Sign In

How I Found Valid JavaScript Bugs? (Storytime)

Medusa October 9, 2025
Video Thumbnail
Medusa Logo

Medusa

@medusa0xf

About

I create API and Web heavy Hacking content, breaking down complex topics in a simple, fun, and practical way for pentesters, security researchers, and security engineers. Grab a coffee and enjoy ☕️

Latest Posts

I Tested an AI Hacker Called Shannon (Unexpected!)
PT4M

I Tested an AI Hacker Called Shannon (Unexpected!)

Medusa4 months ago

31956

Video Description

🐍 Portfolio: https://portfolio.medusa0xf.com/ ✍️ Bug Bounty WriteUps: https://medusa0xf.medium.com/ In this storytime, I share how I stumbled upon some surprising JS vulnerabilities, what made them tricky to spot, and why even small bugs can have a big impact in the bug bounty world. If you’re into hacking, bug hunting, or just curious about what goes on behind the scenes, this one’s for you! -------------------------------------------------------------------------------------------------------------------------------------------- 📱 Socials: X: https://twitter.com/medusa_0xf Discord: https://discord.com/invite/2PUPD3RHHs LinkedIn: https://www.linkedin.com/in/insha-j-38b822225/ Instagram: https://www.instagram.com/medusa_0xf/ -------------------------------------------------------------------------------------------------------------------------------------------- Blogs: https://medium.com/@medusa0xf/hunting-api-keys-in-javascript-files-a-bug-hunters-guide-01940b7dd6ef https://medium.com/bugbountywriteup/exposed-client-secret-in-javascript-resulted-in-quick-bug-bounty-35a609be138d https://medium.com/bugbountywriteup/bug-bounty-recon-tokens-pii-and-ci-cd-metadata-leaked-via-javascript-76e3c2594957 ------------------------------------------------------------------------------------------------------------------------------------------- massobeats - midnight massobeats - hillside massobeats - falling -------------------------------------------------------------------------------------------------------------------------------------------- #xss #bugbounty #pentesting #infosec #cybersecurity #websecurity #portswigger #DOMInvader #securityresearch #ethicalhacking #vulnerability #exploit #javascript #webhacking #bugbountytips #reportwriting #zeroday #cve #idor #xss #oauth #chatgpt #owasp #owasptop10 #ssrf #recon #ethicalhacking #portswigger #owasp #bugbounty #cve #cybersecurity #graphql #apihacking #developer #hackerone #jwt #api #subdomain #portswigger #bugbounty #bola #postman #podcast #pentesting #api #hack #bola #tryhackme #hackerone

You May Also Like

No Recommendations Found

No products were found for the selected channel.

AiChat Products Saved Account