Usama VarikkottilforUsama helps you secure your APIs & appsusamav.hashnode.net·Aug 29, 2021Top 7 methods to find account takeover bugs in 2023Making some weird API requests resulted in full user account takeovers, which paid me the highest reward of two bug bounty programs. Account takeovers are critical security vulnerabilities. Making strange API requests can sometimes lead to critical a...Nobody and 3 others are discussing this4 people are discussing thisDiscuss·30 likes·11.1K readsSecurity
Saajan BhujelforInfos3c Blogsinfos3c.hashnode.net·Oct 25, 2022How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tagsHey everyone👋 I hope you're having an A+ week!🚀 In today's blog, I am going to tell you that, “How I Got $10,000 From GitHub For Bypassing A Filtration oF HTML tags” A few months back, One day I was just scrolling the Twitter feed. And, Suddenly a...Discuss·12 likes·296 readsGitHub
Hossam mesbahforInfos3c Blogsinfos3c.hashnode.net·Dec 2, 2022Broken Access Control + Misconfiguration = Beautiful Privilege EscalationHello everyone, This story will be about the Privilege escalation vulnerability I found lately. There are 2 roles on this site creator/account owner Account owner user is the management and is able to access the full account users and other function...Discuss·11 likes·128 readsbugcrowd
Hossein ShourabiforMrCatDev's Blogscript.hashnode.net·Apr 22, 2023How I discovered a web cache deception in Voorivex eventToday, I want to show you how I discovered a web cache deception during a local event as a new hunter. Let's get started. Cache As you know we have several caches in web applications, Browser Cache Server Cache ( CDN /Load Balance/Reverse Proxy) ...Discuss·216 readsSecuritybugbounty
Dacianforin your storagedacian.hashnode.net·Apr 19, 2023$28K Bounty - Admin Brick & Forced RevertAlchemist is a web3 community who developed the notable Fjord Foundry platform and a DeFi ecosystem composed of at least: Alchemist ERC20 - token $MIST Aludel - staking/rewards program Crucible - a vault/smart wallet for ERC20 tokens to subscribe ...Discuss·1 like·894 readsBug BountiesSmart Contracts
Mạnh Đình Nguyễnforcybndmcyb.hashnode.net·Apr 2, 2023Bounty in just 5 minutes through IDORHello Bounti-ers, Here is an easy finding which I want to share... After I recon with my custom bash, as normal, scan first and manual at the same time. While waiting for the scanning to end, I actively seek all test case logic in my target. Sign up ...Discuss·1 likesecurity testing
The Chief - OmarforA Technical Writing Journeychiefomar.hashnode.net·Apr 1, 2023The Week That Was... phewBismillah I don't remember exactly whose YouTube Video it was but someone mentioned that to learn Bug Bounty, Pentesting, and Red teaming, practice is key. The past two weeks have been constituted of a large amount of Pentesting theory and a substant...Discussbugbounty
Prateek SinghforCoderBuddycoderbuddy.hashnode.net·Mar 31, 2023Tips and Tricks for Winning Big Bounties on Website VulnerabilitiesIntroduction In the world of cybersecurity, "big bounties" are a well-known concept. These bounties, which offer significant financial rewards for identifying and reporting security vulnerabilities in software and hardware systems, have become an inc...Discussbugbounty
Zeeshan MustafaforHack The Planet 🌎zsec-1674122606463.hashnode.net·Mar 29, 2023Hacking Admin Panel & Getting free subscriptionNote: For maintaining the program's privacy I won't disclose the program. So, a few months back I and Haseeb were hunting on a private program and the program is a services-based company that has paid services only. So the program had very limited as...Discuss·1.8K readshacking
The Chief - OmarforA Technical Writing Journeychiefomar.hashnode.net·Mar 23, 2023A-Cross Site Script-in-jections tooBismillah What an eventful day, the second day of Jr. Pentesting was all reading and a bit of practice. This first week I'm just learning, then next week I'll continue with my Portswigger practice, might even hit some Hackerone CTFs and Owasp Juice S...DiscussXSS
Cyber Dugforcyberdug.hashnode.net·Mar 18, 2023SQL Injection Lab for beginners#Cybersecurity #sqlinjection What is SQL Injection? SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database. ...Discusshacking
Rupachandransforrupachandransrupachandrans.hashnode.net·Mar 15, 2023Host Header Injection Leads To Pre-Account Takeover Worth 100$Self Introduction : Hello, I am Rupachandran S, I am a Third Year Integrated Five year-Master of Computer Science with a Specialization in Business Analytics student at Vellore Institute Of Technology-Chennai. I am here to share my finding on Host He...Discuss#cybersecurity
Alex HumadoforVuln Researchvulnresearch.hashnode.net·Mar 8, 2023How To Get Started In Mobile Application Penetration Testing.This is the introduction of this brand new series where I share my journey into Mobile Application Penetration Testing including resources and advice I get from experts in this field and hopefully help you along the way. So, let's dive in! Introducti...Discuss·1 likeMobile Application Pentesting Series (MAPS)Mobile apps
