Channel: R_bugbounty
Should I report a POST request XSS Vulnerability?
I found a Cross Site Scripting (XSS) Vulnerability that is exploited from a POST request, not GET. As it is a POST request I do not understand how an attacker can exploit it, and if i should report it or not.
edit: Reflected XSS
https://redd.it/1d1yj62
@r_bugbounty
I found a Cross Site Scripting (XSS) Vulnerability that is exploited from a POST request, not GET. As it is a POST request I do not understand how an attacker can exploit it, and if i should report it or not.
edit: Reflected XSS
https://redd.it/1d1yj62
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Need to know what to do after figuring out subdomain can be taken over
Hi Everyone,
I am new to the bug bounty and I was going through this OWASP guide: https://github.com/OWASP/www-project-web-security-testing-guide/blob/master/latest/4-Web\_Application\_Security\_Testing/02-Configuration\_and\_Deployment\_Management\_Testing/10-Test\_for\_Subdomain\_Takeover.md
I also read multiple posts on this but I am stuck on what to do after we found out via Dig that the domain status is NXDOMAIN and if the domain is not on the github or AWS, what to do in those scenarios to write a report with POC that it can be takenover?
https://redd.it/1d2ftdc
@r_bugbounty
Hi Everyone,
I am new to the bug bounty and I was going through this OWASP guide: https://github.com/OWASP/www-project-web-security-testing-guide/blob/master/latest/4-Web\_Application\_Security\_Testing/02-Configuration\_and\_Deployment\_Management\_Testing/10-Test\_for\_Subdomain\_Takeover.md
I also read multiple posts on this but I am stuck on what to do after we found out via Dig that the domain status is NXDOMAIN and if the domain is not on the github or AWS, what to do in those scenarios to write a report with POC that it can be takenover?
https://redd.it/1d2ftdc
@r_bugbounty
GitHub
www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10…
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals. - OWASP/www-project-web-security-testing...
New into ethical hacking
Hi, I just started learning ethical hacking. Currently working on basic Linux and networking. Next up I am going to do bash scripting and Python and give 1-2 hours daily. At this pace, when will I be able to start bug bounty hunting and what type of skill other than these will I require? And as a beginner, how much can I earn?
https://redd.it/1d2jkjw
@r_bugbounty
Hi, I just started learning ethical hacking. Currently working on basic Linux and networking. Next up I am going to do bash scripting and Python and give 1-2 hours daily. At this pace, when will I be able to start bug bounty hunting and what type of skill other than these will I require? And as a beginner, how much can I earn?
https://redd.it/1d2jkjw
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Hackerone public program disclosure after 180 days?
If you reported a vulnerability to a vendor as part of a public program in HackerOne and it was fixed more than 6 months ago, and the vendor is not replying to disclosure requests. Are you free to disclose the vulnerability? according to https://www.hackerone.com/disclosure-guidelines It seems so - am I missing something?
"Last resort: If 180 days have elapsed with the Security Team being unable or unwilling to provide a vulnerability disclosure timeline, the contents of the Report may be publicly disclosed by the Finder. We believe transparency is in the public's best interest in these extreme cases."
https://redd.it/1d2k3dv
@r_bugbounty
If you reported a vulnerability to a vendor as part of a public program in HackerOne and it was fixed more than 6 months ago, and the vendor is not replying to disclosure requests. Are you free to disclose the vulnerability? according to https://www.hackerone.com/disclosure-guidelines It seems so - am I missing something?
"Last resort: If 180 days have elapsed with the Security Team being unable or unwilling to provide a vulnerability disclosure timeline, the contents of the Report may be publicly disclosed by the Finder. We believe transparency is in the public's best interest in these extreme cases."
https://redd.it/1d2k3dv
@r_bugbounty
Hackerone
Vulnerability Disclosure Guidelines | HackerOne
Follow our Vulnerability Disclosure Guidelines and understand what action you should take after discovering a security vulnerability.
I have just released a Full ASN Recon video. Many of you already know where to get ASNs but do you know what to do with them? 🤔 Many glance over the networking aspects.. in web-security. But trust, with this, you can increase your chances finding a bug.
https://youtu.be/ez9lZmI350o?si=vjVoCJYmY7hBMSG4
https://redd.it/1d2jp79
@r_bugbounty
https://youtu.be/ez9lZmI350o?si=vjVoCJYmY7hBMSG4
https://redd.it/1d2jp79
@r_bugbounty
YouTube
Full ASN Recon | What to do with them? 🤔 | Open Ports // Juicy Subdomains
This is a video based on Full ASN Recon. You may have came across videos showing how to get ASNs (Autonomous System Numbers) using BGP. But not seen anyone explain what you can do with ASNs and you can do and find ALOT of stuff.. with these. This is another…
Knowledge Base
I'm looking for a few opinions from people who have experience in offense security.
When starting out, is it better to focus on a single specific vulnerability and gain (some) expertise, or, is it better to build a wide base of knowledge with a shallower understanding?
For reference, I have my eJPT and am working on eCPPT, with plans to tackle OSCP shortly.
I flip between building a wide base and finding something "that clicks" for me eventually, and, digging into something I immediately find interesting (or has been suggested on one of the thousands of lists as good areas to start). Just wondering how the more experienced people got to where they are.
Thanks for your time, have a wonderful day!
https://redd.it/1d2nx9j
@r_bugbounty
I'm looking for a few opinions from people who have experience in offense security.
When starting out, is it better to focus on a single specific vulnerability and gain (some) expertise, or, is it better to build a wide base of knowledge with a shallower understanding?
For reference, I have my eJPT and am working on eCPPT, with plans to tackle OSCP shortly.
I flip between building a wide base and finding something "that clicks" for me eventually, and, digging into something I immediately find interesting (or has been suggested on one of the thousands of lists as good areas to start). Just wondering how the more experienced people got to where they are.
Thanks for your time, have a wonderful day!
https://redd.it/1d2nx9j
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Getting started
Hi guys I want to get started with bug bounty as a hobby and found out this tutorial https://youtu.be/wMOMy5gsDI?si=hQS7OznoLGAHWt8.
Also i have 2 years of experience in Web dev ( mainly backend ) and know my way around computers. All of the things in the video I know about but just know what they are.
Also would be great to reccomend resources for getting started
https://redd.it/1d2tm6f
@r_bugbounty
Hi guys I want to get started with bug bounty as a hobby and found out this tutorial https://youtu.be/wMOMy5gsDI?si=hQS7OznoLGAHWt8.
Also i have 2 years of experience in Web dev ( mainly backend ) and know my way around computers. All of the things in the video I know about but just know what they are.
Also would be great to reccomend resources for getting started
https://redd.it/1d2tm6f
@r_bugbounty
Websocket Issue
Has anyone run into an app using Nexus as their websocket? full URL is https://nexus-websocket-a.intercom.io/ & seems to just pass through random JSON every once in a while with no correlation to the requests being made. Is there anyway to intercept this?
https://redd.it/1d2x52v
@r_bugbounty
Has anyone run into an app using Nexus as their websocket? full URL is https://nexus-websocket-a.intercom.io/ & seems to just pass through random JSON every once in a while with no correlation to the requests being made. Is there anyway to intercept this?
https://redd.it/1d2x52v
@r_bugbounty
Bay Area Security Meetups
Hey folks, are there any security meetups in the area or anyone looking for security buddies to learn together by solving some labs or certification? Happy to chat on new topics, study together for certs, etc. 🙂
https://redd.it/1d35key
@r_bugbounty
Hey folks, are there any security meetups in the area or anyone looking for security buddies to learn together by solving some labs or certification? Happy to chat on new topics, study together for certs, etc. 🙂
https://redd.it/1d35key
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
I have video proof of an existing bug inside of a slot machine game from an online casino.
A little context. This specific bug lets players on a fairly consistent basis obtain more free spins during a feature then they should be getting. How much do you think that would be worth to a company?
https://redd.it/1d3ce6v
@r_bugbounty
A little context. This specific bug lets players on a fairly consistent basis obtain more free spins during a feature then they should be getting. How much do you think that would be worth to a company?
https://redd.it/1d3ce6v
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Infura Api key leak
While testing a website i found an api key in a github page, like https://mainnet.infura.io/v3/<API-KEY>. I tested it with a curl request and it works, but i don’t know what is the impact and if there is any. Can you help me out?
https://redd.it/1d3ky9s
@r_bugbounty
While testing a website i found an api key in a github page, like https://mainnet.infura.io/v3/<API-KEY>. I tested it with a curl request and it works, but i don’t know what is the impact and if there is any. Can you help me out?
https://redd.it/1d3ky9s
@r_bugbounty
Bypass WAFs
I would like to ask you guys about a problem I found in two programs on HackerOne. When I try to scroll in a web app as a normal user with Burp Suite turned on, Amazon CloudFront's WAF blocks me and returns a 403 response, even though I am not performing any malicious actions. However, when I turn off Burp Suite, the web application works without any problems.
I tried to find the origin ip by OSINT but I didn't find it as well as I tried to change the host header but none of them work with me
https://redd.it/1d424ax
@r_bugbounty
I would like to ask you guys about a problem I found in two programs on HackerOne. When I try to scroll in a web app as a normal user with Burp Suite turned on, Amazon CloudFront's WAF blocks me and returns a 403 response, even though I am not performing any malicious actions. However, when I turn off Burp Suite, the web application works without any problems.
I tried to find the origin ip by OSINT but I didn't find it as well as I tried to change the host header but none of them work with me
https://redd.it/1d424ax
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Free US Number for Account Verification
I need to make an account on this company but it asks for a US number for verification. Anyone knows a free service or something to receive a sms OTP?..
I am from outside the US so I don't have one. I also tried googling for this service but none of them works
https://redd.it/1d4kudq
@r_bugbounty
I need to make an account on this company but it asks for a US number for verification. Anyone knows a free service or something to receive a sms OTP?..
I am from outside the US so I don't have one. I also tried googling for this service but none of them works
https://redd.it/1d4kudq
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
New
Hey im new and looking for a good program on hackerone however im trying to figure out they pay situation
13 hoursAverage time to first response
22 hoursAverage time to triage
3 hoursAverage time from triage to bounty
1 day, 1 hourAverage time from submission to bounty
2 weeks, 2 daysAverage time to resolution
when its formatted like this what does it mean like when would the pay out be
https://redd.it/1d4nllg
@r_bugbounty
Hey im new and looking for a good program on hackerone however im trying to figure out they pay situation
13 hoursAverage time to first response
22 hoursAverage time to triage
3 hoursAverage time from triage to bounty
1 day, 1 hourAverage time from submission to bounty
2 weeks, 2 daysAverage time to resolution
when its formatted like this what does it mean like when would the pay out be
https://redd.it/1d4nllg
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Android Sec. OR BlockChain Sec.?
Hi folks! I'm a web/network pen-tester and BB hunter. I was thinking, What skill should I add into my belt? A lot of communities say that crypto is the future, and others say that Android security is more important to improve my career. I am not sure what I should do.
"Study blockchain security? Or Android security?"
Any advice?
https://redd.it/1d4vnvw
@r_bugbounty
Hi folks! I'm a web/network pen-tester and BB hunter. I was thinking, What skill should I add into my belt? A lot of communities say that crypto is the future, and others say that Android security is more important to improve my career. I am not sure what I should do.
"Study blockchain security? Or Android security?"
Any advice?
https://redd.it/1d4vnvw
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Hackerone pending program review
When my report status gets change to pending program review does it mean that the triager validated and tested my bug?
https://redd.it/1d4z96h
@r_bugbounty
When my report status gets change to pending program review does it mean that the triager validated and tested my bug?
https://redd.it/1d4z96h
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Bug bounty
I am learning bug bounty and I have learn various type of attack but when I try them on bug bounty program website I don't understand when to use which attack pls help me with it
https://redd.it/1d56xqx
@r_bugbounty
I am learning bug bounty and I have learn various type of attack but when I try them on bug bounty program website I don't understand when to use which attack pls help me with it
https://redd.it/1d56xqx
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Serious Question What's the realistic income from bug hunting (in my case)?
Hi everyone,
I know there are hundreds of posts for starters, but they don't give answers for my specific situation. I'm hoping to get some insights tailored to my background and circumstances.
A bit about me:
- I'm a web developer with a basic understanding of cybersecurity.
- I hold a Security+ certification.
- I completed an internship as a Cybersecurity Analyst a while ago.
- I'm located in a growing country with very good internet where the median salary is around $600-700.
My question is: what's a realistic aprox. income I can expect from bug hunting after working on it for 6 months?
My plan is to:
1. Learn from PortSwigger Academy.
2. Pursue the Bug Bounty Hunter learning path on Hack The Box.
3. Dedicate at least 5-6 hours a day to this.
I would really appreciate any insights, especially from those who have been in a similar situation or have experience with bug bounty hunting. Thanks!
https://redd.it/1d5nw29
@r_bugbounty
Hi everyone,
I know there are hundreds of posts for starters, but they don't give answers for my specific situation. I'm hoping to get some insights tailored to my background and circumstances.
A bit about me:
- I'm a web developer with a basic understanding of cybersecurity.
- I hold a Security+ certification.
- I completed an internship as a Cybersecurity Analyst a while ago.
- I'm located in a growing country with very good internet where the median salary is around $600-700.
My question is: what's a realistic aprox. income I can expect from bug hunting after working on it for 6 months?
My plan is to:
1. Learn from PortSwigger Academy.
2. Pursue the Bug Bounty Hunter learning path on Hack The Box.
3. Dedicate at least 5-6 hours a day to this.
I would really appreciate any insights, especially from those who have been in a similar situation or have experience with bug bounty hunting. Thanks!
https://redd.it/1d5nw29
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
HTML Embed Code: