//Hello World//

Welcome to

Nothing much to see here yet!, please come back again.


Connect me on twitter: @admin

One more directory traversal done and dusted today.
Payload: "//////////////////../../../../../../../../etc/passwd"


2 SQL injection reported for a program, 1 accepted so-far.

Multi-part POST request, fed bSQLI payload in all fields, got 403, bypassed using a fake input:
Content-Disposition: form-data; language="lang_id" with payload:
if(now()=sysdate(),sleep(xx),0) ==>SUCCESS!! #BugBounty


Just got duplicated 3 reports straight on a private program, and this one duplicated for a report that someone submitted 3 years ago.

If the company doesn't want to fix the reported issue why they run Bug Bounty/ VDP btw. #BugBounty

The CVE-2019-5418 (Ruby on Rails Action View File Content Disclosure) is still vulnerable in the wild, I just submitted a report, knowing that its a 3yo vulnerability chances are high that it could be another duplicate of the day. #BugBounty

How to get your day ruined with a P1 that got duplicated less than an hour of submission... heartbroken 🥹 #BugBounty

Load More...