Why this payload does not work
i have a search bar that takes query and search it through an OSD dataset, the search also has filters
those two parameters (search and filter) encode on the HTML page when get reflected but in the URL they don't encode except /
so now I tried this payload but I do nothing
x.example/test?fil=javascript:confirm(1);&q=test
i know that javascript protocol should execute and it has nothing to do with reflecting in HTML page so please explain this more to me if I'm wrong and how to make it work
(q) parameter can take the same payload but gives me this warning "The query is invalid : Field javascript doesn't exist"
but (fil) parameter takes the payload just like I mentioned above without encoding but do nothing
https://redd.it/1fko3sk
@r_bugbounty
Reporting confidential PDF on VDP
Hi, I am currently doing a VDP. I was using Google Dorks for a while and came across a PDF file which had texts of "Confidential or for Internal Use Only". From the results, I could read some lines of its contents, but when I tried to open it, I got a 403 (Forbidden) error, indicating that I'm not authorized to access it.
I have a question:
* Should I still report this as a finding, or I have to bypass the 403/download the file and then report it?
https://redd.it/1fkgqh3
@r_bugbounty
Your Daily Routine: Time Spent on Bug Bounty Hunting and Learning
I'm curious about how many hours you dedicate daily to hunting and learning in bug bounty programs. What does your routine look like?
https://redd.it/1fk9ey5
@r_bugbounty
How To Start?
hello, I've been interested in this domain for a while, I'm a true beginner, i know little things about coding, and I wanna start? so how to start? and is this domain still worth diving into?
https://redd.it/1fjrk1q
@r_bugbounty
Screen time bug. How to report it? Help needed
I have found a way to bypass Apples screen time on all apps. I wonder how to report the bug to apple. And if i can get something for finding it?
I didn't know where to post this
https://redd.it/1fjoqkv
@r_bugbounty
Found a vulnerability on a website
So basically I was on this website and I found the username pattern so like first user would have E5, then the second E10, the third E15 etc... And all of the accounts passwords are 123456, this is quite a serious threat as I literally have access to over 850 accounts on which I have their full name, phone number, email, birth date and current grade theyre in (its a school website, online schooling) also have direct access to their chats with their teachers as well as their lessons and homeworks which I could delete, replace with malware for the teacher to download and stuff which I wont do but just to show you how bad it is. On the way, iv realized that the website does not have ANY rate limitations, iv logged on like 500 accounts with the same IP adress in the span of 2 hours and didnt get limited whatsoever, also tried brute forcing my own account to see if there was any rate limitation on that and there wasnt any. Id assume this is a severe vulnerability and Id like to let them know about everything on a report, Id like of course a financial reward for that but how much should I ask or should I even ask ? Like idk just let me know (they dont have a bug bounty program)
https://redd.it/1fjohwj
@r_bugbounty
Bug bounty writeups,aren't they a disclosure policy violation ?
Some companies may disclose their reports, but others , are very strict about not disclosing any of the issues found on their products, even informational findings.
I see a lot of writeups talking in detail how they were able to find this and able to exploit that, and they include screenshots and the only information they censor is the domain.
Isn't this a violation to the disclosure policy ?
https://redd.it/1fjhqt6
@r_bugbounty
Report Closed as Informational, Seeking Advice
I had a report that was initially marked as medium severity but was later closed as informational by the company. The issue was classified differently than expected based on available documentation.
I’m looking for advice on how to handle this situation. How can I effectively address the discrepancy or request a re-evaluation? Any suggestions or insights would be greatly appreciated!
https://redd.it/1fj7hhu
@r_bugbounty
Nginx Forbidden 403
Did you bypass nginx 403 page before
If yes share with us you experience
https://redd.it/1fiyz7i
@r_bugbounty
Brave: 404 on normal, 403 on tor, what is the best browser for bug bounty?
I use brave as daily and I use it when I do bug bounty too. I noticed this thing on some websites, when ı search a website without brave's tor it gives me 404 but not hand-made 404, just browser giving HTTP ERROR 404 on a black screen, but when I use tor it gives 403. I tried other browsers like firefox and burps chrome, they mostly give 404. I really wonder why. For the second question, what browser do you think is better for hunting? I know theyre not so different, but maybe they are.
https://redd.it/1fit48m
@r_bugbounty
Is this considered exposed files or not ?
I have found an endpoint "example server dev files" that has the following:
All the js files of all the websites and apps of the program along with all the resources used and every release from 2021 to 2024 and it has the development part and the production part with the status of every detail which is under testing or in progress or ready
There is even a part that is restricted but the download zip file is accessible and I can download and view all the js and resources of this part
NOTE: No PHP files
do you think this is considered a source code bug that is worth reporting?
if yes, what is the severity?
https://redd.it/1fimjbo
@r_bugbounty
How to star bug bounty need some help and proper guidance (scammers stay away)
As a beginner I want to learn how to do bug bounty can anyone from the community guide me. Please
https://redd.it/1fifiw9
@r_bugbounty
Rate limit bypass on login page.
Few days ago I found that login page of the program I was testing blocks password spraying after 4 attempts with 403 so to test if I can bypass it I used header manipulate technique with header like,
X-Originating-IP:
X-Forwarded-For:
X-Remote-IP:
X-Remote-Addr:
X-Client-IP:
X-Host:
X-Forwarded-Host:
And I wrote a script to expedite the process and some variation of these headers were able to bypass the 403 . So I submitted the report with the script results but I didn't persistent and brute force to login. But h1 triager in response marked this issue as out of scope. With following message, "The statement above indicates that a PoC that demonstrates impact against confidentiality, integrity, and/or availability must be provided. Your effort is nonetheless appreciated and we wish that you'll continue to research and submit any future security issues you find".
What should I do?
https://redd.it/1fi9ssd
@r_bugbounty
Discovered a way to see people’s stories without being seen
Hey guys i wanna ask a question I’m not even sure this is the right place to ask or not but if anyone has an idea it would be a big help. So about 4 to 5 years ago a discovered a way to see people’s stories on instagram without
using any third party apps or sites and you can see the story normally not like half of look or something so i contacted instagram like 5 years ago and they never responded back when i told them about it nor fixed it, i waited for years for people to find out about it but nobody ever did and I’m wondering should i contact meta again since it’s been so long and try to get a reward or should i share it with the everyone. Thank you guys for your time and help
https://redd.it/1fhsrc8
@r_bugbounty
Can someone help me to find bugs in this site https://www.g2a.com/best-deals/borderlands-games please teach me and also teach me how to decode these hash codes in this pic
https://redd.it/1eowory
@r_bugbounty
Preparation for yogosha
How can I prepare for yogosha ctf, I know it is not allowed to share information but can anyone please let me know, where can I prepare like hackthebox some boxes or any similiar ctfs to test skill before yogosha ctf and other tips are appreciated thanks
https://redd.it/1fkinnu
@r_bugbounty
Inappropriate user handle?
Hello I'm a total newb and am starting out on my path of bug bounty hunting.
Is there any bad stigmas with choosing a username like "Loves2Steal" or "TeachMe2Steal"?
Personally I like to have fun while I'm working and that kinda humor makes me laugh. I myself don't think it would matter much if I'm putting in work and producing results but ChatGPT seems to believe otherwise saying it doesn't look professional, there may be a bad perception from companies, and it's best to look at long term considerations blah blah blah....so I'm here asking you fine folks.
Again...I don't see what the big deal would be especially if I am being professional in my work.
What does the hive mind say?
https://redd.it/1fkcak6
@r_bugbounty
Curious About Your Bug Bounty Hunting Techniques
I’m looking to refine my bug bounty hunting approach and would love to hear about your methodology. What techniques or strategies have you found most successful? Any insights on resources you recommend?
https://redd.it/1fk9gyc
@r_bugbounty
Why new cves got accepted
Most of the program said they don't accept new CVE before 3 months but many hunters report new CVEs and got paid.
How does that work?
And Why is that so??
https://redd.it/1fjrc2x
@r_bugbounty
How to create support ticket on meta bug bounty program????
https://redd.it/1fjpd2a
@r_bugbounty
Searching bugs
Hey there im searching for some bug hunter that could help me fin any bug in a friend of mine website. hit me up with ur discord if ur interested
https://redd.it/1fjkh80
@r_bugbounty
manually searching for vulnerabilities?
i've seen a lot of people suggest manual vulnerability scanning rather than using an automated one to avoid any issues with blocking, how do people search for advanced vulnerabilities manually though? obviously i know about the more simple ones but what about when people use the terminal for RCE?
https://redd.it/1fj70mn
@r_bugbounty
Domain hosting
What hosting service you use for your cors domain
https://redd.it/1fj0mx5
@r_bugbounty
Found leaked financial data of 1M users. How can I monetize it?
Found leaked financial data of 1 million users, how can I monetize it?
I've found >100TB of financial data from one of my scraping sources.
It contains records like bank statements, kyc documents etc.
I'm yet to download all the data.
What I should do, considering I want to monetize on it?
The firm is Indian, and only has Indian users.
PP: I don't want to scam people. I just don't want to send the email to organisation, and them sending me a thank you email and fix their loophole and forget.
https://redd.it/1fiwg1d
@r_bugbounty
AI can help in bugbounty and cybersecurity ?
If anyone knows what be end result of AI in bug bounty is or shares their experience if they have used it in the cyber security domain then it will be a great help to work on AI & Bugbounty. I had used Chatgpt and black-box to understand stuff and to brainstorm but I still needed a human touch in AI-based solution in security.
https://redd.it/1fipwv2
@r_bugbounty
how do I get into this?
hello wats the best way to get into bounty hunting/hacking :( really interested and willing to be dedicated.i want the powerrr. also should I learn c for hacking ?
https://redd.it/1fijg2r
@r_bugbounty
haw much ram do u have?
title. and it is enough or will upgrade in the future? i have 8gb and i cant do anything because of it so thats why iam asking
https://redd.it/1fibni2
@r_bugbounty
how to solve this error in SQLmap tried --random-agent and --tamper-
https://redd.it/1fi5s66
@r_bugbounty
OffSec OSCC Cert
Anyone take the new OffSec SEC-100 and OSCC cert? I have my comptia sec+ and looking to learn more hands on and get another cert. OSCC and the SEC-100 course looks like a good next step. Although $799 is a a lot for an entry cert. But it has a lot of content and some web app hacking content to help me get started with Bug Bounty. If anyone is taking the course, would appreciate your feedback.
https://redd.it/1fhqw6r
@r_bugbounty
Confused
I have a question, is adding parameters affect to find access control vunerability like email, user_id, etc or just cookies, can you give me some advice on access control as I have been trying it for more than 2 months
https://redd.it/1eoutzu
@r_bugbounty
