Respected folks, What are some things you think would have been great if I had known them earlier?
Sorry for another beginner post, but people who have been doing bug bounty. What clues you can give that made the process easier or simple.
https://redd.it/1cekm8u
@r_bugbounty
Sorry for another beginner post, but people who have been doing bug bounty. What clues you can give that made the process easier or simple.
https://redd.it/1cekm8u
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
I'm stuck in a loop
Hello hackers, I have been doing bug bounties for a very long time and I have recently realized that I am kinda stuck in a loop.
I pick a target to hunt, start my recon process, I gather subdomains using multiple tools, use httpx to filter live subdomains and run nuclei on them and some other same stuffs. I do the same things every time, same tools same methods.
Please help, what can I add to my recon process? Please suggest some unique tools, methods.
https://redd.it/1ceisbd
@r_bugbounty
Hello hackers, I have been doing bug bounties for a very long time and I have recently realized that I am kinda stuck in a loop.
I pick a target to hunt, start my recon process, I gather subdomains using multiple tools, use httpx to filter live subdomains and run nuclei on them and some other same stuffs. I do the same things every time, same tools same methods.
Please help, what can I add to my recon process? Please suggest some unique tools, methods.
https://redd.it/1ceisbd
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
XSS - Demonstrating Additional Impact
I’ve identified a XSS vuln in an HTML tag attribute. I can easily demonstrate this with alert() or console.log() but I’m wanting to further demonstrate impact, like ATO or something. The JSESSIONID cookie is HttpOnly so I can’t access it via JavaScript. I can get the CSRF token so I was hoping to just use XMLHttpRequest to perform actions as the logged in user. The issue I’m running into is that the injectable parameter has a 100 character limit (enforced on server) and CSP will not allow me to load an external JS file. Any ideas here?
https://redd.it/1cetnb5
@r_bugbounty
I’ve identified a XSS vuln in an HTML tag attribute. I can easily demonstrate this with alert() or console.log() but I’m wanting to further demonstrate impact, like ATO or something. The JSESSIONID cookie is HttpOnly so I can’t access it via JavaScript. I can get the CSRF token so I was hoping to just use XMLHttpRequest to perform actions as the logged in user. The issue I’m running into is that the injectable parameter has a 100 character limit (enforced on server) and CSP will not allow me to load an external JS file. Any ideas here?
https://redd.it/1cetnb5
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Bug Bounty RoadMap Feedback
Hello everyone,
I'm contemplating a career switch to cybersecurity, particularly starting with bug bounty programs. I've outlined a roadmap for myself and would appreciate feedback or alternative perspectives to refine it. If bug bounty programs don't suit me, I'm considering exploring other roles within the Red Team or delving into the skillsets required for the Blue Team. Thanks in advance!
1. My initial plan involves starting with Heath Adams' Practical Ethical Hacking - The Complete Course to establish a strong foundation. I'm a hands-on learner, which is why I opted for this course instead of continuing with the "Getting Started Page" on HackerOne. Additionally, I decided against diving straight into Hack the Box due to the considerable prerequisite knowledge required, which can be overwhelming.
2. Upon completing the course, I intend to explore TryHackMe. Since I'm unfamiliar with it, I'm unsure which rooms are best suited for bug bounty practice. I'm considering the "Red Teaming" room as a potential starting point. It seems like a logical progression since it offers less guidance, requiring individuals to problem-solve independently, yet it's not overly challenging. If skipping this step and proceeding directly to Hack the Box is more advisable, please advise!
3. Finally, I plan to participate in the Hacker101 CTF. I believe that the combination of theoretical knowledge from Heath's course and practical experience gained from TryHackMe will adequately prepare me for these challenges.
Following this, I aim to explore other online CTFs gradually and begin identifying bugs through platforms like HackerOne.
For context, here's a bit about me:
I'm currently an application developer with a consulting company.
I'm proficient in Java, JavaScript, and have some experience with Python.
Thank you for your guidance!
TLDR:
Considering a career shift to cybersecurity, particularly bug bounty programs, I've outlined a roadmap starting with Heath Adams' course for a solid foundation, followed by TryHackMe to gain hands-on experience, and concluding with Hacker101 CTF for practical skill refinement. Seeking feedback. Current background includes experience as an application developer with proficiency in Java, JavaScript, and some Python.
https://redd.it/1cevrpt
@r_bugbounty
Hello everyone,
I'm contemplating a career switch to cybersecurity, particularly starting with bug bounty programs. I've outlined a roadmap for myself and would appreciate feedback or alternative perspectives to refine it. If bug bounty programs don't suit me, I'm considering exploring other roles within the Red Team or delving into the skillsets required for the Blue Team. Thanks in advance!
1. My initial plan involves starting with Heath Adams' Practical Ethical Hacking - The Complete Course to establish a strong foundation. I'm a hands-on learner, which is why I opted for this course instead of continuing with the "Getting Started Page" on HackerOne. Additionally, I decided against diving straight into Hack the Box due to the considerable prerequisite knowledge required, which can be overwhelming.
2. Upon completing the course, I intend to explore TryHackMe. Since I'm unfamiliar with it, I'm unsure which rooms are best suited for bug bounty practice. I'm considering the "Red Teaming" room as a potential starting point. It seems like a logical progression since it offers less guidance, requiring individuals to problem-solve independently, yet it's not overly challenging. If skipping this step and proceeding directly to Hack the Box is more advisable, please advise!
3. Finally, I plan to participate in the Hacker101 CTF. I believe that the combination of theoretical knowledge from Heath's course and practical experience gained from TryHackMe will adequately prepare me for these challenges.
Following this, I aim to explore other online CTFs gradually and begin identifying bugs through platforms like HackerOne.
For context, here's a bit about me:
I'm currently an application developer with a consulting company.
I'm proficient in Java, JavaScript, and have some experience with Python.
Thank you for your guidance!
TLDR:
Considering a career shift to cybersecurity, particularly bug bounty programs, I've outlined a roadmap starting with Heath Adams' course for a solid foundation, followed by TryHackMe to gain hands-on experience, and concluding with Hacker101 CTF for practical skill refinement. Seeking feedback. Current background includes experience as an application developer with proficiency in Java, JavaScript, and some Python.
https://redd.it/1cevrpt
@r_bugbounty
Udemy
Online Courses - Learn Anything, On Your Schedule | Udemy
Udemy is an online learning and teaching marketplace with over 213,000 courses and 62 million students. Learn programming, marketing, data science and more.
I'm curious about XSS filtering
Hi everyone. I'm a bugbounty novice. I'm currently spending a lot of time manually looking for bugs. First of all, I'd like to say that I've already studied the concept, type, etc. of XSS. But I'm asking you a question because I don't think I'm familiar with how XSS is being filtered, etc.
When I type in the payload to find the XSS on the site, they're filtered with high probability, and from what I've studied, they're called sanitizing and escapes. I checked that contents like <, > or "script" are filtered or these are treated as strings.
So, I was wondering implementing XSS is which of the two, or both:
1) Whether you're looking for a bypass beyond this filtering, or
2) if you're trying to inject XSS on a site that doesn't use this filtering.
If it's number one, filtering techniques are advanced for each applied site, and it seems to be almost similar. Do you have any tips in this regard? I've looked into the related content and it's too hard for me. Please give me some advise on this.
https://redd.it/1cezl8p
@r_bugbounty
Hi everyone. I'm a bugbounty novice. I'm currently spending a lot of time manually looking for bugs. First of all, I'd like to say that I've already studied the concept, type, etc. of XSS. But I'm asking you a question because I don't think I'm familiar with how XSS is being filtered, etc.
When I type in the payload to find the XSS on the site, they're filtered with high probability, and from what I've studied, they're called sanitizing and escapes. I checked that contents like <, > or "script" are filtered or these are treated as strings.
So, I was wondering implementing XSS is which of the two, or both:
1) Whether you're looking for a bypass beyond this filtering, or
2) if you're trying to inject XSS on a site that doesn't use this filtering.
If it's number one, filtering techniques are advanced for each applied site, and it seems to be almost similar. Do you have any tips in this regard? I've looked into the related content and it's too hard for me. Please give me some advise on this.
https://redd.it/1cezl8p
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Are there any web vulnerabilities that are difficult or impossible to automate?
As a beginner in bug bounty, it seems like those who quickly run automation tools often claim the rewards first. So, my strategy is to manually exploit vulnerabilities that are difficult to automate. What are some examples? Initially, vulnerabilities like XSS, SQLi, or path traversal seem automatable or fuzzable.
https://redd.it/1cf4zmz
@r_bugbounty
As a beginner in bug bounty, it seems like those who quickly run automation tools often claim the rewards first. So, my strategy is to manually exploit vulnerabilities that are difficult to automate. What are some examples? Initially, vulnerabilities like XSS, SQLi, or path traversal seem automatable or fuzzable.
https://redd.it/1cf4zmz
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
How LangChain and ChatGPT plugins are getting attacked by this bug
https://journal.hexmos.com/insecure-output-handling/
https://redd.it/1cf9wov
@r_bugbounty
https://journal.hexmos.com/insecure-output-handling/
https://redd.it/1cf9wov
@r_bugbounty
Hexmos Journal
How LangChain and ChatGPT plugins are getting attacked by this bug
Insecure Output Handling on LLMs deals with injecting poisonous data during the training phase. In this article, we will be focusing on real-world scenarios, practical demos, and prevention mechanisms along with examples.
Need help finding my first bug.
Hey I'm looking for advice. I have been learning PHP for about 7 months and have some decent knowledge about it.
I have a website that has a chat, file upload and stuff.
I understand CSRF, samesite, CORs misconfiguration, XSS, redirection, SQLi,
File upload, info disclosure and I can't find a bug its been about 5 months looking. I'm looking for some advice please.
And how do you guys keep up to date I have RSS but no decent feeds. I have this sub RSS thats about it.
I have nearly completed every portswigger lab but I suck. Any advice please. And thank you 😊
https://redd.it/1cfb1ur
@r_bugbounty
Hey I'm looking for advice. I have been learning PHP for about 7 months and have some decent knowledge about it.
I have a website that has a chat, file upload and stuff.
I understand CSRF, samesite, CORs misconfiguration, XSS, redirection, SQLi,
File upload, info disclosure and I can't find a bug its been about 5 months looking. I'm looking for some advice please.
And how do you guys keep up to date I have RSS but no decent feeds. I have this sub RSS thats about it.
I have nearly completed every portswigger lab but I suck. Any advice please. And thank you 😊
https://redd.it/1cfb1ur
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Wanted to get a back door air screen to keep flies out…. Any suggestions
https://redd.it/1cffv72
@r_bugbounty
https://redd.it/1cffv72
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Need help! Possible major securityleak on major screenshot platform
So this post is gonna be updated as this situation ensues;
I have today found a bug within gyazo giving me access to other gyazo account's saved pictures.
Gyazo is a screenshot platform
Any tips regarding this situation is highly appreciated as i have never before found a bug this big with the danger/harm potential it has.
Tried to contact their support and it says they are on holiday till over the new years.
https://redd.it/1cfnf8m
@r_bugbounty
So this post is gonna be updated as this situation ensues;
I have today found a bug within gyazo giving me access to other gyazo account's saved pictures.
Gyazo is a screenshot platform
Any tips regarding this situation is highly appreciated as i have never before found a bug this big with the danger/harm potential it has.
Tried to contact their support and it says they are on holiday till over the new years.
https://redd.it/1cfnf8m
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Whats the top closed source and open source bug bounty platforms?
Im looking for both options. I need to be able to put also non-bug related bounties on this board/platform as well which im guessing wouldnt matters as you should be able to put any content/request/bounty if its bug related or not right?
https://redd.it/1cfu4b5
@r_bugbounty
Im looking for both options. I need to be able to put also non-bug related bounties on this board/platform as well which im guessing wouldnt matters as you should be able to put any content/request/bounty if its bug related or not right?
https://redd.it/1cfu4b5
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Github Dorking Code section
Hello!
Github removed the sort filter in the code section. How you guys are dealing and searching for the latest leaks and keywords when you are doing a repeated dork every day.Removing the filter to latest update will just give you the same result every time you dork it. In the past when I was doing Github dork I will do my search on specific company and then filter the code section to latest update to see the new thing only.
https://redd.it/1cfu3uk
@r_bugbounty
Hello!
Github removed the sort filter in the code section. How you guys are dealing and searching for the latest leaks and keywords when you are doing a repeated dork every day.Removing the filter to latest update will just give you the same result every time you dork it. In the past when I was doing Github dork I will do my search on specific company and then filter the code section to latest update to see the new thing only.
https://redd.it/1cfu3uk
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Social engineering has to be a part of BB
So in reality someone would screw you over through any hole they find. And humans are the most vulnerable place. IT departments think they do enough testing among employees. But they might not be doing enough since one has to have a specific mindset. Which could lead to more innovative approaches that can disclose a problem.
I personally see BB as a preventative measure against potential attacks. And in such case they should cover all possible vectors of an attack. Including social engineering.
Just a discussion.
https://redd.it/1cfyiuk
@r_bugbounty
So in reality someone would screw you over through any hole they find. And humans are the most vulnerable place. IT departments think they do enough testing among employees. But they might not be doing enough since one has to have a specific mindset. Which could lead to more innovative approaches that can disclose a problem.
I personally see BB as a preventative measure against potential attacks. And in such case they should cover all possible vectors of an attack. Including social engineering.
Just a discussion.
https://redd.it/1cfyiuk
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Looking for Swedish bug hunters!
Hello!
I am producing a podcast on behalf of a university in Sweden and am looking for an active bug hunter to interview! The episode is about IT-security and what is the driving force behind being a bug hunter.
If you feel like you / someone you know would fit in, please leave a comment or send a message.
Thanks in advance!
https://redd.it/1cg0szc
@r_bugbounty
Hello!
I am producing a podcast on behalf of a university in Sweden and am looking for an active bug hunter to interview! The episode is about IT-security and what is the driving force behind being a bug hunter.
If you feel like you / someone you know would fit in, please leave a comment or send a message.
Thanks in advance!
https://redd.it/1cg0szc
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
How long do you stick around looking for an XSS exploit on a page? What are some good indicators to move on from testing a sink/source?
I am currently playing with XSS payloads for a sink I found. I've gotten different responses according to different payloads to test the firewall, as well as getting passed it by getting responses from the IAM microservice and AWSELB load balancer. I got responses from the server directly as well, but nothing exploitable. I'm just in the vuln stage with this.
For context: the JS code shows the level of input validation, which is minimal, and why I've gotten around I believe.
So, I am wondering some good indicators that this JS sink isn't exploitable, although vulnerable?
Edit: spelling
https://redd.it/1cgaimc
@r_bugbounty
I am currently playing with XSS payloads for a sink I found. I've gotten different responses according to different payloads to test the firewall, as well as getting passed it by getting responses from the IAM microservice and AWSELB load balancer. I got responses from the server directly as well, but nothing exploitable. I'm just in the vuln stage with this.
For context: the JS code shows the level of input validation, which is minimal, and why I've gotten around I believe.
So, I am wondering some good indicators that this JS sink isn't exploitable, although vulnerable?
Edit: spelling
https://redd.it/1cgaimc
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Efficient way to learn with real targets
Respected folks, kindly suggest how you learn a new vulnerability and practice on real target (after doing portswigger lab) .
What iam currently doing is, after portswigger lab. Just choose any target from VDP and testing on it. Mostly iam not able to find the bug.
Can you share your experience with this? How do you practice while learning?
https://redd.it/1cgdi9e
@r_bugbounty
Respected folks, kindly suggest how you learn a new vulnerability and practice on real target (after doing portswigger lab) .
What iam currently doing is, after portswigger lab. Just choose any target from VDP and testing on it. Mostly iam not able to find the bug.
Can you share your experience with this? How do you practice while learning?
https://redd.it/1cgdi9e
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
How important is recon actually?
I've never done recon apart from basic subdomain enum.
I have been reading and watching guides all day on recon. And came across a video of a guy saying recon is worthless because if you find a bug on a subdomain thats way off the radar. The attack surface is pointless because there's no exploitablilty.
Please help me get better at bug bounty.
I have today learned subfinder, httpx, ffuf can be tricky with params, ASN enum and aquatone. Am I missing stuff.
https://redd.it/1cga6vs
@r_bugbounty
I've never done recon apart from basic subdomain enum.
I have been reading and watching guides all day on recon. And came across a video of a guy saying recon is worthless because if you find a bug on a subdomain thats way off the radar. The attack surface is pointless because there's no exploitablilty.
Please help me get better at bug bounty.
I have today learned subfinder, httpx, ffuf can be tricky with params, ASN enum and aquatone. Am I missing stuff.
https://redd.it/1cga6vs
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
Cant change my report title on hackerone
I submited a report on hackerone with a very shitty title and its been a day and i cant change it anymore any solutions?
https://redd.it/1cgi8rk
@r_bugbounty
I submited a report on hackerone with a very shitty title and its been a day and i cant change it anymore any solutions?
https://redd.it/1cgi8rk
@r_bugbounty
Reddit
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community