Master CRLF Injection: The Underrated Bug with Dangerous Potential
Learn how attackers exploit CRLF Injection to manipulate HTTP responses, hijack headers and unlock hidden vulnerabilities in modern web…
[Continue rea … ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-b4d43dd41d8e?source=rss—-7 … ⌘ Read more
Bug Bounty Race: Exploiting Race Conditions for Infinite Discounts ⌘ Read more
**Top 5 Easiest Bugs for Beginners in Bug Bounty **
Top 5 Easiest Bugs for Beginners in Bug Bounty 🐞
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/top-5-easiest-bugs-for-beginners-in-bug-bounty-45dd81c49e03?source=rss—-7b722bfd1b8d- … ⌘ Read more
️Recon Automation Like a Pro: My 5-Stage System to Catch More Bugs
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/%EF%B8%8Frecon-automation-like-a-pro-my-5-sta … ⌘ Read more
Bug Hunting in JS Files: Tricks, Tools, and Real-World POCs
🗝️Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-in-js-files-tricks-tools-and-real-world-pocs-70406e3eb72e?source=rss—-7 … ⌘ Read more
How to setup a Monthly Free VPS for Bug Hunting
In this article, I explained how to setup and use (GitHub CodeSpaces) for bug hunting
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-setup-a-monthly-free-vps-for-bug-hunting-d4 … ⌘ Read more
Revisiting the Past, Hacking the Future
From Invalid Reports to Real Vulnerabilities: The Path to Growth in Hacking
A Must-Have Tool for Bug Hunters: Find Open Redirect Vulnerabilities on Linux
Automate open redirection detection, save hours of manual testing, and level up your bug bounty recon game.
[Continue … ⌘ Read more
Ten Formidable Bugs and Insects That Scientists Recently Discovered
The insect world is home to strange, menacing creatures that, if you were a little bug, you would be wise to steer clear of. Year after year, researchers uncover new species of ferocious creepy crawlies, monsters of the minibeast world. Parasitic wasps, exploding ants, beetles with punky hairdos, there is no shortage of grisly wonders. […]
The post [Ten Formidable Bugs and Insects That Scientists … ⌘ Read more
** Bypassing Regex Validations to Achieve RCE: A Wild Bug Story**
✨Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bypassing-regex-validations-to-achieve-rce-a-wild-bug-story-4c523f69b9f8?sourc … ⌘ Read more
Bug Hunting for Real: Tools, Tactics, and Truths No One Talks About
Let’s Skip the “Sign Up on HackerOne” Talk
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/bug-hunting-for-real-tools-tactics-and-truths-no … ⌘ Read more
↳
In-reply-to
»
@kat Have you rebuild from
⤋ Read More
main recently? 🤔
@kat@yarn.girlonthemoon.xyz Make sure you’re up-todate with main 🤣 I’m fixing little things here and there. Also please report bugs 🐞
Going to try and few up a few more UX bugs today with yarnd.
@andros@twtxt.andros.dev @eapl.me@eapl.me Still lots of bugs in my client. 🥴 I’ll try to fix it next week.
And yes, using the same timestamp twice will very likely break threads.
How To Set Up Your Ultimate OOB Bug-Hunting Server
Having your own hacking server is one of the most important investments you can make in your bug bounty journey.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-set-up-your-ultimate … ⌘ Read more
Hey @kat@yarn.girlonthemoon.xyz If you see this, I’m aware of a bug. I’m trying to figure it out and fix it. bare with me 🤗 It is what’s causing things to “stall” and to have to “restart”. Sorry 😞
** The $2500 bug: Remote Code Execution via Supply Chain Attack** ⌘ Read more
@kat@yarn.girlonthemoon.xyz @xuu@txt.sour.is Recommend you git checkout main && git pull && make build. Few bug fixes 😄
↳
In-reply-to
»
@kat Unless you've found buds in this branch it should be fine 😆 Um running yhe dame!
⤋ Read More
@bender@twtxt.net Fuck I meant “bugs” 🐞 Geez 🙄
$500 Bug Bounty:Open Redirection via OAuth on Shopify
Exploiting OAuth Errors: A Real-World Open Redirect Bug on Shopify
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/500-bug-bounty-open-redirection-via-oauth-on-shopif … ⌘ Read more
How i Access The Deleted Files of Someone in Google Drive | Bug Bounty ⌘ Read more
↳
In-reply-to
»
@xuu or @kat Do either of you have time this weekend to test upgrading your pod to the new
⤋ Read More
cacher branch? 🤔 It is recommended you take a full backup of you pod beforehand, just in case. Keen to get this branch merged and to cut a new release finally after >2 years 🤣
@kat@yarn.girlonthemoon.xyz Yes see UPGRADE.md – I believe @xuu@txt.sour.is is now running this live after a couple of hiccups and a bug fix. So yeah if you can, that would be cool, basically looking for early beta testers (I was the alpha tester 🤣)
Another war story: the hardest bug I ever debugged
I recently stumbled on Jacob Voytko’s Google Docs bug story and it reminded me of the weirdest bug I ever chased.
It started with a user reporting their webcam was rotated by 90° — but only sometimes. This turned into a wild hunt across browsers, OS quirks, WebRTC, and even HTTP redirects.
How a 20 year old bug in GTA San Andreas surfaced in Windows 11 24H2
The headline sets the stage, and the article delivers. This was the most interesting bug I’ve encountered for a while. I initially had a hard time believing that a bug like this would directly tie to a specific OS release, but I was proven completely wrong. At the end of the day, it was a simple bug in San Andreas and this function should have never worked right, and yet, at least on PC it hid i … ⌘ Read more
10 Unusual Beverages Made with Strange Ingredients
Thirsty? You just might want to double-check what’s in your glass before taking that first sip. Around the world, people apparently have a way of turning the bizarre into a beverage. I mean, hey, why not? From bug-based protein smoothies to alcohol infused with things that might make you scream rather than cheer, humans have […]
The post [10 Unusual Beverages Made with Strange Ingredients](https://listverse.com/2025/04/23/10-unusu … ⌘ Read more
I Lost $3,750 in 30 Seconds — The ATO Bug 99% of Hackers Miss (Here’s How to Avoid It)
The 1 Burp Suite Mistake That Cost Me $3,750 — Fix It in 30 Seconds
[Continue reading on InfoSec Writ … ⌘ Read more
How to Start Bug Bounty in 2025 (No Experience, No Problem)
✅Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-to-start-bug-bounty-in-2025-no-experience-no-problem-89adc68da592?source=rss—-7b … ⌘ Read more
↳
In-reply-to
»
Hmmm?
⤋ Read More
@movq@www.uninformativ.de Yeah I know 🤣 I found another bug in lextwt 🤦♂️ This whole DM / bang-mention thingy has thrown a spanner in the works 🔧 – Even if I wanted to implement it, I’m not even ready to try at the moment 😢
↳
In-reply-to
»
Hmmm?
⤋ Read More
@xuu@txt.sour.is As I also mentioend on IRC I think this is a. bug?
I Clicked a Random Button in Google Slides — Then Google Paid Me $2,240
The strange trick that exposed a hidden security flaw (and how you can find bugs like this too).
[Continue reading on InfoSec Write-ups »](https://in … ⌘ Read more
Chaining Bugs Like a Hacker: IDOR to Account Takeover in 10 Minutes
🚀Free Article Link…
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/chaining-bugs-like-a-hacker-idor-to-account-takeover-in-1 … ⌘ Read more
**How I Hijacked OAuth Tokens Through a Parallel Auth Flow Race Condition — $8500 P1 Bug Bounty ** ⌘ Read more
Hmmm there’s a bug somewhere in the way I’m ingesting archived feeds 🤔
sqlite> select * from twts where content like 'The web is such garbage these days%';
hash = 37sjhla
feed_url = https://twtxt.net/user/prologic/twtxt.txt/1
content = The web is such garbage these days 😔 Or is it the garbage search engines? 🤔
created = 2024-11-14T01:53:46Z
created_dt = 2024-11-14 01:53:46
subject = #37sjhla
mentions = []
tags = []
links = []
sqlite>
Burp Suite Beyond Basics: Hidden Features That Save Time and Find More Bugs
📌Free Article Link
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/burp-suite-beyond-basics-hidden-f … ⌘ Read more
Automating GraphQL Bug Bounty Hunting with GrapeQL ⌘ Read more
↳
In-reply-to
»
(#wiluila) @david @andros The correct hash would be
⤋ Read More
si4er3q. See https://twtxt.dev/exts/twt-hash.html, a timezone offset of +00:00 or -00:00 must be replaced by Z.
Scratch that, no bug in jenny. There’s actually a test case for this. Python normalizes -00:00 to +00:00, so the negative case never happens.
@david@collantes.us @andros@twtxt.andros.dev The correct hash would be si4er3q. See https://twtxt.dev/exts/twt-hash.html, a timezone offset of +00:00 or -00:00 must be replaced by Z.
(That said, there’s a bug in jenny as well. It only replaces +00:00, not -00:00. 🤡)
Secret tricks to get hidden information in Bug Bounty
This article gives you a best and hidden tricks to find secret or hidden information from GitHub. we can call hidden approach on GitHub.
[Continue reading on InfoSec Write-ups »](https:/ … ⌘ Read more
“I bought a Mac”
Yep. I regret to inform you all that, as of January 2025, I am a Mac user: I bought a Mac. I have betrayed the penguin. So, how did such an icon of early 2000s Apple fall into my grubby hands? Well, it all started with the Wii U. I’m not joking. ↫ Loganius That’s one heck of an excuse to get a PowerPC G4 – needing to do Linux kvm hacking to fix a bug. While getting the PowerMac G4 they bought all set up and working properly for development purposes, someone else fixed the bug in question in the mean … ⌘ Read more
One Random Recon, One Real Bounty: The Paytm Story
From countless dead ends to a single Swagger UI payload — the unexpected breakthrough that changed my bug hunting journey forever.
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/ghost-paytm-xss-bounty-4f5efe6a643b?source=rss—-7b … ⌘ Read more
↳
In-reply-to
»
@prologic yay! One down! 😅 Have you figured out the single duplication issue?
⤋ Read More
@bender@twtxt.net It’s a bug in the UI for sure. The hash is the primary key.
↳
In-reply-to
»
I wonder if my current Linux installation will actually make it to 20 years:
⤋ Read More
I believe the bug has been fixed 🥳