🇪🇨🍫 (@bxmbn) / X

🇪🇨🍫

1,538 posts

🇪🇨🍫

@bxmbn

against the odds

Ecuador

Born June 1, 2003

Joined March 2019

Following

18.9K

Followers

🇪🇨🍫
@bxmbn
Nov 25, 2023
This year I Completed 500k in bounties Most rewarded vulnerabilities and the ones I always focused since the beginning: 1. XSS (all types) 2. Cache Poisoning 3. BACs Reached this amount totally from scratch, learning from the internet. No certs. 0 Automation. 0 Collabs.
234K
🇪🇨🍫
@bxmbn
Jun 3, 2023
May was a good one 🫶🏽
326K
🇪🇨🍫
@bxmbn
Nov 1, 2023
🎃
371K
🇪🇨🍫
@bxmbn
Jun 27, 2023
Total Earnings by Year 2020 - $850.00 2021 - $19,750.00 2022 - $86,744.50 2023 So Far - $168,034.00 17 y/o me never thought about it, started with 0 Knowledge, curious trying to make money while being at home due to the pandemic, with patience it became my main source of income
170K
🇪🇨🍫
@bxmbn
Jul 1, 2023
While testing for CVE-2023-24488 I found various servers behind Akamai and since the original payload gives a Forbidden response I found this bypass: post_logout_redirect_uri=%0D%0A%0D%0A%3Cbody+x=%27&%27onload=%22(alert)(%27citrix+akamai+bypass%27)%22%3E
83K
🇪🇨🍫
@bxmbn
Jun 6, 2023
If you are a beginner in bug bounty I recommend don’t ever buy any courses, nor look for mentors Nothing will guarantee you success in bug bounty I learned and keep learning myself by googling, reading hacktivity reports etc never spent a single dollar to learn Just an advice
49K
🇪🇨🍫
@bxmbn
Oct 25, 2024
My story so far: 2020 Started Bug Bounty 21/22 Pay off some of my parents debt and bought them a Car 2023 Pay off my parents mortgage and bought them a new home 2024 I’m now in the proccess of buying a home in Florida and I will be moving in November.
44K
🇪🇨🍫
@bxmbn
Aug 20, 2024
What is this 😭 username=bombon&password=undefined 200 OK username=AnyUser&password=undefined 200 Ok It gives you the access token just by providing the username and requesting the password as ‘undefined’ letting you to basically authenticate to any account..
47K
🇪🇨🍫
@bxmbn
Mar 23, 2023
Been hunting for almost 3 years now, only focusing in XSS, learned other vuls by just reading never bought courses, don’t use automation tools, not even burp pro and still manage to make a solid monthly income Its not hard, if you see it hard, then it will be hard.
54K
🇪🇨🍫
@bxmbn
Jun 4, 2024
It was worth the wait CVE-2023-35813
49K
🇪🇨🍫
@bxmbn
Jul 18, 2023
I was rewarded $9.600 bounties 2day and achieved what seemed to be impossible for a long time Top 100 All-Time ✅
54K
🇪🇨🍫
@bxmbn
Jul 26, 2023
Found these parameters but were being URL encoded as normal parameters, since I was trying to find an injection point for a Cache Poisoning XSS, I sent them as cookies and they were not being URL encoded anymore, Strong WAF? No problem either ✅ It’s just art at this point 🎨🖌️
85K
🇪🇨🍫
@bxmbn
Mar 30, 2024
March's total Bounties: $32,119 5 Broken Access Control: $17,237 4 Reflected XSS = $9,671 2 Cache Deception = $2,789 1 Cache Poisoning - Stored XSS = $1,250 Retests and Bonuses: $1,172
60K
🇪🇨🍫
@bxmbn
Jun 12, 2023
Today's XSS in a Multi-Reflection case: xss%27);}}});alert(document.cookie);$(function+a(){a();});$(function+a(){if(a){}else+if(a){/*///
49K