Pinned
Visit target.com --> SSO
Visit target.com/admin--> login
Reviews Javascript -->
if (data == 'SUCCESS') {
location.href = "/admin/<snipped>?uname="+username+"";
}
Visit: target.com/admin/<snipped>?uname=admin
Admin Access...
#bugbountytips
Shlomie Liberow
1,470 posts
Shlomie Liberow
@Shlibness
London
Joined June 2009
- My brother [who is visibly Jewish] was attacked on the 113 bus, heading in direction of Oxford Circus, London at 11:33PM and threatened to "slit his throat for Palestine". Will anything be done about this rampant #Antisemitism @TfL @CST_UK @antisemitism
00:00 - Replying to @ShlibnessBus location: 262 Oxford Street, London, W1C 1DW. Drivers info: S. W - 2067909. VMH 2443 | 103 - 113. License plate: LK18 AFZ, Edgware Garage. All information is there for @metpoliceuk address fact that identifiably jewish people face extreme racism on a daily occurrence
- Replying to @ShlibnessImportant note: It's been cleared up that the football fans in the early part of the video were not involved in the abuse and are in fact Jewish. The racial abuse came from this individual.
- Replying to @Shlibness@Baddiel @stephenpollard @BoardofDeputies @Shomrim The above may be of interest of the typical experiences for someone wearing religious garb on public transport in London...
- Replying to @ShlibnessAudio threatening to slit his throat and shank him
- 🚨 Yay, we were rewarded with $20,000 on our @Hacker0x01 submission for a SSRF bug discovered in collaboration with @Shlibness! 💰🎉 🥳 We uncovered a Critical SSRF vulnerability, turning it into unauthorized access to internal admin endpoints, leading to PII leaks and
- Appreciate it. Police have been in touch about an interview for Tuesday but I'm truly hoping this isn't just procedural and an actual investigation to find the suspect is carried out. The footage and the fact he used an oyster on the bus should be more than sufficient.
- A must watch by @Blaklis_ covering some funky bug bounty exploits with all the juicy details. youtube.com/watch?v=MrNmdt…
- Took the plunge and started blogging about bug bounties - my first post is live! AI can be a powerful tool for bug hunting at speed when combined with human intuition. shlomie.uk/posts/Cracking… Feedback most welcome!
- Submitted an HTTP Smuggling attack and was initially rejected on low impact but found a /redirect endpoint which followed a poisoned referer header. Since I was able to set poisoned headers to an external host... #bugbountytip
- 🚨 Last month @DaneSherrets and I hacked @virtuals_io, a $4.6B platform for deploying AI agents and their associated cryptocurrency earning a $10,000 bounty. Here’s how we uncovered a major vulnerability that could’ve rewritten how these agents think and behave. 🧵👇
- Been a fun journey hitting the 1k club after hacking more actively recently. On to 2k... #TogetherWeHitHarder
