Opens profile photo
Follow
Click to Follow n1ghtmar3_2421
MD. GOLLAM RABBI
@n1ghtmar3_2421
Hey. It's me. Orin. I am a medical student, a Bug Bounty Hunter and a CTF Player
Science & TechnologyJoined December 2020

MD. GOLLAM RABBI’s Tweets

I found 2 Blind time-based SQL Injections in X-Forwarded-For: header just using Burp Intruder. Made a list of 500+ HTTP request and tested one by one for 3+ hours, here is the result.. X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z #BugBounty
Image
Image
26
867
Saw and fight on KOTH and spam each other with /dev/urandom and BoOm! Got hooked. Started practicing as much as I could. It is really fun and helped me practice for CTF challenges.
Quote Tweet
Half a million people are learning cyber security on TryHackMe! Retweet this & let us know why you signed up to TryHackMe? 5 random answers get $100 worth of Swag/Vouchers/Prizes🍀 Thank YOU for supporting us! 250k of you signed up in the last 6 months: blog.tryhackme.com/there-are-half
2
Alhamdulillah,got my first account takeover vulnerability triaged on bugcrowd. Thanks for this amazing talk on youtube.com/watch?v=0QFByA . Took notes of one p4 and p5 as suggested on the video and chained them with XSS and got one click to full account takeover.
3
44
Show this thread