Bipin Jitiya
@win3zz
Founder of @Cuberks. Maker, hacker, security researcher. Love nature and psithurism. Tweets mostly about hacking, tech, entrepreneurship, and other geeky stuff.
As I previously promised I would publish a writeup on how I managed to find the SSRF bug on the biggest social media website, Facebook. So I wrote a blog about that finding. I hope you like it. 🍷 #BugBounty #Infosec link.medium.com/smZtjTvTV6
Prompt injection, chaining for multi-stage exfiltration, SSRF, Auth Token Leak, AI Chatbot Testing
CVE-2025-5777 Citrix NetScaler Memory Leak Severity: CRITICAL ⚠️ PoC: github.com/win3zz/CVE-202…
CVE-2025-41646 Critical auth bypass in RevPi Webstatus (<= v2.4.5) ⚠️ Affects ICS/OT Root Cause: Backend accepts JSON boolean true in place of the expected password hash - weak equality comparison PoC: Pass { "hashcode": true } to login --> full access! Patch: Update to v2.4.6
Here are some useful regex patterns for finding vulnerabilities in Java code, along with a list of Java security code review tools. gist.github.com/win3zz/59854aa…
intitle:"Remote Support Portal" intext:"Session Key"
🚨Alert🚨CVE-2025-5309:Server-Side Template Injection in Remote Support and Privileged Remote Access Chat Feature 🧐Credit by Jorren Geurts: resillion.com/latest-news/be… 📊1.2M+Services are found on the hunter.how yearly. 🔗Hunter Link:hunter.how/list?searchVal… 👇Query…
Found exposed IoT devices via Shodan - many (esp. SNMP-enabled) leak /tempage/configure.ini without auth, revealing hardcoded passwords. Allows full unauthenticated remote control/monitoring. Affects critical infra incl. wind turbines & EV charging stations. High impact risk.
Our thoughts shape our emotions, which drive our actions, lead 2 results & ultimately influence our reality. Just convince your mind that a critical issue 'does exist' in the app/code & u're soldier who has no choice but 2 find it! Once u set ur mind that way - u'll 'discover' it
In 2024, every minute: 4080 records breached, 251M emails sent, 1M Slack messages shared, 5.9M Google searches. (Source: Domo) Start 2025 with stronger cybersecurity! Protect your business with our expert pen testing services. #CyberSecurity #PenTesting
Did you know that Java code can be injected into a multiline comment using Unicode escapes (\uXXXX)? It appears as a comment but executes as code. Attackers can use this technique to hide backdoors. Test it yourself to "reveal a hidden message": gist.github.com/win3zz/2d117f9…
Check if a port is open using /dev/tcp in bash without using any additional tools
Hackers don't break systems; they find cracks left by others. Build better walls. #ComputerSecurityDay