS -> Drag-Drop Payload -> Scroll-To-Fragment -> Unchecked postMessage Listener -> Text Injection -> DOM-XSS -> OAuth State Misconfiguration -> Cookie Bomb -> Account Takeover https://t.co/xQmtZE5At0

RenwaX23's tweet photo. I think I have completed client-side security , just one report:

Self-XSS -> Drag-Drop Payload -> Scroll-To-Fragment -> Unchecked postMessage Listener -> Text Injection -> DOM-XSS -> OAuth State Misconfiguration -> Cookie Bomb -> Account Takeover

https://t.co/xQmtZE5At0 https://t.co/wxDycPJWch

11

443

58

254

20K

Roland Hack @RolandHack6

4 months ago

@H1imtheking @Hacker0x01 Welcome bro 🔥

0

2

0

63

RolandHack6 retweeted

Hussein Daher

@HusseiN98D

4 months ago

Rule number 1 in Bug Bounty is only hack targets you enjoy hacking

6

241

12

15

8K

Roland Hack @RolandHack6

4 months ago

@moodiAbdoul @Hacker0x01 Congratulations bro 👏

1

0

57

RolandHack6 retweeted

obscaries ❘ AppSec @obscaries

4 months ago

https://t.co/zKBdyes6sr

1

90

24

121

20K

Roland Hack @RolandHack6

4 months ago

@Krevetk0Valeriy 😂

0

75

Roland Hack @RolandHack6

4 months ago

@John_Matthew_T Amen 🙏

0

24

RolandHack6 retweeted

dawgyg - WoH

@thedawgyg

5 months ago

@zseano people always asking what tools we use... then don't believe us when we say only Burp proxy + Intruder + Repeater lol

6

117

3

21

5K

RolandHack6 retweeted

pashov

@pashov

5 months ago

People thought security researchers are about to get "automated" Meanwhile hacks on vibecoded projects disregarding security are at a peak Skilled Security Researchers once again are worth their weight in gold

10

115

2

12

4K