Ahmad Yussef
Відкрити в Telegram
Ranked Top 280 On Google BBP🎉 Security Content || Bug Bounty DM me to join my private channel: @a7mad_n1
Показати більшеКраїна не вказанаТехнології та додатки18 355
5 240
Підписники
-124 години
+187 днів
+6430 день
Архів дописів
5 240
+1
Alhamdullah I got a new bounty $$$ 🎉.
Bug-Type: Critical Cross-Brand IDOR in Form Builder API Allowing Unauthorized Form Creation in Other Brands
Write up: Today 👇
5 240
+1
Great to see people like this.
This Guy joined my telegram channel a few months ago, the subscription was $24, he created an account, and joined my telegram channel, he and his friend used the same account to access the private channel.
Instead of paying $48, they just paid $24 without letting me know two people are using the same account to access the private channel.
After some time, he saw it's a Good channel, and what they Do is Haram, Cause I'm trying my best to make it to be very good, He contacted me again and paid another $24.
The Idea is not about a small amount of money or big money, the idea is that you shouldn't do anything Haram.
Great to see and collaboration with like this person's 🙏
I just wanted to make this as post 🫡
Thanks for reading 🥰
Ahmad
5 240
#bugbountytips:
The Second Write up Critical IDOR on contact management endpoint
Steps to Reproduce
1- Create two separate accounts: Attacker and Victim.
2- In both accounts, create an Event and add at least one contact via: https://test.com/dash/{event_id}/promote/contact/id
3- From the Attacker’s account, edit one of their own contacts and intercept the save request.
4- Change only the contact ID in the URL from the attacker’s contact ID to the Victim’s contact ID.
5- Send the modified request. The victim’s contact details are successfully overwritten with the attacker’s data.
Impact
An attacker can full arbitrarily modify or overwrite any user’s contact information across different events.
5 240
+1
Bounty morning, Yeah Alhamdullah, I got a new bounty $$$ 🎉.
Bug-Type: Critical IDOR Allows Arbitrary Modification of Other Users' Contacts
I will share the write up today 👇.
5 240
#bugbountytips:
One of my recent critical vulnerability, that leads to Full Source code Disclosure , some of the information that is exposed:
ANTHROPIC_API_KEY
OPENAI_API_KEY
DATABASE_URL
Tips:
Add this Full endpoints to your checklist
1- https://api.test.com/v1/alias/boots/VOTelCollector
2- https://api.test.com/v/boots/VOTelCollector
Extra Tips:
Always do a very hard Fuzzing on all versions of the API.
Example:
api.test.com/v/boots/FUZZ
api.test.com/v1/boots/FUZZ
api.test.com/v2/boots/FUZZ
Etc..
I will complete sharing a lot of write ups soon👌👌
5 240
+1
Alhamdullah, I got a new bounty $$$$ by reporting a critical vulnerability to a new BBP.
The write up will be published here soon.
5 240
+1
Alhamdullah, bounty morning, yeah I got $$$$ by reporting 10 security Vulnerabilities.
The company gave me an extra $$$, for my professional disclosures🫡🩵
All write ups, will be published here soon.
#bugbounty #cybersecurity #hacking
5 240
+1
Meta has been cooked 😂.
That’s why Google Bug Bounty is better than Meta Bug Bounty.
Meta often provides poor responses and weak analysis when handling vulnerability reports.
5 240
Hi Guys,
I need help, who knows this body? , he is from Egypt, his profile
https://www.facebook.com/share/1DQSDPxxAg/
Please who can help, DM me as soon as @a7mad_n1
5 240
+1
1️⃣ The bug is a Prompt Injection vulnerability.
2️⃣ An attacker could ask Meta AI to take over victim accounts and bypass 2FA protections.
3️⃣ Meta reportedly fixed the issue after numerous high-profile accounts were compromised.
4️⃣ The attacker later tested the same attack using a different language (e.g., Arabic) and successfully bypassed the protections again 😂😂
The bug still appears to exist (you can test it yourself) 🤣
#bugbounty #hacking #cybersecurity
5 240
+1
Alhamdullah, I got $$$$ by reporting 4 security vulnerabilities.
bugbountytips:
When hunting auth bugs, spend as much time on account recovery as on login. Password reset flows often contain overlooked vulnerabilities that can lead to full account takeover (ATO).
#BugBounty #ATO #SecurityResearch
5 240
Account take over on Instagram
How attackers steal your account nowadays:
- Credential stuffing ❌
- Brute force attack ❌
- Just ask Meta AI nicely ✅
I think the AI will make a lot of bugs, and will make Bug Bounty for us very easy!😂🤣
5 240
Eid Mubarak everyone ✨❤️
InShaAllah, may all of you achieve your dreams very soon 🥳❤️
Wishing you happiness, success, and beautiful moments with your loved ones.
Best regards,
Ahmad
5 240
I really want to post this message.
I have made a good opportunity for all Hackers members, regarding the subscription, I have first made a good discount for Indian,Iran people, And from Gaza some members joined with free subscription, And I have made many times a discount for all members regarding the subscription.
But now please respect the subscription now is $50, some members after two days messaged and want to join with $40, but sorry Honestly I did my Best.
And just want to post new information, I Don't share my bounties to a public, all I shared it's not 1% of my bounties that I got (So I'm Not a shown hacker, I don't care about sharing always my bounties to public).
And in the private channel I share more and some times full reports & full PoC , but I can't share this to the public because of security reasons.
So, if you joined to my private channel, you will InShaAllah be more beneficial.
But in this channel the post will be limited, because I can't share like Full PoC to the public regarding the policy of the Bug Bounty programs, etc..
But InShaAllah soon will be here also some good Write ups techniques on bug bounty.
Regarding the private channel:
1- Please respect Now the price of the subscription is a $50 Lifetime subscription.
2- I only accept, Crypto & PayPal, And for Egyptians I can accept Vodafone & Insta pay as well.
Thank you very much🙏
Ahmad
5 240
Just clarifying:
I don't have any tools for sale,I don't sell any tools.
This is just a meme😅
5 240
Hi hackers, Just some hours and the full subscription will be a $50 Lifetime. Instead of $40.
This is the final remembered message.
And soon, I will publish some good Write ups here🫡
5 240
+1
Tomorrow will be the last day for a $40 lifetime subscription, after tomorrow it will be a $50 Lifetime subscription.
DM me soon, if you are interested
