Geluchat's Avatar

Geluchat

@gelu.chat

Baptiste Devigne | Bug Bounty Hunter | Most Impactful Team H1-0131 (AWS) | Eradicator H1-6102 (Salesforce) ๐Ÿ”—My blog https://gelu.chat/

788
Followers 125
Following 3
Posts 05.08.2023
Joined
Posts Following

Latest posts by Geluchat @gelu.chat

Post image

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! ๐Ÿ”ฅ

The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs ๐Ÿ‘‡

gmsgadget.com

1/4

24.07.2025 15:31 ๐Ÿ‘ 23 ๐Ÿ” 13 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
Preview
Finding Freedom, One Bug at a Time: My Journey from Pentester to Full-Time Hunter After seven years in pentesting, I transitioned full-time into bug bounty hunting, leveraging deep experience and continuous learning. This article shares key moments and insights from that journey.

Today was my last day as a pentester at Bsecure. After a three-year journey of hunting on the side, Iโ€™m ready to go all-in as a full-time bug bounty hunter. You can read about my journey from pentester to full-time hunter here: gelu.chat/posts/from-p...

04.07.2025 15:09 ๐Ÿ‘ 23 ๐Ÿ” 7 ๐Ÿ’ฌ 3 ๐Ÿ“Œ 0
Post image

With @gelu.chat, we created a challenge for the @pwnmectf inspired by a bug he found in bug bounty a year ago! ๐Ÿš€

If you have some time this weekend, give it a try! ๐Ÿ‘€

๐Ÿ‘‰ pwnme.phreaks.fr

28.02.2025 21:23 ๐Ÿ‘ 14 ๐Ÿ” 4 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 1
Post image

Apparently, navigating to a javascript: URL returning a string will write it as HTML to the DOM. This allows for an interesting XSS payload:
x.com/icesfont2/st...

05.12.2024 11:52 ๐Ÿ‘ 12 ๐Ÿ” 2 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Check out the blog post for a full writeup and some other cool stuff :)
bsky.app/profile/jori...

27.11.2024 16:02 ๐Ÿ‘ 1 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

My challenge has been out for about a week with only one half-intended solution, so here's my solution!

27.11.2024 16:02 ๐Ÿ‘ 1 ๐Ÿ” 1 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
Post image

My latest blog post is live! nastystereo.com/security/cro...

Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon

27.11.2024 09:10 ๐Ÿ‘ 79 ๐Ÿ” 29 ๐Ÿ’ฌ 3 ๐Ÿ“Œ 4
Preview
XBOW โ€“ SSRF & URI validation bypass in 2FAuth XBOW discovered a Server-Side Request Forgery (SSRF) vulnerability in the OTP preview feature of the open-source project, 2FAuth.

Iโ€™ve to say that Iโ€™m impressed by how @xbow.com managed to identify this SSRF vulnerability (and bypass a MIME filter on its way) ๐Ÿค–

24.11.2024 14:38 ๐Ÿ‘ 17 ๐Ÿ” 13 ๐Ÿ’ฌ 2 ๐Ÿ“Œ 1
Post image

Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...

22.11.2024 05:50 ๐Ÿ‘ 51 ๐Ÿ” 24 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0

Nice idea, I would love to be on the list!

23.11.2024 17:32 ๐Ÿ‘ 2 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
EP 163 | DomPurify & Bootstrap n-days + Frontend tricks Ft. @Geluchat, @kevin_mizu
EP 163 | DomPurify & Bootstrap n-days + Frontend tricks Ft. @Geluchat, @kevin_mizu YouTube video by Laluka

P1/3 : DomPurify & Bootstrap n-days + Frontend tricks Ft. @geluchat.bsky.social @mizu.re ๐Ÿ˜˜
www.youtube.com/watch?v=fnYS...

22.11.2024 16:58 ๐Ÿ‘ 2 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 1

I've just published 'Smashing the state machine: the true potential of web race conditions'! Dive in to arm yourself with novel techniques & tooling, and help reshape this attack class:
https://portswigger.net/research/smashing-the-state-machine

09.08.2023 19:30 ๐Ÿ‘ 6 ๐Ÿ” 6 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0

Hello World \o/

05.08.2023 21:37 ๐Ÿ‘ 8 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0