I earned $2,500 for my submission on
@bugcrowd
💝
Tip : "GET request for XML not found" changes the request to POST with XXE payload.
#ItTakesACrowd
#bugcrowd
Account takeover worth $$$$
1. Created account on website using test mail id
2. Upload private document like resume and photos
3. Same site having android app > Created account using same mail id but different password
1/2
#bugbountytips
#bugbounty
#infosec
In February I submitted 27 reports to 6 programs. Bugcrowd 93.3 success rate
Special reports : Sony , Facebook
Tip : just deeply follow
@GodfatherOrwa
write-ups,videos
#bugbounty
#bugbountytips
I just published My First RCE from N/A to Triaged (CVE-2021–3064)
THOSE WHO ARE ASKING FOR POC PLEASE READ MY BLOG THANK YOU
#bugbounty
#bugbountytips
#infosec
This was interesting.
Tip : found a subdomain target-internal. com
signup/in functionality was there so its obvious p1 just signup and can easily see internal data but i tried xss so register again but in name field put xss payload
1/2
#bugbounty
#bugbountytips
Guessing I made a silly mistake , what I did was discover origin ip and no waf was there so got .env access exposing credentials, I made only one report should I made another report telling that origin ip disclose??
#bugbounty
reported /.git exposed to private program and they said
In order to be a triaged issue a submission must demonstrate an impact that can have an effect on the customer, or its users. Submissions should always answer the question "as an attacker I could",
1/2
#bugbountytips
If you see your Target scopes are full of dead subdomains, then you should do a FULL Port scan & IP permutation you will see a huge difference and become closer to Bounty. (Don't try in akamai waf & cloudflair it will waste your time waste)
Happy Hunting!..
Tip of this submission: track every endpoint/parameters you see in a subdomain --> use Arjun/kxss/paramspider tool --> reflected param --> automation then manual trying for XSS/SQLi --> bounty
I'm testing a target there is an option called add video link so after that in collaborator showing http response but there is my public IP is it acceptable what else should I do?
#bugbounty
#ssrf
P4 in 5 minutes. This was also found using my phone
Recon is best when you are bored.
Already shared shared tip in last posts.
#bugbounty
#bugbountytips
If a Sub-domain allows only target email to register/login but not Normal email, I have a situation where
Demo_acc1
@gmail
.com not allowed to register but
Demo_acc1
@target
.com is accepted and can register
Is this a Vulnerability?
#BugBounty
Found self,dom Xss on whole CIDR range of a program 💀 in cookie param
mp_id=xss payload , need good possible Way's to make it stored or reflected.
#bugbounty
#xss
How addictive is Bug Bounty so, today I was at barbershop waiting for my turn & apparently I found directory listing & .env file on a BC program with my phone which contains AWS,Keys. reported DL turns to P5 & SDE P4 cause it was expired.
#bugbounty
#bugbountytips
@x_hosein_x
@n__Neo
Crt(.)sh, security trials & shodan
Get ip and subdomains catch one interesting subdomain I can't able to extract urls from it so I use a powerful tool called acunetix it gives me hint that it can be vuln to xss I passed that endpoint to intuder with custom script than got a Xss
hii so i founded a github recon with login pass, and it allows me to see all internal employees files etc
and i saw few of them its exposing everything but they don't have bugbounty program what should i do😖.
#bugbounty
#bugbountytip
#infosec
1/2
Bro 🙏🏽🙏🏽🙏🏽🙏🏽 please release or DM, your 1-2 POC video's of idor and logic flow I know you are best in it ❤️❤️❤️🥺😭😭 thanks in advance
@AkashHamal0x01
#bugbounty
@harshbothra_
Here is one liner that i use most for my xss recon (secret). For tools I'll say I don't use a specific tool but my Recon starts from security trials, crtsh, my favorite for interesting subdomains definitely try ports scan and then higher possibility of P3 to P1 bugs
@krishnsec
1.Customer ne triager ko private message krke apni aukaat dikha di 😂
2.Customer ne OOS domains bina announcement kiye dusre hunter ko bounty de kr aukaat dikha di
3.Triager ne same parameter bug different domains ko self duplicate krke apni aukaat dikha di