Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @_heinthant
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_heinthant
-
Prikvačeni tweet
Got my first remote code execution on bug bounty program.Nothing is more beautiful than...... Tip? Just keep scanning for hidden directory until you found something else.
#bugbountytipspic.twitter.com/VWJe8wIxLs
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.
#bugbountytip#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
Good Test case for SQLIi “Bypassing Email Filter which leads to SQL Injection” by
@dimazarnohttps://medium.com/@dimazarno/bypassing-email-filter-which-leads-to-sql-injection-e57bcbfc6b17 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
If you see PUT method. Don't worry! Change PUT to POST and try for CSRF. Sometimes this happens :
#bugbountytips#bugbounty#infosec#hackingpic.twitter.com/3ZsdvWwbeA
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
Hey bug hunters! Want a look at some of the top vulnerabilities ever found on
@Dropbox ? They just released the last blog post I wrote before leaving. Enjoy!#bugbountytipshttps://blogs.dropbox.com/tech/2020/02/dropbox-bug-bounty-program-has-paid-out-over-1000000/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
Takeover story of repo 1.A site having github logo 2. Example: Click on logo it'll show you git repo(http://github.com/site/ ) 3. In my case , It was 404 Main part 4. Created git account with name of company , So it was like http://github.com/site/ Successful takeover
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
Today, we are launching
#BugBusiness, a series of interviews with#BugBounty hunters. In our first edition, we are discussing logic flaws and@securitytxt with@EdOverflow !
Who would you like to see interviewed next? Leave a comment!
http://go.intigriti.com/bugbusiness-1 Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
I just published my bug bounty writeups!!https://medium.com/@sivakrishnasamireddi/just-another-tale-of-severe-bugs-on-a-private-program-405870b03532 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
You can check WPEngine's config file on the WordPress blogs. Path: "/_wpeprivate/config.json"
#bugbountytipspic.twitter.com/wWs34jt9Qs
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
#bugbountytip decompile android app. and go to : Resources > resources.arsc > res > values > strings.xml search for *.firebaseio.com in xml file. ,and open browser try https://*.firebaseio.com/.json , you might find read access to database there.#bugbountytips .pic.twitter.com/eZPSqnAbWV
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
Sometimes we have to do the impossible. SQL'Injection Attempt from Remote Site With this method: XSS, SQL'i, CSRF attacks can be done. Failure to filter the data from the remote source leaves open doors for such attacks.
#bugbountytips#BugBountyTip#bugbounty#whitehatpic.twitter.com/bb29oBdpGLHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
[Tip] Create many accounts with one email :D A lot of web apps treat example@gmail.com and e.xam.ple@gmail.com as different emails but actually the emails sent to e.xam.ple@gmail.com will be received by example@gmail.com because gmail considers them the same email address.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)
#TogetherWeHitHarderPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
I always had a hard time finding
@GoogleVRP writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute!
#BugBonty#infosec#GoogleVRPhttps://github.com/xdavidhu/awesome-google-vrp-writeups …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
This is a summary for what i discussed with
@NahamSec in our latest#twitch stream about my recon process, that will be easier for you as you might mess some when you watch the video later on. https://pastebin.com/dyNMPAAJ Thanks Ben, what you do for community is dope#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
Opensourcing another project from team
@pdiscoveryio#Nabbu, Simple and Fast port scanner with handy features to use with another tool in your recon pipeline. Link to project:- https://github.com/projectdiscovery/naabu …#naabu#bugbounty#infosec#pentestingpic.twitter.com/9SVwfXziqNPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
New write up - "Reading ASP secrets for $17,000" - the really fun process of exploiting local file disclosure
https://samcurry.net/reading-asp-secrets-for-17000/ …pic.twitter.com/mzMSh7JKx0
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
I just released some of my PoCs! IDOR: https://youtu.be/3hJaxmiSzO4 Stored XSS: https://youtu.be/pwLG7tAGO08 Stored XSS: https://youtu.be/fnW0w2VYT2I RXSS: https://youtu.be/IC43MzAkC7E RXSS: https://youtu.be/DZxMB_KOoMk RXSS: https://youtu.be/L5isQP28o3M RXSS: https://youtu.be/CaoAh2CXyr0
#GeneralEG#BugBountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
I've just published my research on the Two Factor Authentication security subject https://bit.ly/2T95RWU . I had fun and enjoyed writing this one, hope you'll enjoy reading! Have a good read!
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
Yo hackers! I've built a small website that has some
#XSS challenges.
http://xss.pwnfunction.com
The main challenge for the week is `WW3`
All upcoming challenges will be hosted there, so stay tuned :)
Would love to know what you guys think. Have fun!pic.twitter.com/0vGboYQIY7
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hein Thant Zin proslijedio/la je Tweet
I just published "Hunting Good Bugs with only <HTML>" https://link.medium.com/oTrMsKEM72
#bugbounty#infosec I hope you enjoy this post!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.