Only 6 hours... and boom!
Found multiple critical vulnerabilities in US Bank β including:
Why you guys not following me yet?
It's like walking into a digital vault with no lock... just saying.
Ethically hacking to protect, not to exploit.
Does anyone know if they have a bug bounty or responsible disclosure program?
Found multiple critical vulnerabilities in US Bank β including:
Leaked sensitive information
Hardcoded auth credentials
Unprotected sensitive endpoints
Unauthenticated access to the dashboard
And more juicy stuff...
ο»Ώ
Why you guys not following me yet?
It's like walking into a digital vault with no lock... just saying.
Ethically hacking to protect, not to exploit.
Does anyone know if they have a bug bounty or responsible disclosure program?
π±23π11β€2
π»Nuclei AI Prompts is a platform that offers a collection of ready-to-use security prompts for Nuclei. It helps penetration testers and security researchers speed up their work by providing prompts for common vulnerabilities like XSS, SQLi, RCE, and more. You can easily copy these prompts and use them in your security testing, and even contribute new ones to help grow the community.
β Join Telegram - t.iss.one/brutsecurity
π₯nucleiprompts.com
#cybersecurity #bugbounty #bugbountytips #nuclei
β Join Telegram - t.iss.one/brutsecurity
π₯nucleiprompts.com
#cybersecurity #bugbounty #bugbountytips #nuclei
π5π₯5β€1π€1
Discovering a Business Logic Flow Bug (Low-Hanging Fruit)
Try my this simple method to identify a common business logic flaw:
But wait β before you continue...
If you're not following me yet, what are you doing?
π§ͺ Exploitation Steps:
1. Register a new account and take note of the username you used.
2. Verify and activate the account.
3. Delete the account.
4. Now, try registering again using the same username β observe what happens.
If the server still blocks or reserves the username after the account is deleted, congratulations! You've just uncovered a Business Logic Flow bugπ
#BugBountytips
Try my this simple method to identify a common business logic flaw:
But wait β before you continue...
If you're not following me yet, what are you doing?
π§ͺ Exploitation Steps:
1. Register a new account and take note of the username you used.
2. Verify and activate the account.
3. Delete the account.
4. Now, try registering again using the same username β observe what happens.
If the server still blocks or reserves the username after the account is deleted, congratulations! You've just uncovered a Business Logic Flow bugπ
#BugBountytips
π16π3π₯2π«‘2π¨βπ»1πΏ1
collect emails, usernames from commit history of repos of an org from GitHub for more personalized targeting of employees
ghintel.secrets.ninja
ghintel.secrets.ninja
β€20π4π₯1π’1
What do you think is the most underrated vulnerability?
Anonymous Poll
39%
1. Business Logic Flaws
16%
2. Race Conditions
14%
3. Vulnerabilities in package.json
13%
4. Insecure Deserialization
19%
5. HTTP Request Smuggling
β€4π€2
There are some fast and simple Google Dorks that you should definitely apply to your target during recon.
These can often reveal sensitive information like .env files, database dumps, config files, and even backups.
1. Exposed .env Files
intitle:"Index of" ".env"
"DB_PASSWORD" filetype:env
"APP_ENV=local" | "DB_HOST=127.0.0.1"
2. Exposed SQLite Databases
intitle:"Index of" ".sqlite"
intitle:"Index of" "db.sqlite"
filetype:sqlite | filetype:sqlite3 | filetype:db
3. Misconfigured Laravel or Public Folder Exposure
inurl:/public/.env
inurl:/public/db.sqlite
intitle:"Index of" inurl:/public/
4. Backup / Config Files (often contain sensitive info)
intitle:"Index of" "backup"
intitle:"Index of" "config"
ext:sql | ext:bak | ext:old | ext:backup
5. Generic Index Dump
intitle:"Index of /" +passwd
intitle:"Index of /" +passwords
Before using these dorks, start by narrowing down your scope with site:target.com, then apply the specific dork to focus only on your target.
Follow meππΌ DarkShadow
#Bugbountytips
These can often reveal sensitive information like .env files, database dumps, config files, and even backups.
1. Exposed .env Files
intitle:"Index of" ".env"
"DB_PASSWORD" filetype:env
"APP_ENV=local" | "DB_HOST=127.0.0.1"
2. Exposed SQLite Databases
intitle:"Index of" ".sqlite"
intitle:"Index of" "db.sqlite"
filetype:sqlite | filetype:sqlite3 | filetype:db
3. Misconfigured Laravel or Public Folder Exposure
inurl:/public/.env
inurl:/public/db.sqlite
intitle:"Index of" inurl:/public/
4. Backup / Config Files (often contain sensitive info)
intitle:"Index of" "backup"
intitle:"Index of" "config"
ext:sql | ext:bak | ext:old | ext:backup
5. Generic Index Dump
intitle:"Index of /" +passwd
intitle:"Index of /" +passwords
Before using these dorks, start by narrowing down your scope with site:target.com, then apply the specific dork to focus only on your target.
Follow meππΌ DarkShadow
#Bugbountytips
β€19π6π¨βπ»2π₯1
CVE-2025-3439: Deserialization of Untrusted Data in Everest Forms WordPress plugin, 9.8 rating π₯
A vulnerability in the 'field_value' parameter allows a remote unauthenticated attacker to perform PHP object injection. This in turn allows the attacker to achieve RCE, retrieve sensitive data and the ability to delete arbitrary files.
Search at Netlas.io:
π Link: https://nt.ls/CoAb6
π Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/everest-forms/everest-forms-contact-form-quiz-survey-newsletter-payment-form-builder-for-wordpress-311-unauthenticated-php-object-injection
A vulnerability in the 'field_value' parameter allows a remote unauthenticated attacker to perform PHP object injection. This in turn allows the attacker to achieve RCE, retrieve sensitive data and the ability to delete arbitrary files.
Search at Netlas.io:
π Link: https://nt.ls/CoAb6
π Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/everest-forms/everest-forms-contact-form-quiz-survey-newsletter-payment-form-builder-for-wordpress-311-unauthenticated-php-object-injection
β€3π₯2
You Can Find Race Condition Vulnerabilities β¨
Try to understand what it is:
This vulnerability occurs when a system's behavior depends on the timing of concurrent operations, allowing attackers to gain unauthorized access or perform unauthorized actions.
You can find this vulnerability in the following functionalities of web applications:
1. User Account Creation β Creating multiple accounts using the same email.
2. Account Deletion β Deleting a victimβs account without logging into their account.
3. Email Verification Bypass β Sending the same verification link to both the real and an external email address.
4. Password Reset Flows β Sending a reset link to both the victimβs and attackerβs email addresses simultaneously.
5. Privilege Escalation During Role Assignment β Creating a normal user and assigning admin privileges at the same time using the same email.
6. Coupon/Voucher Redemption β Redeeming the same coupon multiple times before it's marked as used.
7. Payment Processing β Performing multiple payments or withdrawals with insufficient balance.
8. File Upload β Uploading multiple files at the same endpoint simultaneously, potentially triggering remote code execution (RCE).
9. Voting or Rating Systems β Sending multiple votes or ratings at the same time using the same request.
10. Subscription Plan Upgrades β Triggering parallel requests to gain a higher-tier plan without being properly charged.
I will try to share many techniques to find and exploit these functionalities. If you guys enjoy to read this don't forget to react π₯
And follow me ππΌ DarkShadow
Try to understand what it is:
This vulnerability occurs when a system's behavior depends on the timing of concurrent operations, allowing attackers to gain unauthorized access or perform unauthorized actions.
The main concept to exploit it is by abusing functionality where a web application handles a sensitive action through multiple simultaneous requests. If the backend is vulnerable, it may process your malicious request alongside a legitimate one at the same time!
You can find this vulnerability in the following functionalities of web applications:
1. User Account Creation β Creating multiple accounts using the same email.
2. Account Deletion β Deleting a victimβs account without logging into their account.
3. Email Verification Bypass β Sending the same verification link to both the real and an external email address.
4. Password Reset Flows β Sending a reset link to both the victimβs and attackerβs email addresses simultaneously.
5. Privilege Escalation During Role Assignment β Creating a normal user and assigning admin privileges at the same time using the same email.
6. Coupon/Voucher Redemption β Redeeming the same coupon multiple times before it's marked as used.
7. Payment Processing β Performing multiple payments or withdrawals with insufficient balance.
8. File Upload β Uploading multiple files at the same endpoint simultaneously, potentially triggering remote code execution (RCE).
9. Voting or Rating Systems β Sending multiple votes or ratings at the same time using the same request.
10. Subscription Plan Upgrades β Triggering parallel requests to gain a higher-tier plan without being properly charged.
I will try to share many techniques to find and exploit these functionalities. If you guys enjoy to read this don't forget to react π₯
And follow me ππΌ DarkShadow
π₯24π4β€3
May the colours of the new year paint your life with bountiful happiness and joy. Happy Pohela Boishakh! β€ β¨
Please open Telegram to view this post
VIEW IN TELEGRAM
1β€19
Please open Telegram to view this post
VIEW IN TELEGRAM
β€12π3π±2
Please open Telegram to view this post
VIEW IN TELEGRAM
β€10π₯4π1
This media is not supported in your browser
VIEW IN TELEGRAM
Tired of all the hassle when moving small files around?
Try this absolute gem
cat filename.txt | nc termbin.com 9999
https://termbin.com/abcd β share it, save it, or just keep it for later. No login, no setup. Just pure terminal magic. β¨Perfect for notes, PoCs, or scripts when you're working remotely on a VPS. π»π
#bugbounty #cybersecurity #linuxTips #vps #infosec #hacking #brutsecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
β€15π5π₯1
β‘While reading JavaScript files, I discovered a Broken Access Control vulnerability!
Guys, while analyzing a JS file, I noticed the target was using a dynamic app structure. Inside the JS file, I found some hardcoded URLs related to the dashboard view, including tokens β which instantly caught my attention!
Out of curiosity, I tried accessing those URLs without the token, and it redirected me to the login page. But once I accessed them with the tokenβ¦ BOOM! I got full access to the dashboard without any authentication! π₯
Never skip manually reviewing JS files β they often contain juicy endpoints and hidden treasures! π―
Follow me ππΌ DarkShadow
#bugbountytips
Guys, while analyzing a JS file, I noticed the target was using a dynamic app structure. Inside the JS file, I found some hardcoded URLs related to the dashboard view, including tokens β which instantly caught my attention!
Out of curiosity, I tried accessing those URLs without the token, and it redirected me to the login page. But once I accessed them with the tokenβ¦ BOOM! I got full access to the dashboard without any authentication! π₯
Never skip manually reviewing JS files β they often contain juicy endpoints and hidden treasures! π―
Follow me ππΌ DarkShadow
#bugbountytips
π16π3π₯3β€2π±2