Відео

brother where is crlf injection, i can only see rate limit bypass

i heard about otp leaked in response but first time seeing otp leak in request body🤣🤣🤣

amazing bro amazing

nice music haha

nice

طب قطاع ببطاقة فيزا يا شاطر

Can you reset my gmail password for me?

this is crazy❤‍🔥❤‍🔥

Nice

Any bounty you got ??????

It's not ssrf , Why ? because you are click in "my name " so you enter the page not the server of website !!!! You can do better than of this bro

Verification bypass is fine, but it's not a SSRF

ولی اهنگایی بی کلامی ک میزاری خیلی خوبن❤

this is not a SSRF

its not a bug

Good job, did the website developer respond to your report🤔?

😂

It is not vulnerable at SSRF =)) When you remove `tel` and your browser call to the Burp-collab → the IP got recorded is yours not from the Slack. For the second SSRF it could be because I saw 2 different IP as well as DNS. 1 is belonging to you, and the rest could be from Slack

why you are using this || (Or) to bypass the waf or what and after using the final payload the data reflected on the URL itself?

Source ip addresses are the IP address of origin serves right?

bugcrowd or hackerone plateform

I'm a new to this can somebody say where did he get the data?

Wow didn't knew slack would have that OTP verify😂.

Great find. Could someone please explain the last part?

After watching this POC i am able to do SSRF on every website.

😮

gokilllllll jir❤‍🔥❤‍🔥❤‍🔥🔥🔥🔥🔥🔥🔥🔥🧯

Why you put invalid email than in burp you remove the invalid so weird this is not bug, you are not hacker

Is it solved , do you got bounty

Still I don't believe if it's the website open bug bounty program coz from the UI it looks old and I just visisited that the website last updated is 2006 so it's normal if there is SQL Injection in the age but if u all try in the real websites nowadays it's so seldom coz I've learned and practice to hunt SQL Injenction bugs on BBP I never found them I can just found it like this video but it's not BBP

Ssrf 😂

Boss, could you please create a comprehensive video series covering advanced topics such as advanced time based blind SQL injection injection, XSS, LFI, RFI, and RCE, including the process of uploading web shells on Apache and IIS web servers in live website scenarios? Traditional platforms like test.vulner, DVWA, bWapp, PortSwigger, etc., fail to address real-world challenges like identifying origin IPs, DNS brute force attacks, reverse IP lookups, WAF/IDS/IPS circumvention, AWS/CDN/Tor, reverse proxies, and CMS security 🤙. Your unique content would be invaluable in educating the bug bounty hunting community about genuine issues and solutions. Thanks in advance for your contributions to the community.

I suggest using Burp Suite with request.txt and SQLMAP to accomplish all of this. Please share more videos on WebSocket SQL Injection and time-based blind SQL Injection using HTTP request/response headers. Thanks.

biunty,?

bro you got any bounty

hey bro can i talk to yu?

The SSRF was next level. 😂

OTP is serious finding but in the ssrf the calling came from your own network not the server IP. the important think in ssrf is the calling and its hould came from the original website server

very good

But you opened the link in your browser so the http request recieved is of your own not the server’s

payment system how? is it paid works?

Keep it Up!

Nice

🎉🎉🎉🎉

good🌹

Awesome 👍

any bounty bro ?

its openredirect bro :X

not understannd bro can anyone please explain me

Great finding 👌😏