3186
Talk and help about bugbounty
new writeups !!!
View billing information using IP Rotation!
Read - https://rhymeus.blog/2024/04/view-billing-information-using-ip.html
I also came across a RBAC. Any idea on how to bypass? I don't think fuzzing would help
Читать полностью…
Just search wordlist for the purpose you want there are many GitHub pages with great wordlists or you can use Chatgpt to create one for you ✌🏻🌚
Читать полностью…
Instead of 404, fuzz 403 try to bypass it.
403 has more credibility if bypassed than 404.
For 404, you can try fuzzing but just inspect first which type of pages the website is using that can narrow down your approach for wordlists.
For Example: While scrolling a website and traversing it's different pages you get to know that website is using .aspx or .php or some extensions like that for about us and sitemap.xml too.
I remembered running sqlmap on request form and it shows that a particular is likely vulnerable to reflective xss
Читать полностью…
waybackmachine, google, github (dont forget for gist.github.com), content discovery
Читать полностью…
New XSS Bypass Cloudflare WAF 🧱
Payload : %3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
Looking for collaboration partner on a paid job.
Читать полностью…
This blog might help you for the Role Based Access Control Bypass
Link 🔗: https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.bugbountyhunter.com/hackevents/report%3Fid%3D885&ved=2ahUKEwiEuLWqwdaFAxUhzzgGHaOdB-EQFnoECCAQAQ&usg=AOvVaw1_Sbdrsv1Awf3jzfgsz34V
Thanks for the response.
I actually reported it and it was changed from critical to medium (Traiged) but I'm not okay with it being a medium.
The js file reveals a lot of endpoints too but whenever I try accessing the endpoints, it shows authentication token missing.
Try escalating it more or else it will go in Informative vulnerabilities or very minimal bounty or points depending on the platform you are reporting.
Читать полностью…
Hello hunters, while inspecting a js file, I found Names, Email addresses and Role : Admin, Signup date. Should I report it?
Читать полностью…
Sn1per is also good option as it does all the work on its own!
You just have to have all the tools required for it
One more question please, how can I use Burpsuite to detect if my target is vulnerable to sqli?
Читать полностью…
Thanks. I was able to use waybackurls.
My question: Any tools to check for sqli and XSS from the urls Please?
nuclei, wfuzz or ffuf for automation content discover. https://github.com/tomnomnom/waybackurls for endpoints from waybackmachine
Читать полностью…
also you can try to search endpoints from other subdomains or look in js files in other subdomains
Читать полностью…
Hello hunters, how can I get endpoints for a third level domain?
Waymore and gau aren't working
bug.dev.bounty.com
hello hackerone hackers
if you are "Clear/ID verified" can u share how much ((BBP)) invites u have for each category ?
i want to know if it's really worth applying!
u can check from this links:
"ID verified" https://hackerone.com/opportunities/all/search?bbp=true&idv=true
"Clear verified" https://hackerone.com/opportunities/all/search?bbp=true&h1_clear=true
Any body willing to collaborate on a paid project?.
Читать полностью…