Intigriti
@intigriti.com
Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
linktr.ee/hackwithintigriti
linktr.ee/hackwithintigriti
December 16, 2025 at 6:37 PM
We've compiled payloads for various scenarios, including basic script injection, image tags, jQuery exploitation, CSP bypasses, and even AngularJS template injection.
Remember to host these on your own server to catch callbacks! 👀
Remember to host these on your own server to catch callbacks! 👀
December 16, 2025 at 6:37 PM
We've compiled payloads for various scenarios, including basic script injection, image tags, jQuery exploitation, CSP bypasses, and even AngularJS template injection.
Remember to host these on your own server to catch callbacks! 👀
Remember to host these on your own server to catch callbacks! 👀
Blind XSS occurs when your payload executes in a different context, like an admin panel, analytics page, or any other type of internal dashboard.
These are some of the most impactful findings because they often affect privileged users!
These are some of the most impactful findings because they often affect privileged users!
December 16, 2025 at 6:37 PM
Blind XSS occurs when your payload executes in a different context, like an admin panel, analytics page, or any other type of internal dashboard.
These are some of the most impactful findings because they often affect privileged users!
These are some of the most impactful findings because they often affect privileged users!
JSONP allows you to specify a callback function in the URL, which means you can execute arbitrary JavaScript even when CSP is enforced. This technique has saved countless XSS findings from being blocked! 👀
Swipe through the first post to learn more.
Swipe through the first post to learn more.
December 15, 2025 at 6:37 PM
JSONP allows you to specify a callback function in the URL, which means you can execute arbitrary JavaScript even when CSP is enforced. This technique has saved countless XSS findings from being blocked! 👀
Swipe through the first post to learn more.
Swipe through the first post to learn more.
Day 14 of #BugQuest2025 is live now! Swipe through the first post to learn more.
December 14, 2025 at 6:37 PM
Day 14 of #BugQuest2025 is live now! Swipe through the first post to learn more.
They're also harder to test for at scale, making them more prone to be missed by other hunters! 😎
Luckily, there's a simple way to test for DOM XSS using your developer console. By setting event breakpoints on DOM sinks, you can intercept and analyze how your input flows through the application! 👀
Luckily, there's a simple way to test for DOM XSS using your developer console. By setting event breakpoints on DOM sinks, you can intercept and analyze how your input flows through the application! 👀
December 14, 2025 at 6:37 PM
They're also harder to test for at scale, making them more prone to be missed by other hunters! 😎
Luckily, there's a simple way to test for DOM XSS using your developer console. By setting event breakpoints on DOM sinks, you can intercept and analyze how your input flows through the application! 👀
Luckily, there's a simple way to test for DOM XSS using your developer console. By setting event breakpoints on DOM sinks, you can intercept and analyze how your input flows through the application! 👀
Day 13 of #BugQuest2025 covers this specific misconfiguration! Swipe through the first post to learn more about how to find these exposed buckets. 👇
#BugBounty #HackWithIntigriti
#BugBounty #HackWithIntigriti
December 13, 2025 at 6:37 PM
Day 13 of #BugQuest2025 covers this specific misconfiguration! Swipe through the first post to learn more about how to find these exposed buckets. 👇
#BugBounty #HackWithIntigriti
#BugBounty #HackWithIntigriti
R2 dev is a feature that allows developers to make bucket contents publicly accessible for testing purposes.
If this feature is left enabled in production, it may expose sensitive files, credentials, backups, and other critical data! 😎
If this feature is left enabled in production, it may expose sensitive files, credentials, backups, and other critical data! 😎
December 13, 2025 at 6:37 PM
R2 dev is a feature that allows developers to make bucket contents publicly accessible for testing purposes.
If this feature is left enabled in production, it may expose sensitive files, credentials, backups, and other critical data! 😎
If this feature is left enabled in production, it may expose sensitive files, credentials, backups, and other critical data! 😎
We've compiled search queries for the most popular blob storage services. Swipe through to learn more! 👇
#BugBounty #HackWithIntigriti
#BugBounty #HackWithIntigriti
December 12, 2025 at 6:37 PM
We've compiled search queries for the most popular blob storage services. Swipe through to learn more! 👇
#BugBounty #HackWithIntigriti
#BugBounty #HackWithIntigriti
Cloud storage buckets are goldmines for sensitive data. They can store customer data, invoices containing PII, backups & archives, and more.
Companies often use predictable naming conventions, making these buckets discoverable through simple searches! 😎
Companies often use predictable naming conventions, making these buckets discoverable through simple searches! 😎
December 12, 2025 at 6:37 PM
Cloud storage buckets are goldmines for sensitive data. They can store customer data, invoices containing PII, backups & archives, and more.
Companies often use predictable naming conventions, making these buckets discoverable through simple searches! 😎
Companies often use predictable naming conventions, making these buckets discoverable through simple searches! 😎
December 11, 2025 at 6:37 PM
As companies publish new job postings, we can often find references to technologies, services, and other third-party tools that are not publicly documented! 😎
This method can help you craft SQLi payloads & generate custom wordlists!
This method can help you craft SQLi payloads & generate custom wordlists!
December 11, 2025 at 6:37 PM
As companies publish new job postings, we can often find references to technologies, services, and other third-party tools that are not publicly documented! 😎
This method can help you craft SQLi payloads & generate custom wordlists!
This method can help you craft SQLi payloads & generate custom wordlists!
Once you have the origin IP, you can test directly against the server while completely bypassing WAF rules. This technique has uncovered vulnerabilities that were previously hidden! 👀
Swipe through the first post to see day 10 of #BugQuest2025.
#BugBounty #HackWithIntigriti
Swipe through the first post to see day 10 of #BugQuest2025.
#BugBounty #HackWithIntigriti
December 10, 2025 at 6:37 PM
Once you have the origin IP, you can test directly against the server while completely bypassing WAF rules. This technique has uncovered vulnerabilities that were previously hidden! 👀
Swipe through the first post to see day 10 of #BugQuest2025.
#BugBounty #HackWithIntigriti
Swipe through the first post to see day 10 of #BugQuest2025.
#BugBounty #HackWithIntigriti
Many targets hide behind Cloudflare or other WAFs, making testing difficult.
But by using certificate transparency logs and historical DNS data, you can often discover the real origin IP from before the host was put behind the WAF!
But by using certificate transparency logs and historical DNS data, you can often discover the real origin IP from before the host was put behind the WAF!
December 10, 2025 at 6:37 PM
Many targets hide behind Cloudflare or other WAFs, making testing difficult.
But by using certificate transparency logs and historical DNS data, you can often discover the real origin IP from before the host was put behind the WAF!
But by using certificate transparency logs and historical DNS data, you can often discover the real origin IP from before the host was put behind the WAF!
Swipe through day 9 of #BugQuest2025 to view examples (view first post)!
#BugBounty #HackWithIntigriti
#BugBounty #HackWithIntigriti
December 9, 2025 at 6:37 PM
Swipe through day 9 of #BugQuest2025 to view examples (view first post)!
#BugBounty #HackWithIntigriti
#BugBounty #HackWithIntigriti
Many organizations deploy platforms like Jira, Jenkins, or ServiceNow, but forget to disable public sign-ups.
Getting authenticated access can help you elevate your privileges, access hidden functionality, and entire admin panels that you'd never see as an unauthenticated user! 😎
Getting authenticated access can help you elevate your privileges, access hidden functionality, and entire admin panels that you'd never see as an unauthenticated user! 😎
December 9, 2025 at 6:37 PM
Many organizations deploy platforms like Jira, Jenkins, or ServiceNow, but forget to disable public sign-ups.
Getting authenticated access can help you elevate your privileges, access hidden functionality, and entire admin panels that you'd never see as an unauthenticated user! 😎
Getting authenticated access can help you elevate your privileges, access hidden functionality, and entire admin panels that you'd never see as an unauthenticated user! 😎
www.intigriti.com
December 9, 2025 at 3:08 PM