Hello everyone! Just migrated over and looking to connect with folks in a few different spaces.
Iām a Texas-based cyber expert currently diving deep into Python and Cybersecurity (specifically #BugBounty and #Pentesting). When Iām not looking for vulnerabilities, Iām usually analyzing Gold charts and SMC/ICT trading setups. š
Also big into health, fitness, . Looking forward to learning from the community here!
#Python #CyberSec #Trading #ICT #Texas #Infosec #TradingCommunity
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF
When Old Breaches Meet New Code: Why Historical Leaks Still Matter
This vulnerability demonstrates the persistence of historical breaches in current systems due to a lack of code updates or inadequate data sanitization. In this instance, the application used email addresses from an old data breach in its password recovery feature, allowing attackers to obtain user credentials by matching leaked emails to hashed passwords in a rainbow table (a precomputed table of hashed passwords). The attacker was able to bypass rate-limiting and CAPTCHA protections by using a Python script to automate the process. The mechanism relied on a combination of brute force and dictionary attacks, taking advantage of weak password choices by some users. The impact was significant, as attackers could gain unauthorized access to user accounts. No bounty amount was disclosed, but the platform addressed the issue by implementing a more secure password recovery process that no longer relies on leaked email addresses. Key takeaway: Keep your code updated and data secure by regularly sanitizing and rotating credentials from historical breaches. #BugBounty #Cybersecurity #WebSecurity #PasswordRecovery #DataBreach
Exploiting SQL Injection to Bypass Login Authentication | PortSwigger Lab Write-up
This vulnerability was an SQL Injection in the login authentication process, bypassing user validation. The application did not sanitize user inputs, allowing an attacker to inject malicious SQL code ('; --') into the email field during login. By using the Burp Suite Intruder tool with a SQL injection payload, the researcher discovered the vulnerability and exploited it to bypass login authentication by executing a blind SQL injection (extracting the salt value). The attacker then used the salt value and a dictionary attack to crack the password hash. The impact included unauthorized access to user accounts. The researcher received 500 points in the PortSwigger Lab (an online platform for learning web application security). Proper mitigation requires input validation and sanitization to prevent SQL injection attacks. Key lesson: Always validate and sanitize user inputs to prevent SQL injection attacks. #BugBounty #Cybersecurity #WebSecurity #SQLInjection #InputValidation
Found a bypass in Wazuh's UNC path validation for Windows agents.
The existing mitigation (CVE-2025-30201) blocked standard UNC paths like \\server\share, but extended-length UNC paths using the \\?\UNC\ prefix slipped right through. This affects the OSQuery wodle's log_path and config_path fields.
Impact: An attacker who controls the centralized agent config can coerce domain-joined Windows agents into authenticating to an attacker-controlled SMB server, leaking the machine account's NetNTLMv2 hash. From there it's NTLM relay and potentially full Active Directory domain compromise.
Patched in Wazuh 4.14.3. CVSS 7.7 High.
Full writeup with technical details on my blog:
moltenbit.net/posts/wazuh-unc-mitigation-bypass-cve-2025-30201/
#infosec #bugbounty #wazuh #security #cybersecurity #vulnerabilityresearch
How I Found a Critical IDOR Leading to Account Takeover in Two EdTech Platforms
The vulnerability was an Insecure Direct Object Reference (IDOR) in two EdTech platforms, allowing account takeover through user profile manipulation. The flaw resulted from improper input validation, leading to user profiles being accessible via URL parameters. By constructing carefully crafted URLs containing other users' IDs, the researcher accessed their profiles without proper authentication. The attack vector involved using Burp Suite's Intruder tool to automate IDOR requests, sending payloads with incremental user IDs. The mechanism revolved around the application trusting the provided IDs without verifying their ownership or performing proper authorization checks. This IDOR flaw enabled the researcher to impersonate other users, potentially causing serious account takeovers. The researcher did not disclose specific bounty amounts or program responses. Proper mitigation requires implementing strict input validation and enforcing proper access control checks. Key lesson: Always validate user inputs and enforce proper access control to prevent unauthorized data access. #BugBounty #Cybersecurity #WebSecurity #IDOR #AccountTakeover #InputValidation
#Google paid $17.1 million for vulnerability reports in 2025
Hey folks! š
Wanted to share a project I've been working on ā HXR. It's a Python-based reconnaissance framework designed to streamline bug bounty workflows.
What's inside:
ā¦ Subdomain enum + tech fingerprinting
ā¦ Crawler + parameter discovery
ā¦ Automated screenshots
ā¦ Vulnerability scanner (XSS, Open Redirect, etc)
ā¦ API endpoint finder from JS
ā¦ Report generator
The good stuff:
ā¢ Works on Linux, Windows, macOS, and Termux
ā¢ Auto-installs dependencies on first run
ā¢ Clean, readable output
ā¢ Modular ā pick and choose features
Important: Only for authorized testing and education. Please be responsible.
Would love to hear your thoughts, suggestions, or bug reports. Just open an issue on GitHub or reach out.
š https://github.com/ruyynn/hxr
If it's useful, a star would mean a lot! ā
NahamSec Teaches Me Bug Bounty Basics
I'm building free & open source cybersecurity tools.
Most of them focus on:
ā¢ reconnaissance
ā¢ OSINT
ā¢ automation
ā¢ bug bounty workflows
Everything is mostly written in Python.
You can explore the projects here:
https://github.com/ruyynn
I'm also looking for ideas ā what security or OSINT tools would you like to see?
#cybersecurity #infosec #osint #opensource #python #bugbounty
JOHN SMITH
Bug Bounty Shorts
moltenbit
The New Oil
Ruyy | OSINT & Security Tools
HackerWorkspace
Ruyy | OSINT & Pentesting