Kanishk Dadhich

@whotfbunny

noob hacker

India

Joined August 2022

110 Following

73 Followers

115 Posts

Kanishk Dadhich @whotfbunny

about 21 hours ago

I was about to close Burp Suite when one API request caught my attention. Booring --> PII leak it was that big transition Go and read my new article and give your opinions 👇 Full write-up https://t.co/455udBDy3b #BugBounty #AppSec #WebSecurity #IDOR #API #SecurityResearch @theXSSrat

0

53

9

50

3K

Kanishk Dadhich @whotfbunny

3 days ago

"Random" doesn't always mean "secure." A UUID in a URL turned into a security finding that taught an important lesson about authentication design. Wrote about the discovery process here 👇 https://t.co/q1HFjXqhtd #BugBounty #SecurityResearch @theXSSrat @bugbountywizard

0

11

0

9

797

Kanishk Dadhich @whotfbunny

11 days ago

If you're in tech and don't understand OAuth 2.0 flow — start now. It's the auth standard powering nearly every major company's login system. Non-negotiable knowledge. 🧵 #appsec #bughunters

0

1

0

0

55

Kanishk Dadhich @whotfbunny

13 days ago

@theXSSrat Thankyou

1

0

0

0

79

Kanishk Dadhich @whotfbunny

14 days ago

Finally I am publishing my first medium article pls go and read and give your thoughts on: “From Self-XSS to Account Takeover: How I Turned a Low-Severity Finding into a Critical…“ by Kanishk dadhich on Medium: https://t.co/jct581TbHT @theXSSrat

1

117

9

88

6K

Kanishk Dadhich @whotfbunny

14 days ago

@bugbountywizard It's a result of crusity. Exceptional finding Keep growing brother

0

1

0

0

144

Kanishk Dadhich @whotfbunny

15 days ago

@theXSSrat Thanks for showing your love.

1

2

0

0

26

Kanishk Dadhich @whotfbunny

16 days ago

Broken Access Control is like hide and seek — it can hide anywhere. Found a case where a low-privileged user could access an admin-only export API and download org membership data containing PII + metadata. No download button existed in the UI 👀 #bugbounty #appsec @theXSSrat

0

6

0

4

2K

Kanishk Dadhich @whotfbunny

17 days ago

If you are in bugbounty then repeatedly ask yourself "what is it" and "what if". Most impactful findings come from curiosity, not payload lists. #BugBounty #CyberSecurity #InfoSec #EthicalHacking #BugHunter #AppSec #Pentesting #SecurityResearch

0

1

0

0

132

Kanishk Dadhich @whotfbunny

21 days ago

🐛 Found an XSS that escalated to full Account Takeover!What started as a simple injection turned into complete Admin account compromise 🔥Never underestimate low-severity findings 👀 #XSS #AccountTakeover #BugBounty #InfoSec #WebSecurity #CyberSecurity #BugBountyTips

Kanishk Dadhich @whotfbunny

21 days ago

It's is so frustrating when you got xss but can't show the impact because it's self xss. I tried a lot to chain ⛓️ but didn't work #hacker #bughunter #storedxss #securityresearcher

0

2

0

0

271

0

6

0

0

218

Kanishk Dadhich @whotfbunny

21 days ago

It's is so frustrating when you got xss but can't show the impact because it's self xss. I tried a lot to chain ⛓️ but didn't work #hacker #bughunter #storedxss #securityresearcher

0

2

0

0

271

Kanishk Dadhich @whotfbunny

22 days ago

@theXSSrat Php upload on server executing xss and content hosting I found this same bug on 2 sub domains of my target site

0

1

0

0

63

Kanishk Dadhich @whotfbunny

22 days ago

I just found same vulnerability on different sub domain leads to sorted xxs and content hosting 🥳 #Hackers #bugbounty #securityresearch @theXSSrat

0

1

0

0

2K

Kanishk Dadhich @whotfbunny

23 days ago

Hey hackers👋 How do you Pentest/Bughunt on Salesforce applications, also any good resources for it?

0

1

0

0

35

Kanishk Dadhich @whotfbunny

23 days ago

Thought I was testing a review feature. Actually found a file upload issue that turned user-generated content into attacker-controlled content hosting. Small feature. Bigger impact. Lesson: Never underestimate file upload functionality. #CyberSecurity #BugBounty #Security

whotfbunny's tweet photo. Thought I was testing a review feature.

Actually found a file upload issue that turned user-generated content into attacker-controlled content hosting.

Small feature. Bigger impact.

Lesson: Never underestimate file upload functionality.

#CyberSecurity #BugBounty #Security https://t.co/UeOdqqHveR

whotfbunny's tweet photo. Thought I was testing a review feature.

Actually found a file upload issue that turned user-generated content into attacker-controlled content hosting.

Small feature. Bigger impact.

Lesson: Never underestimate file upload functionality.

#CyberSecurity #BugBounty #Security https://t.co/UeOdqqHveR

whotfbunny's tweet photo. Thought I was testing a review feature.

Actually found a file upload issue that turned user-generated content into attacker-controlled content hosting.

Small feature. Bigger impact.

Lesson: Never underestimate file upload functionality.

#CyberSecurity #BugBounty #Security https://t.co/UeOdqqHveR

whotfbunny's tweet photo. Thought I was testing a review feature.

Actually found a file upload issue that turned user-generated content into attacker-controlled content hosting.

Small feature. Bigger impact.

Lesson: Never underestimate file upload functionality.

#CyberSecurity #BugBounty #Security https://t.co/UeOdqqHveR

1

1

0

1

78

Kanishk Dadhich @whotfbunny

24 days ago

I found an exposed django administration panel. But I got no clue how to exploit #bughunters #bugbounty

0

1

0

0

44

whotfbunny retweeted

The Cybersecurity guy

about 1 month ago

This video contains the main methodologies attackers use to hack Wordpress websites

4

2K

206

2K

67K

Kanishk Dadhich @whotfbunny

about 1 month ago

@_xploiterr That's a nice finding bro. How much time it takes you to get

1

1

0

0

104

Kanishk Dadhich @whotfbunny

about 1 month ago

@Be5Lmt @or4nge16hehe That's just crazy finding bro

0

2

0

0

283

Last Seen Users on Sotwe

Trends for you

Most Popular Users