Olivia
Online
Thamzhack
@thamzhack
Joined May 2021
1.3K Following
185 Followers
104 Posts
@PearceChen45 My first bounty on Hackerone. I have received bounties before on different platforms.
@bugoverfl0w Nope. On a private program
@payloadartist @sysdig I had this bypass with me for months. This one was a very simple WAF bypass as the WAF forgot to update the event-handlers from the Portswiggers Cheat sheet. They could have simply ran those even-handlers on intruder instead of the complicated fuzzing.
Who to follow
@xnl_h4ck3r @xssdoctor I have one target where the server gives a generic error for everything. Zero hints.
@bxmbn @amanmahendra_ Not true. I have had my 9k bug triaged by Adam. It's completely unrelated to XSS. Stop harassing Triagers.
I earned $500 for my submission on @bugcrowd https://t.co/7biigzcLcp #ItTakesACrowd
Sometimes, basic features are bugs waiting to be reported
@krishnsec @Bugcrowd Hi! On what basis they give swags? Points or Total bounty earned or P1 submissions ?
@irsdl Once you’ve reported something, erase the report from your memory and move on. Keep looking for more bugs while your first report is being worked on by the platforms. This is a good way to stay engaged and motivated while not obsessing on something that’s already been reported
The app was a collaboration based platform. It disclosed other teammates emails, their verification status, privileges(admin, manager and user) to anyone in the team. This design increased the impact of the bug.
This was an app-specific issue, when signing up, the app assigned an uuid for the email and sent an OTP. The verification endpoint took email, uuid and OTP as parameters. I supplied an already verified email's uuid and wrong OTP. It worked, allowing me to verify anyone's account.
@IAmMandatory I don't think it's possible on devices with locked bootloader but on a bootloader unlocked device you can do it with a custom recovery tool like TWRP.
@H4R3L @intlulz @VLobstein_ I was really impressed by your cache poisoning writeup. Someone of your calibre should never have been discouraged and it's truly bad it happened.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers