Unrestricted File Upload Vulnerability

Hey guys I am new to bug bounty and I identified unrestricted file upload vulnerability that i can upload any type of files to the system. Was also able to upload .exe file.

But this is marked as P5 and the issue lacks a demonstrated risk and is considered security best practice

Please help me with some ideas to move this from p5 to p4 or p3

https://redd.it/1cb4hop
@r_bugbounty

bug bounty vs certs

what do you guys think if i have 2 years to graduate

i saw some people that were successful in bug bounty were able

to get senior job without going for junior (we all know junior jobs are rare is hell)

but i spent like 6 month without finding bugs only duplicates

and i see a lot of people say it takes 8 month - year to find your first bug

so should you take the guaranteed route for your career (studying for certs ) or try with bug hunting?

what do you think the most efficient thing

https://redd.it/1cbiym5
@r_bugbounty

Need help with a project

So I’ve got a project that could, if solved, could retire us for the next couple years.

I need to find out what information is being requested by a database and what information is being sent from a machine to the database.

The machine scans cars and sends that info to the database.

I can’t say much more than this. Private message me for more info. I’ll share my telegram info there.

The machine is connected via Ethernet to the internet.

Also, advise on how to find the person I’m looking for would be greatly appreciated.



https://redd.it/1cbnk4e
@r_bugbounty

Content Discovery, Fuzzing VS. Scanners, Automated tools are Different?

Hi everyone. I don't understand the difference between scanners and tools. Doesn't this mean you can't use the tools at all? Honestly, I don't even know the difference between an automated tool and a scanner.

So my questions are:

1) I've seen some bugbounties disallow automated tools and scanners at all. (When even don't allow limit of requests per second. ) Is it possible to use tools to perform subdomain enumeration and content discovery in these cases? I mean something like dirsearch.

2) Isn't the content discovery tool also a scanner because it uses fuzzing and brute-forcing after all? So essentially, isn't fuzzing means a scanner?

3) If the rules of bugbounty allow the use of tools, but there is a limit to requests per second, is there an option to restrict requests even when using subdomain enumeration and content discovery tools?

4) Is there a difference between the terms "scanner" and "automated tools"?

https://redd.it/1cbqfy6
@r_bugbounty

What can i do after the collects ips?

I created a tool.It is getting ip addresses of the ip range quickly and i can see which ip equal to domain name.But i don't know what i will do now? I search for subdomain takeover but i could not get any good things.Just Unbounce,Heroku etc. They are not vulnerable.Can you give some advices any methodology please?Thanks

https://redd.it/1cbxfz7
@r_bugbounty

< converted to &lt

Hi guys

I am trying XSS, whenever i enter a < symbol it is getting converted to &lt in frontend

It is a react page, and i give the value from burp suite as <script>

then it becomes \&lt;script\&gt;

Any ways to bypass this ?

https://redd.it/1cc5ih4
@r_bugbounty

Passive scanners?

This may be a dumb question, but if a program forbids you from non-manual testing is using passive dork-based scanners allowed or not? It technically is non-manual but I would also be scraping google and in no situation connecting to their web

https://redd.it/1ccdq5w
@r_bugbounty

bug bounty platform?

hey hackers\~

I'm a cybersecurity researcher from China, going to do some bug bounty in international platforms like bugcrowd ,hackerone etc.

Which one is better or easier for beginner?

https://redd.it/1ccjxjl
@r_bugbounty

Found an infinite money glitch, what now?

Hey community,

I recently discovered an money glitch on a website, which has to do with stocks. This bug allows me to get basically infinite money on my account. The withdraw of a test amount worked for real and there was real human interaction involved. Somebody had to approve this withdraw.

I'm working as a software developer and I unterstand the problem behind this bug. I'm not sure what to do with this information, since I would like to get a bug bounty.

I mean I cannot show the bug to the company, since I don't have the trust that they would pay me. They are not listed on a bug bounty portal which I could use.

Obviously I don't plan to exploit this bug!

So I have three questions:

1. What would such a bug be worth?
1. The bug can be done by everyone who is registered
2. The amount which could be stolen is infinite
3. the company has around 10.000 - 50.000 users
2. How can I bring this up to the company without missing out a bug bounty?
3. Are there trusted middlemans for this kind?

I would really appreciate your help and thank you in advance.

https://redd.it/1ccsi50
@r_bugbounty

Acunetix API

Hi guys, I created a CLI tool for interacting with Acunetix APIs. I know, there are a lot. But these one I focused on the lack of features on the community.

- Add and remove targets and target groups
- Configure target scan properties
- Export and import scan profiles
- Start scans

I hope you like it and helps. Please give feedbacks so I can improve it further.


https://github.com/tosbaa/acucli

https://redd.it/1ccvc4s
@r_bugbounty

When I put the XSS payload in the url window, does this also have to add a required request header?

Hi everyone. You know that XSS is often injected through url. But putting payloads is also sending requests after all. So, in bugbounties that have rules make sure to add headers, I was wondering if this process should also be done with added headers through burpsuite, or if we can just test it right through url. If the answer is yes, I wonder if the few payloads sent without adding headers can also be a problem. (Supposing the payloads are non-threatening)

https://redd.it/1cczln1
@r_bugbounty

Have you experienced any bad mistakes in Bug Bounty?

Hi everyone. Have you ever made a big mistake while playing bugbounty? Of course we know that we have to follow all the rules. So we try our best to follow the conditions.

However, we are humans, and things that we do with human hands always bring mistakes. So I'm curious about your experiences with that.

1) What kind of situation it was and
2) how you dealt with it?
3) So I think often hackers use vpn, but the network is too slow. And yet do you all use vpn to prevent these things?

https://redd.it/1cdglcm
@r_bugbounty

Secure Coding Practices in Java Resources

Hey everyone, I have an interview coming up that requires a secure code review specifically in Java for OWASP Top 10 vulnerabilities (Web App Security). I would really appreciate it if anyone knew such resources to help me learn secure coding practices and could share those with me.


Thanks in advance!

https://redd.it/1cdhxm1
@r_bugbounty

What service do you use if you need a custom domain and server for testing?

I got stuck while testing a website because I want to test for a SSRF. The web server makes a request to a third party image hosting service specified via an URL as a parameter in the get request. I want to have the parameter be tested.site.com.myownsite.com so I need to host myownsite.com and create tested.site.com as a subdomain. Is there a convenient, userfriendly and cheap service to get something like this up and running quickly? What solution do you use for this kind of testing?

https://redd.it/1cdp5kv
@r_bugbounty

Subdomain Enumeration -Recursive Internet Scanner for Hacking
https://cyberhacks.org/2024/04/26/subdomain-enumeration-recursive-internet-scanner-for-hacking/

https://redd.it/1cdoydx
@r_bugbounty

Bug Bounty Scoping Question



Hello everyone!

I am about half way through Hack The Box’s bug bounty path and I’ve been looking through bounty opportunities. I have some questions revolving scope and what CAN be done.

I see alot of postings that don’t allow for automatic enumeration tools(such as burpsuite, nmap, etc), “no attacks requiring MITM or physical access or control of a users device”, no XSS, no CSRF, etc.

My question is this: I feel like these scopes dont allow for most of what im learning in HTB so…what are we allowed to even do?

Here is an example:

Out of scope vulnerabilities

Clickjacking on pages with no sensitive actions Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions Attacks requiring MITM or physical access or control over a user's device. Cross-domain referer leakage (except there is an actual impact like disclosure of authenticated session cookies). Cross-domain script inclusions. Previously known vulnerable libraries without a working Proof of Concept. Missing best practices in SSL/TLS configuration. Rate limiting or brute force issues on non-authentication endpoints Denial of service attacks (DDOS/DOS) Missing cookies security flags (e.g., HttpOnly or Secure) Missing email best practices (Invalid, incomplete or missing SPF/DKIM/DMARC records, etc.) Missing DNS resource record for Certificate Authority Authorization (CAA) Vulnerabilities only affecting users of outdated or unpatched browsers (less than 2 stable versions behind the latest released stable version) Information disclosure vulnerabilities like software version disclosure / internal path disclosure issues / banner identification issues / descriptive error messages or headers (e.g. stack traces, application or server errors) (except there is an actual impact like disclosure of sensitive information) Zero-days or known vulnerabilities disclosed publicly within the past 30 days. Vulnerabilities solely based on Open Source Intelligence (OSINT) investigations, without a technical exploit. Broken links or URL inconsistencies without an associated security vulnerability or demonstrable impact on system security. Web links that point to non-existing web pages. Unconfirmed reports from automated vulnerability scanners General low severity issues reported by automated scanners

Again, quite new to this but i feel like theres nothing to be done with a scope like this.

Any thoughts at all would be welcome!

Thank you,

&#x200B;

https://redd.it/1cdsq97
@r_bugbounty

Does HackTheBox certification worth it ?

I Actually work as à DevOps and would like to start bugbounty as sideproject. I think i know some basics in cybersecurity but i dont think i know deep concepts and how to report vulnerability i would find. Thanks for your reply

Edit: here is the link https://academy.hackthebox.com/preview/certifications

https://redd.it/1cdwovl
@r_bugbounty

hey guys should i start with :

Vickie li's bug bounty bootcamp or web application hackers handbook?


does anyone have experience with this 2 books? I'm not sure if i should start with web application hacker's handbook 2, or if i should skip it n learn Vicki li's bug bounty bootcamp. Thoughts?

https://redd.it/1ce0669
@r_bugbounty

Beginner Advice

Hey hunters,
I am new to the bug bounty field and I stumbled across a 'web3 bug bounty' writeup, so I need an advice on what should I spend my time learning: normal web application penetration testing or web3 security auditing?

https://redd.it/1cej0s2
@r_bugbounty

How A Blackbox Target Turned To Whitebox With Recon

https://medium.com/@red.whisperer/how-a-blackbox-target-turned-to-whitebox-with-recon-e46536672702


For more bug bounty content, follow me on X - https://twitter.com/chux13786509

https://redd.it/1ceixts
@r_bugbounty