Olivia
Online
Ved Parkash
@v3d_bug
Curious to Learn
हरियाणा, भारत 🇮🇳
Joined November 2019
966 Following
1K Followers
6.1K Posts
Just published my first bug bounty write-up 🎉
How I Hacked a Live Chatbot and Earned My First $$$$ (4-Digit) Bounty.
Hope you find it helpful 👇
Link: https://t.co/k3v3XAWQPm
#bugbounty #cybersecurity #appsec
@WebSecAcademy advance version here: https://t.co/e5cNIzHomH
GET /media/..%2fprofile
What might happen when you send this request:
🟧 Cache sees /media prefix → caches the response
🟧 Web server decodes %2f → normalizes to /profile → serves dynamic private data
It’s called web cache deception. Learn here👇
https://t.co/rMYiJeNrTJ
New short article on a real-world exploitation case rather than pure research, demonstrating how a specific mistake in Next.js can lead to a systematic zero-click SXSS on its latest versions (w/@inzo____):
Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js
https://t.co/0JWjH6yzC2
The Most Dangerous OAuth Bug I’ve Ever Found
https://t.co/KlasUf0cXn
#BugBounty #bugbountytips #bug_bounty
命中缓存抄作业教程来了
注意!最好命中的就是OR和官key 中转站不同策略不同命中情况不同 理论上做了缓存的站子会很方便几乎和OR一样命中率 没有特意做的也能命中1-2W 但是也有概率会存在无法命中的情况 我个人常用的站子我都试过或多或少都是可以命中的 有些站子也不支持cache前缀会报错 可以根据不同站子的策略微调的 本篇就以最标准最兼容的OR来举例
超时或者调整提示词都是会命中失败的!!其他莫名其妙的情况也会失败 随缘就好
不需要一模一样照抄 可以根据自己情况修改
不过CC最近幻觉非常严重经常胡编乱造 一定要仔细核实盯住 避免钱包被背刺大出血
有参考小茹、梦梦、nw、cloudy等老师的教程和guagua OR命中缓存策略文档以及感谢其他老师的指点
总之是一份综合很多份资料下来比较符合本人使用习惯的一个教程 OR官方4.9W输入可以命中4.7W
https://t.co/F2SHBzmQ5O
Why hasn’t anyone ever mentioned the @praetorianlabs GitHub organization?
Their tools are like a goldmine for bug hunting.
🚨 Instagram still hasn’t patched the AI account reset mess
accounts are still getting stolen
new method is through Facebook recovery now ( don’t ask me in my dm)
Yesterday Obama today usadefense
I reported it no action yet
For research purposes I gave meta jailbreak ⬇️⬇️
😐😐
‼️🚨 BREAKING: Meta's AI feature let attackers hijack Instagram accounts for days with nothing but a username. It was being A/B tested on a slice of users, and if you were in the test, you couldn't turn it off. Among the casualties: the official Obama White House account.
The method: get on a VPN near the target's region, ask the Meta AI support agent to send a verification code to any email you control, relay that code back to the agent, and it hands over a password reset link. Without ID or human review. From there, the account is yours.
The flaw lived in the AI's logic layer, which acted on recovery requests with no real identity checks. One researcher compared it to the Roblox AI assistant exploit from days earlier, where you needed a target's billing info. Instagram was easier: the username and a regional VPN were enough and victims reported sessions revoked and passwords changed with no email, text, or push alert at all.
By the time it went public, the method was common knowledge in blackhat Telegram circles and had been used to allegedly hijack 100+ high-value accounts.
Accounts hit:
- obamawhitehouse (the archived official Obama White House account, ~2.4M followers. Hackers posted an AI-generated image captioned "The White House is under Shiites' control," plus cryptic anti-Trump and pro-Iranian Stories. Meta confirmed the hack and scrubbed it.
- Premium short handles like hey and jowo, worth over $1M combined, stolen and flipped on Telegram.
- albert (owned by Albert Renshaw), whose owner publicly reported being locked out and unable to reach Meta support.
Meta has since patched it. There was no public acknowledgment.
I found a $3,000 bug in an AI chatbot using prompt injection.
Video 👉🏼https://t.co/mGy3DRSZyp
Lab 👉🏼 https://t.co/Rq93gWgbTi
Web-Check is one of those tools worth bookmarking.
Drop in a domain and instantly get DNS records, SSL details, tech stack, security headers, hosting information, robots.txt, and more.
A great starting point for web recon.
🛠️ https://t.co/8gjMIYMpEj
#BugBounty #Recon #OSINT #InfoSec #CyberSecurity
Bug Bounty | Internal SSRF | $2,000
Found an Internal SSRF vulnerability
The ticketing integration feature (Jira, Zendesk, ServiceNow) accepted a user-supplied URL and passed it directly into a server-side request with zero validation. By replacing the URL with http://127.0.0.1:[PORT], I was able to enumerate internal hosts and ports unreachable from the public internet, one of which exposed a sensitive internal service (https://t.co/OEizQVPbxL)
Lesson learned: always test third-party integration fields. They are often overlooked but can make direct backend calls, making them a prime target for server side vulnerabilities.
#bugbounty #bugbountytips #ssrf
![Splint3r7's tweet photo. Bug Bounty | Internal SSRF | $2,000
Found an Internal SSRF vulnerability
The ticketing integration feature (Jira, Zendesk, ServiceNow) accepted a user-supplied URL and passed it directly into a server-side request with zero validation. By replacing the URL with http://127.0.0.1:[PORT], I was able to enumerate internal hosts and ports unreachable from the public internet, one of which exposed a sensitive internal service (https://t.co/OEizQVPbxL)
Lesson learned: always test third-party integration fields. They are often overlooked but can make direct backend calls, making them a prime target for server side vulnerabilities.
#bugbounty #bugbountytips #ssrf](https://pbs.twimg.com/media/HJlXa4nXUAUBkLr.jpg)
Latest Bug Bytes is live! 🚀
This month's issue is as usual packed with bug bounty tips:
✅ Earning $148K via RCE in Google Cloud
✅ How public Google API keys became Gemini credentials
✅ Our first official Burp Suite extension
✅ Two new bypasses for Chrome's Sanitizer API
✅ One-click account takeover from a sanitized name field
+ upcoming events & much more! 😎
Head over to our blog to read the latest issue! 👇
https://t.co/iLf2HIkY0H
Hey bug bounty hunters 👋Apache log4j is not dead. Before you skip Apache log4j targets in 2026 — read this : https://t.co/tJ5lHaoFcv
We documented exactly where, how, and how to report it clean.Drop everything and read:
#BugBounty #Log4Shell #BugBountyTips
JWTs are everywhere, but small implementation mistakes can turn them into serious security risks.
A good refresher on JWT attack vectors like weak secrets, algorithm confusion, token theft, and common validation flaws that every security researcher should understand.
Source: https://t.co/hPU8aCsW0d
#BugBounty #WebSecurity #AppSec #CyberSecurity #JWT #Pentesting #SecurityResearch #InfoSec
I injected {{7*7}} into a name field. The page said: "Hello, {{7*7}}"
Template not evaluated. I moved on.
🔴 That was a mistake.
The PDF generator rendered it 3 minutes later. DNS hit. Jinja2. Internal IP. P1.
Here's what I missed — and how to never miss it again: https://t.co/rmvBnJpypp
#BugBounty #AppSec #CyberSecurity #Hacking #Pentest #bugbountytips
6 resources to delve more into SQLi exploitation! 🤠
A thread! 🧵 👇
Found a cool bug at Meta.
From misconfigured Grafana instance to R/W access on 507 private Meta repositories.
Wrote up the full chain here:
https://t.co/LYQ0prc68d
$157k bounty awarded by @metabugbounty
Two useful writeups I recently published:
1. Zero-Click ATO via Self-Stored XSS + WAF Bypass + IDOR
🔗https://t.co/uer6ZK7VnE
2. Chained Two Logic Flaws to Break a Ticketing System
🔗https://t.co/2DSAaufeMj
Enjoy reading, and happy hacking
#bugbounty #cybersecurity
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers