Categories
Infosec

//Hello World//

Welcome to nav1n.com

Nothing much to see here yet!, please come back again.

-NS

Connect me on twitter: @admin

NS 🍥Follow

AppSec | DBA | SysADMIN | Linux | Unix | MainFrame | Core-Banking and Manufacturing #BugBounty #HackerOne #BugCrowd #Intigrity

NS 🍥
nav1n0xNS 🍥@nav1n0x·
26 Nov

Retrieving etc/passwd or etc/hosts using LFI is critical severity or high severity? Anyone help me to chose please? #BugBounty (Image added for attention garbing purpose only) 🙂

Reply on Twitter 1596609971055079424Retweet on Twitter 159660997105507942421Like on Twitter 1596609971055079424128Twitter 1596609971055079424
nav1n0xNS 🍥@nav1n0x·
24 Nov

Another P1. None ➡️ P1. I almost gaveup explaining the possible bug, thankfully at the end, the triager convenced and escalate the priority to P1 #BugBounty #RCE #SOLR

Reply on Twitter 1595921975717036032Retweet on Twitter 15959219757170360322Like on Twitter 159592197571703603251Twitter 1595921975717036032
nav1n0xNS 🍥@nav1n0x·
20 Nov

CVE-2020-11110 (Grafana 6.7.x stored XSS) in a biggest drinks maker's monitoring system. Funny that they still run tens of vulnerable apps. So, closing the day with a Critical finding. #BugBounty #Grafana #XSS

2
Reply on Twitter 1594402341373067269Retweet on Twitter 159440234137306726936Like on Twitter 1594402341373067269138Twitter 1594402341373067269
nav1n0xNS 🍥@nav1n0x·
20 Nov

Never expected to receive these two bounties +points knowing companies treat HTML injection and Open -redirection as low severity. I normally don't report open redirection or HTML injection unless there's a possible XSS, but these two reports proved me wrong!!! #BugBounty

Reply on Twitter 1594286212457676801Retweet on Twitter 15942862124576768015Like on Twitter 1594286212457676801103Twitter 1594286212457676801
Load More...