I no longer test VDP programs. However, since this is an open-source project and vulnerabilities found can be assigned CVEs, I spent some time last week reviewing it. I'm also glad that these are my first 4 CVEs #bugbounty #CVE
Just released the Ultimate IDOR Testing Checklist 🧩 I combined techniques from many sources to cover IDOR scenarios. Know a technique I missed? Drop it in the comments. Notion: mrdesoky0.notion.site/Ultimate-IDOR-… GitHub: github.com/mrdesoky0/vuln… #bugbountytips #IDOR #AppSec #InfoSec
then, BAC > low impact now, account take over > CIA = high
DUHHHH of course i look for BAC! Top 100 web app exploits listed by how common they are IDOR (object-level auth) Function-level auth bypass Role/privilege escalation Missing admin-endpoint access control Insecure direct file reference Mass assignment HTTP parameter pollution…
10 bsqli in 15 mins ⏳ and nearly 2 hour to dumb data and confirm 1- i set upped my bsqli payload using nuclei 2- used custom google dorks for params found success with it on the same program 3- gathered all links and run my tempelate on them 4- dumbed the data using ghauri
Hey bug bounty hunters ! I've reported info disclosure / sensitive data exposure vulns that all got accepted.. Here's what I've learned from digging into these; it's super useful when you're stuck on the main app and need to pivot to recon; when I'm out of ideas on the core app,…
🤦♂️
triaged todayyy :)))
Bug bounty life tips: - Triage downgrades your report? Ignore it, comments won’t save you. - Company says “aware of this issue”? Skip, no one helps. - CSRF and IDOR = same (in their eyes)? Skip, you’re “wrong.” - They fix your sqli while program suspended? Skip, you lose. Skip..
thanks @Qata for the helpful advice After several rounds of "Need more info", it finally got Triaged The big targets still have room for me :> #BugBounty
Happy for securing a new program at @Bugcrowd !! ALHAMDULLAH ❤ Writeup: medium.com/@MoSalah11/a-c… #BugBounty #bugbountytips #bugbountytip
Anyone can learn Web3 Security for $0! Resources: @CyfrinUpdraft is free @immunefi (Bug Bounty Writeups/Blogs) is free @TheSecureum is free @trailofbits (Blogs/Publications) is free @RektHQ is free @CryptoZombiesHQ is free @OpenZeppelin resources are free @ProgrammerSmart is…
↳ Bug Bounty Resource Guide Topics • SQL Injection …cking-resources-guide-2025.vercel.app/sql-injection • XSS (Cross-Site Scripting) …cking-resources-guide-2025.vercel.app/xss • CSRF (Cross-Site Request Forgery) …cking-resources-guide-2025.vercel.app/csrf • RCE (Remote Code Execution) …cking-resources-guide-2025.vercel.app/rce • LFI (Local File…
I was awarded $500 for a report that was closed as 'infomative' @Hacker0x01 > report an IDOR vuln > Couldn't prove 24 character ID enumeration > Report was closed as info > Still received the award #BugBounty
Took a short break, but still managed to bag a few high-severity finds while resting 🤝 #BugBounty #InfoSec #HackerLife #intigriti @intigriti
United States Trends
- 1. Good Saturday 17.7K posts
- 2. #LingOrm1st_ImpactFANCON 1.18M posts
- 3. Talus Labs 25.4K posts
- 4. #KirbyAirRiders 2,059 posts
- 5. Frankenstein 86K posts
- 6. Brown Jackson 6,164 posts
- 7. taylor york 9,552 posts
- 8. Giulia 16.3K posts
- 9. Justice Jackson 6,572 posts
- 10. Tulane 4,577 posts
- 11. The Supreme Court 150K posts
- 12. Collar 17.4K posts
- 13. Aaron Gordon 5,972 posts
- 14. Pluribus 32K posts
- 15. Russ 14.7K posts
- 16. Tatis 2,337 posts
- 17. The UN 93.1K posts
- 18. Ayn Rand 7,649 posts
- 19. #TheFutureIsTeal N/A
- 20. Capitol Police 38.3K posts
Something went wrong.
Something went wrong.