Olivia
Online
TANUJ JANE
@tanujjane
Nagpur, India
Joined December 2009
995 Following
431 Followers
1.2K Posts
🚨 KNOXSS GIVEAWAY July 2025
✅ Follow us
✅ Like and share this
🎁 Prize: KNOXSS Pro for 1 Month
🏆 Results: July 7th (3 winners)
Want to find some vulns?
Get one of our plans and test for #XSS consistently.
Sign up now! 😀 https://t.co/3sWDgbecCH
#BugBounty #PenTesting
I think @Burp_Suite pro version is one of the most powerful content discovery engine's on the market to date for a very simple reason
It can do both content and directory brute forcing ... recursively :o I know not everyone can fork out the subscription fee though :3 so I made the next best thing!!!
- Recursive content discovery
- Directory AND file brute forcing
- CLI mode for integrations in your workflows!
https://t.co/ewglMado92
@flipkartsupport I checked your DM — you just refunded the amount.
And that’s the solution? I received fungus-infected vegetables, and all I get is a refund?
No explanation, no accountability, no quality assurance?
@flipkartsupport @Flipkart this isn’t acceptable.
@FDA_MAHARASHTRA @fssaiindia
Just ordered vegetables from @FlipkartMinutes and received a ladyfinger covered in fungus! 🤢
Seriously, @Flipkart — this is supposed to be quick and fresh, not fast and foul.
Unacceptable!
@fssaiindia @Flipkart @flipkartsupport @FDA_MAHARASHTRA #FlipkartMinutes #FreshFail
@flipkartsupport Please check your DM
when you are looking for bugs like SSRF & Open Redirect.
and there is a blacklisted character.
try to bypassed using other Unicode characters.
I found Open Redirect Bypass Using (。) Chinese dot "%E3%80%82".
poc: redirect_to=////evil%E3%80%82com
#BugBounty #bugbountytip
Top 14 API Security Practices
>Rate Limiting
>Authentication
>Authorization
>Encryption
>Web Application Firewall
>Intrusion Detection System
>Data Sanitization & Input Validation
>IP Whitelisting
>Error Handling
>Token Expiry
>Use of Security Standards and Frameworks
headerpwn: A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers
Useful for uncovering following behaviors:
- Header based access control issues
- 403/401 Bypasses
- Detecting anomalies when certain special headers are present
- Header based cache poisoning denial of service issues
- Debug information disclosure when certain headers are present
- etc.
GitHub 🔗 : https://t.co/pm3pAvRs1R
CVE-2023-20073 - Arbitrary File Upload and Stored XSS
PoC: https://t.co/KiXFE6zLJN
Write-up: https://t.co/Iiqvums8HB
Vendor Advisory: https://t.co/MWJXMCLLtq
#infosec #vulnerability
CVE-2021-40875 POC
1- go to : https://test. com/files.md5
2- this path show you all files in servers
3- you should found this file /db/sqlsrv/full.sql
4- file have Sensive data & Clinet id & secret
5- report it as High/Critical
#bugbounty #bugbountytips
"🔍 Scan Ports With ASN Using Naabu tool! 😎
Excited to do a port scan using ASN lookup 🌐🕵️♂️
#bugbountytips #bugbounty #bug
Here's how 👇:
APKLeaks
Scanning APK file for URIs, endpoints & secrets.
https://t.co/7dr8ozPMIf
#pentesting #infosec #bugbounty
https://t.co/tSOCYsukLc
🔎🔒Discover Web Vulnerabilities with Burp_Bug_Finder Extension In Burp🐛🌐
Burp_Bug_Finder is a powerful custom Burp Suite plugin written in Python.This tool simplifies the process of discovering web vulnerabilities, with a focus on XSS and error-based SQLi.
⏰ Want a one-liner that notifies you of any fresh domains (if they come up) to you each hour?
#3 ⬇️
> screen
> subfinder -silent -d {target}.com -o {target}
> while true; do subfinder -silent -dL {target} -all -nW | anew {target} | notify; sleep 3600; done
POC tip
1- fuzz target and found /files.md5
2- this file include all files path in server
3- found this path /db/sqlsrv/full.sql
4- this sql file have client ID & secret
#BugBounty #bugbountytips
DNS bruteforcing top level domains using dnsx 🧰
⌨️ dnsx -d example.FUZZ -w topleveldomains.txt -re
This is a quick way to generate a list of country specific domains ⏱
Install dnsx here 👉 https://t.co/RuT3e2qaj2
A Simple Tip for #bugbounty, But a Money Maker 🧐💸🫰
Before you finish your day of hunting:
search in all requests and check if the value is equal to `=https`.
-----------------------------------------
Request.Query CONTAINS "=https"
-----------------------------------------
By doing this, you can modify the URL after the parameter to find potential SSRF, XSS, Open Redirects, etc.
#BugBounty #bugbountytips
Last Seen Users on Sotwe
Tamanna Trisha
Seen from Netherlands
Nice Looks Vip HD
Seen from Egypt
asam
Seen from Oman
Oficial Thiaguitoox $3,75 
Seen from Argentina
ammah
Seen from Indonesia
ร่านเย็ด ขี้เงี่ยน ร่านควย
Seen from Thailand
Long62
Seen from Vietnam
Ale Williams ✨
Seen from Philippines
喜毛熊🐻
Seen from United States
Zehra
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers
✨
⭐
💫