Colloraboration
Hello guys , looking for collaboration my background already 1000 points in hackerone clear verified profile , most of the bugs I reported was IDORS , looking to collaborate in long period time , making goals and learning path
https://redd.it/1g2q7re
@r_bugbounty
Cómo utilizar la IP accesibilidad de Chrome para detectar errores de seguridad
http://security.googleblog.com/2024/10/using-chromes-accessibility-apis-to.html
https://redd.it/1g2lhzm
@r_bugbounty
Compartiendo conocimiento
20 herramientas de recopilación de información muy avanzadas
➀ ➧ Network Map (nmap) - Network Scanner - https://github.com/nmap/nmap
➁ ➨ Maltego - Visual Link Analysis - https://www.maltego.com/
➂ ➩ Shodan - Motor de búsqueda de IoT - https://github.com/m4ll0k/Shodanfy.py
➃ ➫ Recon-ng - Marco de reconocimiento web - https://github.com/lanmaster53/recon-ng
➄ ➬ Spiderfoot - Herramienta de automatización OSINT - https://github.com/smicallef/spiderfoot
➅ ➮ theHarvester - Recopilador de correo electrónico y subdominio - https://github.com/laramies/theHarvester
➆ ➯ Amass - Mapeo de superficies de ataque en red - Español:https://github.com/OWASP/Amass
➇ ➰ RED HAWK: escaneo todo en uno: https://github.com/Tuhinshubhra/RED_HAWK
➈ ➱ ReconSpider: herramienta de recopilación de múltiples propósitos: https://github.com/bhavsec/reconspider
➉ ➲ OSINT Framework: recopilación de información: https://github.com/lockfale/OSINT-Framework
11 ➳ Infoga: recopilador de OSINT por correo electrónico: https://github.com/m4ll0k/Infoga
12 ➵ Striker: recopilación de información ofensiva: https://github.com/s0md3v/Striker
13 ➸ SecretFinder: buscador de claves API y secretos: https://github.com/m4ll0k/SecretFinder
14 ➺ Xerosploit - Kit de herramientas de pruebas de penetración: https://github.com/LionSec/xerosploit
15 ➼ FOCA: analizador de metadatos: https://github.com/ElevenPaths/FOCA
16 ➽ ReconDog: navaja suiza de reconocimiento: https://github.com/s0md3v/ReconDog
17 ➾ Metagoofil: extractor de metadatos: https://github.com/laramies/metagoofil
18 ⟶ Dracnmap: contenedor de scripts de Nmap: https://github.com/Screetsec/Dracnmap
19 ⟹ rang3r: escáner de puertos multiproceso: https://github.com/floriankunushevci/rang3r
20 ⟿ Breacher: buscador de paneles de administración: https://github.com/s0md3v/Breacher
https://redd.it/1g2g4w7
@r_bugbounty
how much did you make in the last year in BB?
is BB still worth pursuing in 2024? heard many people say it doesn't pay as much its used to be
https://redd.it/1g2agvf
@r_bugbounty
Need adviceon how to find bugs on web application and steps i should follow so i can become a successfull bug hunter.
Hi, My name is Lui walker. I am from india. I have been trying to find vunlerabilities in web application for many months and didn't find anything. I only know some of the vulnerabilities like SQLI, CSRF, XSS, Open redirection. I am learning new vulnerabilities everyday and also practicing old ones on platforms like portswigger labs, tryhackme. I have been trying to fing bugs on websites that are listed on hackerone but didn't find anything. Please give me some advise on how can i found bugs on these platforms and report them.
https://redd.it/1g207g8
@r_bugbounty
msrc or zdi for microsoft products
Hey guys, I’ve come across some vulns in Microsoft products and I’m kinda stuck on whether I should report them to MSRC (Microsoft’s own bug bounty program) or go through ZDI (Zero Day Initiative). Which one is better if I’m looking at it money-wise? Anyone here with experience on which one pays better or has better perks?
https://redd.it/1g1yf8x
@r_bugbounty
What is the impact of this?
Been reading to some reports and found this. https://hackerone.com/reports/2180018
What is the impact in here?
Are these kinds of reports still accepted today or they are NA?
https://redd.it/1g1tymg
@r_bugbounty
How a Simple Extension Transformed My Hunt for Hidden Endpoints
For the past few weeks, I’ve been going down this rabbit hole of finding hidden endpoints in websites by digging through JavaScript files. It’s become a bit of an obsession, honestly. 😅 I was doing it manually at first, trying to catch every endpoint, but it quickly got overwhelming.
Luckily, my friend, who's a cybersecurity dev, and one of his buddies were grappling with the same challenge. After discussing it, they had the brilliant idea to create a browser extension that could handle the heavy lifting. The more they talked it over, the clearer it became that this tool could automate much of the tedious work we were doing manually. So, they got to work, and before I knew it, the extension was born. It’s been a total game-changer for finding those hidden endpoints I used to spend hours searching for.
If you're looking to uncover more endpoints or hidden functionality on websites, you should definitely give it a try. They put a ton of effort into it, and it’s been incredibly helpful!
https://preview.redd.it/hxi8lty1z5ud1.jpg?width=1920&format=pjpg&auto=webp&s=94a0d98cc730e697d59f02106b468ebe5e67911e
https://github.com/AtlasWiki/EndPointer
https://redd.it/1g1fioq
@r_bugbounty
Will this be acceptable???
While Recon I got smb server , its in scope 100% .
I tried methods i know but didn't get listings.
tried brute force commons passwords but no luck .
But there's smb signing enabled but not required.
I've searched about it it's a common misconfig and acceptable in internal penetration testing.
But didn't know much about hunting what do guyz say???
https://redd.it/1g152fe
@r_bugbounty
Bug bounty collab?
Hello my dear bug hunters. I’m looking for someone to collab with on a BBP or VDP. Just trying to boost my motivation with some company.
https://redd.it/1g0edfu
@r_bugbounty
Checkout my report
Not sure if I’m a hacker or a QA tester.
https://hackerone.com/reports/2588329
https://redd.it/1g081p7
@r_bugbounty
Teenager Side Hustle
Hello everyone,
I'm only 16 and have no experience in White Hack Hacking but I want to start doing bug bounties as a side hustle during college.
Can someone give me some pointers on were to get started?
https://redd.it/1fzzk6d
@r_bugbounty
best tools to hunt on source code
Is there any best tool through which i can scan scan source codes for bugs and it also should not give false positive?
https://redd.it/1g2ovcs
@r_bugbounty
Bugcrowd ninja account
Hi can someone help me on how to create a bugcrowd ninja account. There are some engagements that require you to have a bugcrowd ninja account and I can't find any documentation/ steps on how to do that.
Can someone please help.
https://redd.it/1g2kx72
@r_bugbounty
Is this a vulnerability?
When I watch a video from a web sometimes, like when I resize the windows I can see my data in screen, my ipv6,name,mail,date, and site (domain web), I added a mutation observer to the main parent div video to see when this div with info is added, this div is added and remove instantly, like < 0,5s, but now in the developers console you can see the div with that data thanks to the mutation observer that prints it in console when it's added.
I don't know how to scale this , the networks tab in developers tool looks normal and I don't see how this can be vulnerable but is strange ASF, I tried to inspect UDP traffic from Wireshark but i don't have experience sniffing traffic and I just see random bytes though UDP, can someone help ??
https://redd.it/1g2d8v9
@r_bugbounty
Question on x-correlation-id header
I encountered a reflection issue with the X-Correlation-Id
header while using Burp Suite's Repeater functionality. Here's what I observed:
X-Correlation-Id: text.to.be.reflected
X-Correlation-Id:
text.to.be.reflected.3cebd5d9b95f4230ab992fcf605e3335
The HTTP response reflects the value sent in the request, appending it to a UUID generated for the process, which results in a 400 Bad Request
response.
I attempted to bypass this behavior using the following payloads, but I consistently received a 400 Bad Request
error (all of them were reflacted exaclty as they were written, no sanitization was made, and again the uuid was appended at the end on the response):X-Correlation-Id: 123%0d%0a%0d%0aNew-Header: value
X-Correlation-Id: {"id":
X-Correlation-Id: {"id": "
X-Correlation-Id: {"id": %0d%0a%0d%0aTest: value
X-Correlation-Id: %00%00%00%00
I also tried modifying additional headers, such as X-Csrf-Token
, but the response was the same: the values were simply reflected without any further processing, regardless of the symbols or characters used.
From my perspective, there doesn't appear to be an exploitable vulnerability here, as the server merely concatenates the input and reflects it, which seems to be a harmless misconfiguration rather than a security issue.
Do you have any additional insights or suggestions?
https://redd.it/1g23wzs
@r_bugbounty
Learn bug bounty
I am new to bug bounty,I want to learn bug bounty from where I start the bug bounty.
https://redd.it/1g228gc
@r_bugbounty
Discovered a Vulnerability in Dimensiva.com - Looking for Advice on Next Steps
Hey everyone,
I’ve run into a bit of a dilemma and could really use some advice on what to do next.
For context, I’ve been a PRO subscriber to **Dimensiva.com**, a platform that offers high-quality 3D models for designers. As part of my workflow, I was trying to automate the download process for my purchased models to streamline building my library. While writing a script to do this, I accidentally discovered that I could download all the models - both free and paid - without any authentication or a PRO subscription. It seems like the site doesn't actually check if you're logged in or have paid for the content before allowing access to the files.
To be clear, I have paid for my subscription, but this feels like a pretty significant security oversight. I didn’t intend to exploit anything, but I realized that this script effectively bypasses their paywall, which obviously raises some ethical and legal concerns.
I’ve tried reaching out to the site owner via LinkedIn and email to report the issue (nearly 2 months ago), but I haven’t received any response yet. Now, I’m not sure what to do next, and I really want to handle this responsibly.
Here are my questions:
1. Has anyone else dealt with a similar situation where a paid platform has a security vulnerability like this?
2. Is there a more effective way to get in touch with the site owners, or some other method I should consider?
3. Should I report this to some kind of cybersecurity group or authority?
4. What are the potential legal or ethical implications if I leave things as they are or continue exploring the vulnerability further?
I really don’t want to exploit this in any way - I just want to make sure the issue is fixed properly. Any advice or direction from those who’ve been in similar situations would be super helpful!
Thanks in advance!
Disclaimer: This is not a request for advice on how to exploit this vulnerability. I’m looking to address this in an ethical and responsible manner, and I’m hoping to help the platform fix it.
https://redd.it/1g1zxi3
@r_bugbounty
blind SSRF
I received a call back in my burb collaborator and I don't have much idea how to go further in testing the vulnerability.
I am little new to this bug can anyone help me?
https://redd.it/1g1xgep
@r_bugbounty
confused about scanners
i see a lot of programs say dont use scanners which obviously is fine, but does this include nmap? and if so , how do you guys find like services or ports? whenever i wanna do a bug bounty i end up not trying cause im not sure about this, and i dont know if i can use nmap or not or if theres a passive option.
https://redd.it/1g1n67u
@r_bugbounty
Collaboration
Anyone needs a team or have a team who can have a use of another member
https://redd.it/1g1cw8w
@r_bugbounty
Has anyone got experience with hackerone mediation?
Hi!
I sent a mediation request roughly a couple of weeks ago and I am yet to hear back. Has anyone else here got experience with hackerone mediation and their response times? I sent the mediation request because a program did not admit that a DOS bug was a DOS bug and denied it being a security issue despite me showing clear proof of DOS.
Thanks in advance!
https://redd.it/1g0vfd0
@r_bugbounty
Bug bounty hunting help
i'm a CS student i'm currently learning Network+ and i'm familiar with using linux and some programming knowledge , i want to know how and when to start bug bounty hunting is there a roadmap, i know basic Networking(Basics) for now and linux(Intermediate) and some programming(basics) , also took the Comptia A+ course , thanks in advance
https://redd.it/1g0j88f
@r_bugbounty
Should i submit a new report after a fix even tho the state didn't change to "resolved" yet ?
I submitted a xss which was a dup and was marked as "unresolved", they fixed it now, but i don't know if they change the state on dup submissions too, should i submit in a new report the new bypass that i found ?
https://redd.it/1g0f5oi
@r_bugbounty
Getting started with bug bounty
Hello guys. In the near future I do want to do bug bounty. For now I'm in my masters in cybersecurity. I'm an extremely disciplined and hard working individual.
In the near future I want to do bug bounty, but for now I'm trying to get a job as a SOC.
Any suggestions? Where to start? I'm in no hurry and want to take my time learning and developing.
https://redd.it/1g08yan
@r_bugbounty
Kiddo's first "bug" bounty
Today, I paid my kiddo their very first bug bounty—a $2 bill! While I told them it was most certainly going to be their last payment for a while, money wasn't the point of something like this.
It all started with a little Raspberry Pi I had set up, complete with parental controls set on the router. Somehow, my kid managed to bypass them, but couldn't resist showing me after he'd done it.
Turns out, he’d watched YouTube videos about common security flaws, and picked up a few tricks—like guessing our admin password by trying the same one we use for our WiFi. He found a website I think was called "My router login" with default usernames and passwords that worked with our router. By combining one of those with our WiFi password, they got in.
But then, I remembered. About a year ago, I got a call from the school. They said, "We lost the internet today, and someone saw your kiddo 'hacking' right before it happened." An IT person was there too, and they sounded pretty serious. I reassured them, “There's no way a 10-year-old could hack the school’s network." We’ve done basic HTTP programming, and he gets frustrated with syntax errors, so I know his skill level pretty well.
But now, after seeing what happened with our router, I wonder if the school had also left a default password set. He probably used the same method he found on YouTube and “hacked” his way in because of a weak / default username and password. Who knew public schools could be so vulnerable? And I had no idea I was inadvertently getting him out of trouble! I felt confident telling them at the time: "I'm an IT student, and we're hacking things in class, there's no way a kid can do this, it's very complicated stuff".
Lesson learned: never underestimate the tenacity of a curious ten-year-old kid and risks posed by failing to change default usernames and passwords! Your internet might go out for a day!
https://redd.it/1g07txr
@r_bugbounty
I will start manual hunting for reflected XSS tomorow
Hi, I just need advice on a few things before I get started.
First I want to ask this: I have more than 25 000 endpoints with user controlled input. Most of them are on the main domain (bug bounty program has a small scope) and there are so much of them because site has it's version in 6+- languages
Site uses CSP-report-only. And important characters are not sanitized when I send them without any encoding (< is displayed as <), so I already have a lot of XSS that cannot be exploited because all browsers use URL encoding.
Can you tell me with certainty that there is XSS somewhere and I just have to find it?
The second thing are my findings what I learned from reflected XSS labs:
1. Automated tools were 100% successful in finding user c. input, so I assume that there is no point in searching for them manually
2. Dalfox was 100% successful in finding character escape in HTML context and there it is a must for XSS. So I should focus mainly on JavaScript
3. I don't need to find the character escape for everything in the payload, because sometimes the payload is executed even if it's part is URL-encoded.
Are my findings correct? And is there anything else I should know?
https://redd.it/1fzxq5p
@r_bugbounty