Joined September 2022
2,408 Photos and videos
H1 Disclosed - Public Disclosures reposted
⚑ heap-use-after-free in curl_easy_cleanup() called from callback πŸ‘¨πŸ»β€πŸ’» carehi1324 ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/383357… #bugbounty #bugbountytips #cybersecurity #infosec
3
9
924
H1 Disclosed - Public Disclosures reposted
⚑ Improper Input Validation β€” HTTP Response Parser Unconditionally Accepts Bare CR in Status Line πŸ‘¨πŸ»β€πŸ’» saif-01 ➟ Node.js 🟧 Medium πŸ’° None πŸ”— hackerone.com/reports/364868… #bugbounty #bugbountytips #cybersecurity #infosec
3
12
813
H1 Disclosed - Public Disclosures reposted
Since X moved to a pay-per-use API model, I'm building a custom workaround to keep @h1disclosed running I was tempted to hand this task to my Hermes agent, but honestly half the fun of these side projects is building them yourself. πŸ€– Almost Done !! #bugbounty #cybersecurity
2
1
6
1,767
H1 Disclosed - Public Disclosures reposted
RewavπŸ“»: 24 hours of nostalgia. That's it. Listen here: radio.ryno.sh #radio
Reason why FM Radio stations are shutting down
1
3
655
We are back 🦾 #bugbounty #bugbountytips #cybersecurity
Since X moved to a pay-per-use API model, I'm building a custom workaround to keep @h1disclosed running I was tempted to hand this task to my Hermes agent, but honestly half the fun of these side projects is building them yourself. πŸ€– Almost Done !! #bugbounty #cybersecurity
2
5
1,694
⚑ Connection reuse ignores haproxyprotocol and HAPROXY_CLIENT_IP settings, allowing PROXY context t... πŸ‘¨πŸ»β€πŸ’» 7omoo ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/374113… #bugbounty #bugbountytips #cybersecurity #infosec
1
612
⚑ Schannel custom-CA path skips Extended Key Usage enforcement πŸ‘¨πŸ»β€πŸ’» giant_anteater ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/373499… #bugbounty #bugbountytips #cybersecurity #infosec
3
597
⚑ HTTP/3 paused transfer buffers incoming data without bound up to ~1 GiB πŸ‘¨πŸ»β€πŸ’» giant_anteater ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/373494… #bugbounty #bugbountytips #cybersecurity #infosec
1
449
⚑ Cross-repository IDOR in `/settings/security_analysis/bypass_reviewers` allows unauthorized deleg... πŸ‘¨πŸ»β€πŸ’» @ahacker1_h1 ➟ GitHub 🟧 Medium πŸ’° None πŸ”— hackerone.com/reports/356025… #bugbounty #bugbountytips #cybersecurity #infosec
19
1,012
⚑ HSTS multi-trailing-dot bypass-ish: possible incomplete fix for CVE-2022-30115 πŸ‘¨πŸ»β€πŸ’» giant_anteater ➟ curl 🟧 Medium πŸ’° None πŸ”— hackerone.com/reports/373398… #bugbounty #bugbountytips #cybersecurity #infosec
1
1
462
⚑ rustls backend silently ignores CURLOPT_CRLFILE when native CA store is active πŸ‘¨πŸ»β€πŸ’» giant_anteater ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/373493… #bugbounty #bugbountytips #cybersecurity #infosec
2
452
⚑ libssh SFTP initialization ignores CURLOPT_TIMEOUT, hangs indefinitely πŸ‘¨πŸ»β€πŸ’» giant_anteater ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/373508… #bugbounty #bugbountytips #cybersecurity #infosec
2
5
601
⚑ cookie: case-insensitive path comparison in replace_existing() allows cookie eviction across dist... πŸ‘¨πŸ»β€πŸ’» giant_anteater ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/373523… #bugbounty #bugbountytips #cybersecurity #infosec
1
308
⚑ CURLOPT_HSTS_CTRL disables shared HSTS without share guard β€” use-after-free and double-free πŸ‘¨πŸ»β€πŸ’» giant_anteater ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/373393… #bugbounty #bugbountytips #cybersecurity #infosec
2
2
313
⚑ Unauthenticated File Upload to CDN πŸ‘¨πŸ»β€πŸ’» @ph0r3nsic ➟ Enjin 🟧 Medium πŸ’° None πŸ”— hackerone.com/reports/358924… #bugbounty #bugbountytips #cybersecurity #infosec
2
36
2,339
⚑ IDOR: autotranslate.translateMessage Full Message Content Leak πŸ‘¨πŸ»β€πŸ’» josan_george ➟ Rocket.Chat 🟧 Medium πŸ’° None πŸ”— hackerone.com/reports/371368… #bugbounty #bugbountytips #cybersecurity #infosec
1
19
1,781
⚑ NULL pointer dereference in libcurl URL API redirect_url() with CURLU_DEFAULT_SCHEME πŸ‘¨πŸ»β€πŸ’» mulan_dh ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/373623… #bugbounty #bugbountytips #cybersecurity #infosec
1
440
⚑ Trailing-dot IPv4 URL bypasses IP-address guard, allows wildcard DNS SAN match πŸ‘¨πŸ»β€πŸ’» giant_anteater ➟ curl ⬜ None πŸ’° None πŸ”— hackerone.com/reports/373492… #bugbounty #bugbountytips #cybersecurity #infosec
2
4
691
⚑ SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution πŸ‘¨πŸ»β€πŸ’» suul ➟ Nextcloud πŸŸ₯ High πŸ’° None πŸ”— hackerone.com/reports/346299… #bugbounty #bugbountytips #cybersecurity #infosec
1
434
⚑ Origin IP Exposed waf bypass πŸ‘¨πŸ»β€πŸ’» @r00tSid ➟ Yuga Labs 🟨 Low πŸ’° $250 πŸ”— hackerone.com/reports/182108… #bugbounty #bugbountytips #cybersecurity #infosec
1
1
7
570