Hein Thant Zin

@_heinthant

Bug Bounty Hunter . Sometimes Play CTF.

Vrijeme pridruživanja: ožujak 2018.
Rođen/a 2000.

Tweetovi

Blokirali ste korisnika/cu @_heinthant

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_heinthant

  1. Prikvačeni tweet
    21. pro 2019.

    Got my first remote code execution on bug bounty program.Nothing is more beautiful than...... Tip? Just keep scanning for hidden directory until you found something else.

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    prije 1 sat

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  3. proslijedio/la je Tweet
    26. kol 2018.

    Good Test case for SQLIi “Bypassing Email Filter which leads to SQL Injection” by

    Poništi
  4. proslijedio/la je Tweet
    30. svi 2019.

    If you see PUT method. Don't worry! Change PUT to POST and try for CSRF. Sometimes this happens :

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    prije 4 sata

    Hey bug hunters! Want a look at some of the top vulnerabilities ever found on ? They just released the last blog post I wrote before leaving. Enjoy!

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    prije 6 sati

    Takeover story of repo 1.A site having github logo 2. Example: Click on logo it'll show you git repo() 3. In my case , It was 404 Main part 4. Created git account with name of company , So it was like Successful takeover

    Poništi
  7. proslijedio/la je Tweet
    prije 10 sati

    Today, we are launching , a series of interviews with hunters. In our first edition, we are discussing logic flaws and with ! 🐸 Who would you like to see interviewed next? Leave a comment! 👇

    Poništi
  8. proslijedio/la je Tweet
    28. ruj 2018.
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet

    You can check WPEngine's config file on the WordPress blogs. Path: "/_wpeprivate/config.json"

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    23. stu 2019.

    decompile android app. and go to : Resources > resources.arsc > res > values > strings.xml search for *.firebaseio.com in xml file. ,and open browser try https://*.firebaseio.com/.json , you might find read access to database there. .

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    10. stu 2019.

    Sometimes we have to do the impossible. SQL'Injection Attempt from Remote Site With this method: XSS, SQL'i, CSRF attacks can be done. Failure to filter the data from the remote source leaves open doors for such attacks.

    Poništi
  12. proslijedio/la je Tweet
    16. ruj 2019.

    [Tip] Create many accounts with one email :D A lot of web apps treat example@gmail.com and e.xam.ple@gmail.com as different emails but actually the emails sent to e.xam.ple@gmail.com will be received by example@gmail.com because gmail considers them the same email address.

    Poništi
  13. proslijedio/la je Tweet
    28. sij

    Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    28. sij

    I always had a hard time finding writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute! 🎉

    Poništi
  15. proslijedio/la je Tweet
    28. sij

    This is a summary for what i discussed with in our latest stream about my recon process, that will be easier for you as you might mess some when you watch the video later on. Thanks Ben, what you do for community is dope

    Poništi
  16. proslijedio/la je Tweet
    21. sij

    Opensourcing another project from team , Simple and Fast port scanner with handy features to use with another tool in your recon pipeline. Link to project:-

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    17. pro 2018.

    New write up - "Reading ASP secrets for $17,000" - the really fun process of exploiting local file disclosure 🧐

    Poništi
  18. proslijedio/la je Tweet
    13. sij
    Poništi
  19. proslijedio/la je Tweet
    9. sij

    I've just published my research on the Two Factor Authentication security subject . I had fun and enjoyed writing this one, hope you'll enjoy reading! Have a good read! 🙂

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    10. sij

    Yo hackers! I've built a small website that has some challenges. 🔗 The main challenge for the week is `WW3` All upcoming challenges will be hosted there, so stay tuned :) Would love to know what you guys think. Have fun!

    Poništi
  21. proslijedio/la je Tweet
    10. sij

    I just published "Hunting Good Bugs with only <HTML>" I hope you enjoy this post!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·