nav1n – nav1n.com

Welcome to nav1n.com

Nothing much to see here yet!, please come back again.

-NS

Connect me on twitter: @admin

N$ 🍥Follow

🤖

N$ 🍥@nav1n0x·

21h

If you have a JSON login page, test blind-SQL injection directly in the username and/or password fields like below. #BugBounty #SQLInjection #bugbountytips

Payload injected in username input field:

Reply on Twitter 1642123884076969985 Retweet on Twitter 1642123884076969985158 Like on Twitter 1642123884076969985602 Twitter 1642123884076969985

N$ 🍥@nav1n0x·

22h

A few days ago there was a healthy discussion on sticking to a single program or multiple targets -> , where @HusseiN98D mentioned abt FIS program on BC, I never heard about it. So, decided to spend sometime on that & yesterday this happened. #BugBounty

Hussein Daher@HusseiN98D

@nav1n0x @retkoussa 2 months of sticking to one of the most hardened public programs, hijacked top 1 and more than $500k in bounties counting collabs with @infosec_au & @rhyselsmore . Stick to 1 program and dig deeper. You will end up finding your rabbit hole.

Reply on Twitter 1642101412850192385 Retweet on Twitter 16421014128501923854 Like on Twitter 1642101412850192385153 Twitter 1642101412850192385

N$ 🍥@nav1n0x·

23h

In March, I submitted 25 vulnerabilities to 1 program on @Hacker0x01. I cant believe I worked on a single target whole March🧐🧐🧐. And 14 out of 25 were Critical and High severity bugs.

#TogetherWeHitHarder https://hackerone.com/last-month

Reply on Twitter 1642096974773239808 Retweet on Twitter 16420969747732398087 Like on Twitter 1642096974773239808224 Twitter 1642096974773239808

N$ 🍥@nav1n0x·

27 Mar

Scored 10/10 in CVSS today. Both SQL injections were full db + Server takeover using OS shell. #BugBounty

Reply on Twitter 1640391409961254919 Retweet on Twitter 164039140996125491915 Like on Twitter 1640391409961254919360 Twitter 1640391409961254919

N$ 🍥@nav1n0x·

27 Mar

There's an opening for 2x Cyber Security Architects with 7 years experience in Saudi Arabia, if anyone interested DM me, will share the connection.

Reply on Twitter 1640279915625865218 Retweet on Twitter 16402799156258652184 Like on Twitter 164027991562586521850 Twitter 1640279915625865218

N$ 🍥@nav1n0x·

25 Mar

SQL Injection on JSON body POST request. It took me some time, but finally found the right technique and injection point. ``sqlmap -r request.txt --level=5 --risk=3 --force-ssl --ignore-code=500 --dbs`` #SQLInjection #BugBounty

Reply on Twitter 1639601064428093442 Retweet on Twitter 1639601064428093442319 Like on Twitter 16396010644280934421179 Twitter 1639601064428093442

Recent Posts

Recent Comments