3186
Talk and help about bugbounty
In Google Cloud Where is the main "Wordlist" of DirSearch !!?
It's not in share or lib or etc .!
Don't just end the test when u got 200 Ok look for any difference in the response time or application behavior and try to imagine what is happening on the back-end
Читать полностью…
Anyone want tryhackme voucher or hackthebox DM me
Читать полностью…
If you make the necessary contact, they can help you via tweet. There are currently 2 trainings available and you can easily become a web3 bug bounter.
Читать полностью…
https://x.com/hackenproof/status/1714315583305523486?s=46&t=CRexNFoeZNjVuk1SjlK05Q
Читать полностью…
Hey @headhunter7676 I hunt on hackerone and I've good knowledge about web security, pentesting etc. But I'm thinking about shifting to web3 because of the high rewards and low competition. Can you give me some advice? Is it worth to take this decision or continue with what i am good at?
Читать полностью…
https://youtu.be/kS8N2jKhItQ?si=upSAUNKOWHupdC1V
Читать полностью…
What are the things to consider when hunting on login page that passes the credentials in JSON format? I don’t have the credentials and the forgot password functionality required a valid email. I tried passing different values in the json parameter but didn’t work. Im still a new to the field so maybe im missing something i need to look into?
Читать полностью…
I am pentesting a website
And it have a login page for workers login
If we type any email id not belongs to its database it will throw an error saying email id not recognised
And it only have a input box to enter email address.and a submit button
And it have a hidden password field
A parameter is passing in post request also named "hidden_pw"
Is any way to expolit
I have tried email ennumeration but it has rate limit implimented .any one help me to understand the purpose of this parameter
I'm interested in web3 bug hunting
what resources can you share to help me
Hello all
I have a question: how to test the xpath inj parameter. I searched a lot on Google but did not get any results
Aws waf
Thanks man! Is it very difficult? I can only dedicate like an hour everyday as i have studies too and i work part time! Will it be enough to hit my first web3 bounty in a few months?
Читать полностью…
Hello friend, web3 companies are more generous in these matters. If you can visit the hackenproof website on this subject, you will find a few courses and many bug bounty awards.
Читать полностью…
Anyone wants Jason haddix The bug hunter course please DM
Читать полностью…
hello guys if the apps can be signed by the thirdparty apps. is this considered a valid bug?
Читать полностью…
hlo i find this i don't how to fruther exploit it
https://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html?m=1
here this article about it