Channel: R_bugbounty
When there are few restrictions on tools during bug bounties
Hello everyone! I participate in bugbounties, and I found a site with only one sentence regarding the use of the scanner.
>Excluded Submission Types
>
>Vulnerability reports which do not include careful manual validation - for example, reports based only on results from automated tools and scanners or which describe theoretical attack vectors without proof of exploitability - will be closed as Not Applicable.
In this case, can I say that there are few constraints on the scanner or the automation tool, unless I copy and paste the results? I wonder if I can use the default values of the tool without setting a request per second in this case.
https://redd.it/1c8h6zm
@r_bugbounty
Hello everyone! I participate in bugbounties, and I found a site with only one sentence regarding the use of the scanner.
>Excluded Submission Types
>
>Vulnerability reports which do not include careful manual validation - for example, reports based only on results from automated tools and scanners or which describe theoretical attack vectors without proof of exploitability - will be closed as Not Applicable.
In this case, can I say that there are few constraints on the scanner or the automation tool, unless I copy and paste the results? I wonder if I can use the default values of the tool without setting a request per second in this case.
https://redd.it/1c8h6zm
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Gadget on Marriott
I got something on Marriott, unable to exploit. single quote to get out of attribute.
I'm wondering if anyone knows if Marriott is accepting reflected XSS, I can read from their page:
Anyways, here is the gadget, tried XSS and dom clobbering, cannot pop it
https://all-inclusive.marriott.com/click-reservation/asdasd'caninjecthere
https://redd.it/1c8i9tv
@r_bugbounty
I got something on Marriott, unable to exploit. single quote to get out of attribute.
I'm wondering if anyone knows if Marriott is accepting reflected XSS, I can read from their page:
Out-of-Scope Activities
Web Cache Poisoning, Reflected XSS, UI redressing via custom .html files
Anyways, here is the gadget, tried XSS and dom clobbering, cannot pop it
https://all-inclusive.marriott.com/click-reservation/asdasd'caninjecthere
https://redd.it/1c8i9tv
@r_bugbounty
What can I test on the 'ver=' parameter in URL that I got from gau ?
Hello all, as the question suggests, am looking for something to exploit on the ver= parameter in the URL. Gf patterns show's there's a chance of RCE on it but idk how ?
Can someone suggest what can i test ?
https://redd.it/1c8lah7
@r_bugbounty
Hello all, as the question suggests, am looking for something to exploit on the ver= parameter in the URL. Gf patterns show's there's a chance of RCE on it but idk how ?
Can someone suggest what can i test ?
https://redd.it/1c8lah7
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
what do you think about android end points ?
I recently started testing API for IDOR and access control violations, I configured my old android phone to capture traffic in burp, but I want to ask, if it's really worth a time to test api endpoints ? I want to test something which is less competitive and I figured android endpoint would be the perfect candidate , is my understanding correct ?
I am new to bug bounty
https://redd.it/1c8l7c9
@r_bugbounty
I recently started testing API for IDOR and access control violations, I configured my old android phone to capture traffic in burp, but I want to ask, if it's really worth a time to test api endpoints ? I want to test something which is less competitive and I figured android endpoint would be the perfect candidate , is my understanding correct ?
I am new to bug bounty
https://redd.it/1c8l7c9
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Bug bounties other than web
Hey I am interested in big bounty but don’t want to go into the web app pentesting side of it cause I feel there’s more competition and its not my cup of tea. I love digging deep in files using linux command line basically forensics. I know basic C, Python and can learn any other language if needed as its just understanding the syntax, I know networking stuff.
Just wanted to know which areas would suit me I just want to get started and please mention some sites where I could hunt and get responses.
Any input will be appreciated.
Thank you 💖
https://redd.it/1c8megv
@r_bugbounty
Hey I am interested in big bounty but don’t want to go into the web app pentesting side of it cause I feel there’s more competition and its not my cup of tea. I love digging deep in files using linux command line basically forensics. I know basic C, Python and can learn any other language if needed as its just understanding the syntax, I know networking stuff.
Just wanted to know which areas would suit me I just want to get started and please mention some sites where I could hunt and get responses.
Any input will be appreciated.
Thank you 💖
https://redd.it/1c8megv
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Is anyone good here with manually testing XSS & is willing to teach it out of goodwill?
If there's anyone please comment.
https://redd.it/1c8sydy
@r_bugbounty
If there's anyone please comment.
https://redd.it/1c8sydy
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Does anyone know what kinds of Beatles these are also look at the little jumping spider so cute
https://redd.it/1c8xydj
@r_bugbounty
https://redd.it/1c8xydj
@r_bugbounty
Reddit
From the bugbounty community on Reddit: Does anyone know what kinds of Beatles these are also look at the little jumping spider…
Explore this post and more from the bugbounty community
Why do bug bounty’s ? The company has all the leverage and can under pay you ?
I’m honestly really new to all of this but besides hacking there are also many ways company’s are at risk to massive loss .
To me it seems kinda unfair let’s say I know for a fact a company can loose 10 million in a month. I show them and. They pay like 500$ dollars.
Literally could have just exploited what ever I found.
All jokes aside tho there are various platforms im aware of that are susceptible to 500k in losses at the minimum. They would only need to change minor things some major. How would I go about telling them. Would I have to declare what I’ve found before getting paid ?
If so maybe I should just exploit them ?
https://redd.it/1c98bxm
@r_bugbounty
I’m honestly really new to all of this but besides hacking there are also many ways company’s are at risk to massive loss .
To me it seems kinda unfair let’s say I know for a fact a company can loose 10 million in a month. I show them and. They pay like 500$ dollars.
Literally could have just exploited what ever I found.
All jokes aside tho there are various platforms im aware of that are susceptible to 500k in losses at the minimum. They would only need to change minor things some major. How would I go about telling them. Would I have to declare what I’ve found before getting paid ?
If so maybe I should just exploit them ?
https://redd.it/1c98bxm
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Hey guys, I made a YT channel where I show BugBounty PoC. I'm still beginner to the field and YT but hope you guys enjoy. ❤️☺️
https://youtu.be/4ukbgT5mQBk?si=rEIwv2iziu8X0H3Y
https://redd.it/1c9mvve
@r_bugbounty
https://youtu.be/4ukbgT5mQBk?si=rEIwv2iziu8X0H3Y
https://redd.it/1c9mvve
@r_bugbounty
YouTube
Easy $200 Bug Bounty PoC | Full API Key Recon
This video shows the impact of a vulnerable google API key. Usually, these are low findings but they can be abused as a company can be charged for billing from google if an attacker uses the API for their own malicious purposes. There are many financial impacts…
VPN on cloud VMs
Hey all
I did try w proton and nord on DO and AWS. Loosing connection to the VM in both cases(tho required some additional movement w proton). So the question. Has anyone successfully connected to any vpn from any cloud provider? Also do you know if DO monitors port scans a lot? I know gcp does.
https://redd.it/1c9pova
@r_bugbounty
Hey all
I did try w proton and nord on DO and AWS. Loosing connection to the VM in both cases(tho required some additional movement w proton). So the question. Has anyone successfully connected to any vpn from any cloud provider? Also do you know if DO monitors port scans a lot? I know gcp does.
https://redd.it/1c9pova
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Submitting similar bugs together or separately
I'm reading through the codebase for an application with a program on Hackerone and there a number of different areas in which the programmers used the same user input in the same, unsafe manner. Each case results in the same security bug. Is it acceptable to submit each of these separately since they occur at different parts of the program, or is it expected that I reference each of them in a single report?
For what it is worth they could fix all of them by properly sanitizing user input when it first arrives.
Thanks
https://redd.it/1c9ry1d
@r_bugbounty
I'm reading through the codebase for an application with a program on Hackerone and there a number of different areas in which the programmers used the same user input in the same, unsafe manner. Each case results in the same security bug. Is it acceptable to submit each of these separately since they occur at different parts of the program, or is it expected that I reference each of them in a single report?
For what it is worth they could fix all of them by properly sanitizing user input when it first arrives.
Thanks
https://redd.it/1c9ry1d
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Is it necessary to study django in bughunting?
Do I have to learn Django after Python in bug hunting or can I skip it now?
and i have studied in programming
html
css
basic of js
python and i will study mysql as database
what i need too
​
https://redd.it/1c9yvr0
@r_bugbounty
Do I have to learn Django after Python in bug hunting or can I skip it now?
and i have studied in programming
html
css
basic of js
python and i will study mysql as database
what i need too
​
https://redd.it/1c9yvr0
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Is bug bounty dying?
Lots of programs are leaving hackerone and other platforms daily. Is bugbounty dying?
https://redd.it/1ca4pur
@r_bugbounty
Lots of programs are leaving hackerone and other platforms daily. Is bugbounty dying?
https://redd.it/1ca4pur
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Hackerone triagers closing more cases as N/A?
I work on a large program and dabble am a hacker myself. I've noticed over the last couple of weeks, a lot more reports which would normally be closed as informational have been closed as N/A, which impacts a hacker's reputation. It seems like H1 triagers have been cracking down on reports with no or minimal impact. Anyone else notice this?
https://redd.it/1cag4zn
@r_bugbounty
I work on a large program and dabble am a hacker myself. I've noticed over the last couple of weeks, a lot more reports which would normally be closed as informational have been closed as N/A, which impacts a hacker's reputation. It seems like H1 triagers have been cracking down on reports with no or minimal impact. Anyone else notice this?
https://redd.it/1cag4zn
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
5 submissions, all are duplicates
For the past 6 months, I am trying to become a bug bounty hunter but no luck. I found 5 vulnerabilities out of which 3 are high/critical but It's always getting closed as a duplicate.
Do I need to change my strategy, I am loosing hope. I am doing manual research only most of the time
https://redd.it/1cb1ipj
@r_bugbounty
For the past 6 months, I am trying to become a bug bounty hunter but no luck. I found 5 vulnerabilities out of which 3 are high/critical but It's always getting closed as a duplicate.
Do I need to change my strategy, I am loosing hope. I am doing manual research only most of the time
https://redd.it/1cb1ipj
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
HTML Embed Code: