Hard to find bugs in single scope programs but anyhow did it ,
@Bugcrowd
please send some wide scope invites 🙂.
I earned $4,500 for my submission on
@bugcrowd
#ItTakesACrowd
Recent finding on H1 :
Found admin login page , default credentials not working. Checked JS files ,found endpoint “api/app/components/admin/components/create”
Surprisingly due to no authentication I was able to create account and Perform admin actions .
#bugbounty
#hackerone
Few months ago someone shared a post about these firebase details usage to get some sensitive data , I am unable to find that post , if someone remember do share .
Note: I am not asking about the misconfigured database that exposes data by using /.json
#bugbountytip
The results are in!🥇
Congratulations to these 32 teams who will move on to the Group Round of the 2024
#AmbassadorWorldCup
! 🙌
The next round kicks off at the end of August! Stay tuned for the latest info, and read more about the AWC here.
Whom to reach for help if even after using bugcrowd RAR the ASE still agreeing with wrong decision of the company about scope eligibility?
@Bugcrowd
#bugbounty
#cybersecurity
Always run Waybackurls on subdomain giving 403 response to get all the JS files and check if any urls give 200 responses and check for API keys and tokens.
This is my first tweet and i will share my findings and my learnings here from now .
@Bugcrowd
@zseano
@VashuVats
@intigriti
@redbull
No bro 😂I was just joking, Redbull doesn’t give bounties nor bikes they gives drinks only. Bike is from hunting on bounty programs, I purchased it .
@InsiderPhD
@GodfatherOrwa
@bug_vs_me
@Bugcrowd
I never did that , I don't know why some of you are doubting and concluding without thinking twice. If 4-5 times asking for updates considered as spam then better to mention in that policy how many times it's considered spam.
You are supporting bugcrowd for a reason I know.
There are some API keys found in JS files that are very tough to figure out which service they belong to . Does anyone know if there is any way to figure it out. These API keys have no hint or any other information in the js file so that we can know the service.
@PhilippeDelteil
Exactly bro your are 100% correct, bug hunters have no power in there hands . Programs and platforms can really give you a lot of mental stress .
@AkashHamal0x01
Sorry but I disagree , we don’t know what is someone going through in their mind and what if they end their life ? Will now the statement ‘if someone is obese say so ‘ makes any sense . encouragement can do magic but bullying cannot do .