bugbountygroup | Unsorted

Telegram-канал bugbountygroup - Bug bounty chat

2114

Talk and help about bugbounty

Subscribe to a channel

Bug bounty chat

Hello hackers i have one problem if i try to recon and try to find the endpoints i use katana and waybackurls and gau. sometimes it gives false urls that are not working so how can i fix this issue

Читать полностью…

Bug bounty chat

If I have credit card information, how can I check if there is money in it?

Читать полностью…

Bug bounty chat

Refresh target for bug bounty

Читать полностью…

Bug bounty chat

https://portswigger.net/web-security/api-testing

Читать полностью…

Bug bounty chat

Hello I'm having doubts regarding SSRF

Generally ssrf present in data fetching mechanisms

If any url contains any form of data like files, ip address any third party link, images, etc there may be chance for SSRF

Mainly we have to check for the top 25 parameters that doesn't mean remaining urls are vulnerable if there are many urls we cannot go to every url placing our Collab url in it what to do in this scenario

Читать полностью…

Bug bounty chat

Only if you can bypass it to the admin panel functionalities or see any sensitive infos otherwise there's no affect so no bounty it's a normal thing to find an admin panel the problem is how to access it.

Читать полностью…

Bug bounty chat

🚨 Fresh SendGrid accounts are now available! 🚀

Читать полностью…

Bug bounty chat

🔰Rate limit bug worth $300 🔰

So, Lets Reproduce the attack
steps to reproduce:

1) First, you have to Signup an account on the website(your target)and make sure that your account exists on the website.

2) Now go to the Forget password parameter, Add email address which is already exists on the website server.

3) Then open the Burp suite, intercept the forget password request and send to the intruder also click on clear.

4) Now select the email address and click on add.

5) Move into the payload section and you can add same email multiple time like 100 or 1000.

6) Now click on start attack.

7) Go to the email account and refresh it so that you can check the bunch of forget password request on you email account.

No rate limit successfully done:)

Mitigation steps:

1 — IP Based Blocking
2 — Captcha
3 — Firewall
4 — Reducing the number of API requests

Читать полностью…

Bug bounty chat

Is there any bug related to gmail on forget password

Читать полностью…

Bug bounty chat

🔰 Find subdomains using RapidDNS

📃 Add this small function into your .bash_profile to quickly find subdomains using RapidDNS API:

rapiddns(){
curl -s "rapiddns.io/subdomain/\?full=1" \
| grep -oP '_blank">\K[^<]*' \
| grep -v http \
| sort -u
}
We can then use it like this:

rapiddns target.com

Читать полностью…

Bug bounty chat

If you know nothing about trading please permit me to introduce you to a good company that offers 9% of your capital daily they also trade with bot, you can withdraw profit daily if you are interested inbox me privately for the company link

Читать полностью…

Bug bounty chat

Which you have question?

Читать полностью…

Bug bounty chat

Burp suite proxy toggler firefox addOn

Install
| Source Code

Pros:
1. Open Source, FOSS
2. Totally Free
3. Just one click to switch (Saves a lot of time)
4. Easy to use
5. Very Lite Weight, Takes almost no RAM, Saves Memory
6. Pre-configured for Burp Suite Proxy
7. Specially made for Pentesters and Bug Bounty Hunters


Source Code | Firefox AddON Install»

Join Our Discord»

Читать полностью…

Bug bounty chat

This websites is open redirect vulnerable can i report it please anybody help

Читать полностью…

Bug bounty chat

https://vt.tiktok.com/ZS2gXj9BU/

Читать полностью…

Bug bounty chat

Hello brothers, I saw this path on a site. Is this considered a Vulnerability Can it be reported ?

Phpmyadmin Documentation
https://docs.phpmyadmin.net/en/latest/config.html

https://docs.phpmyadmin.net/en/master/setup.html

Читать полностью…

Bug bounty chat

Hi everyone, I'm new into bug bounty hunting, please I need someone who can guide me or recommend any course to me on Bug Bounty hunting 🙏

Читать полностью…

Bug bounty chat

https://secinfotech.io/responsible-disclosure/

Читать полностью…

Bug bounty chat

How can we exploit api

Читать полностью…

Bug bounty chat

Hi people i seeking a security analyst position job i have 3 years as freelance and 3 month as corporate exp and skills web , api , mobile network i can join immediatly prefered location delhi , noida , remote dm me for my resume

Читать полностью…

Bug bounty chat

i got a new laptop i need a mentor i want to learn pentesting with bug bounty who can help me?

Читать полностью…

Bug bounty chat

Instagram IDOR
Broken Access Control
https://www.instagram.com/reel/DAygW3Bh2yN/?igsh=MThzZjgxN2tlNHZ0Zg==

Читать полностью…

Bug bounty chat

🔰 Session Based Bugs - Old Session Does Not Expire After Password Change 🔰

1️⃣ create An account On Your Target Site
2️⃣ Login Into Two Browser With Same Account(Chrome, FireFox.You Can Use Incognito Mode As well)
3️⃣ Change You Password In Chrome, On Seccessfull Password Change Referesh Your Logged in Account In FireFox/Incognito Mode.
4️⃣ If you'r still logged in Then This Is a Bug

Читать полностью…

Bug bounty chat

Subdomain Takeover ?
10 Blogs explore about it

https://nickguitar.medium.com/hacking-nasa-critical-ssrf-subdomain-takeover-xss-699be0ce3c06

Hacker0x01/a-guide-to-subdomain-takeovers-ddebe0684a58" rel="nofollow">https://medium.com/@Hacker0x01/a-guide-to-subdomain-takeovers-ddebe0684a58

jeetpal2007/my-first-bounty-ever-from-bug-hunting-worth-100-subdomain-takeover-8047f2588b4f" rel="nofollow">https://medium.com/@jeetpal2007/my-first-bounty-ever-from-bug-hunting-worth-100-subdomain-takeover-8047f2588b4f

jeetpal2007/finally-received-first-bounty-from-starbucks-for-subdomain-takeover-5dbb46d56180" rel="nofollow">https://medium.com/@jeetpal2007/finally-received-first-bounty-from-starbucks-for-subdomain-takeover-5dbb46d56180

DrakenKun/how-to-find-subdomain-takeover-using-httpx-dig-5c2351d380b4" rel="nofollow">https://medium.com/@DrakenKun/how-to-find-subdomain-takeover-using-httpx-dig-5c2351d380b4

https://infosecwriteups.com/fastly-subdomain-takeover-2000-217bb180730f

BrownBearSec/what-i-learnt-from-reading-217-subdomain-takeover-bug-reports-c0b94eda4366" rel="nofollow">https://medium.com/@BrownBearSec/what-i-learnt-from-reading-217-subdomain-takeover-bug-reports-c0b94eda4366

https://gupta-bless.medium.com/exploiting-subdomain-takeover-on-s3-6115730d01d7


Join bugtips for bug bounty tips

Читать полностью…

Bug bounty chat

Follow Us..;)
https://www.instagram.com/ozans3curity/
ozans3curity" rel="nofollow">https://www.tiktok.com/@ozans3curity

Читать полностью…

Bug bounty chat

FlipperZero Hacking World’s 👨‍💻

https://www.instagram.com/reel/DAgZ-mvolZp/?igsh=MTc4ZzRvOXFhY3U2ag==

Читать полностью…

Bug bounty chat

is anybody here to help me

Читать полностью…

Bug bounty chat

IF OPEN REDIRECT EXISTS SO TRY TO FIND SSRF YOU CAN CHECK ON YOUTUBE HACKERONE REPORT ETC..

Читать полностью…

Bug bounty chat

Using the Flipper Zero to copy a Mifare Ultralight hotel key.
ozans3curity/video/7419632037058940161?is_from_webapp=1&amp;sender_device=pc&amp;web_id=7388426516612875782" rel="nofollow">https://www.tiktok.com/@ozans3curity/video/7419632037058940161?is_from_webapp=1&amp;sender_device=pc&amp;web_id=7388426516612875782

Читать полностью…

Bug bounty chat

I have found an admin login panel, so can I report it to the web site owner?

Читать полностью…
Subscribe to a channel