Subdomain Takeover guides, methodology and exploit POCs: https://aditya-narayan.medium.com/subdomain-takeover-guides-methodology-and-exploit-pocs-9f5dd632c175?source=rss------bug_bounty-5
Medium
Subdomain Takeover guides, methodology and exploit POCs
Another day in Bug Bounty journey, today I learned about Subdomain TakeOver vulnerability.
❤1
Beginners Guide for Exploiting Race Conditions: https://bitpanic.medium.com/beginners-guide-for-exploiting-race-conditions-ab73c843b44a?source=rss------bug_bounty-5
Medium
How It Works:
Way to mastering Race Conditions...
❤1
LFI: Identify the vulnerable endpoint and exploit that by reading
the “/etc/passwd” file.: https://medium.com/@aburayhan01734_18069/lfi-identify-the-vulnerable-endpoint-and-exploit-that-by-reading-the-etc-passwd-file-a9d0586f85c9?source=rss------bug_bounty-5
the “/etc/passwd” file.: https://medium.com/@aburayhan01734_18069/lfi-identify-the-vulnerable-endpoint-and-exploit-that-by-reading-the-etc-passwd-file-a9d0586f85c9?source=rss------bug_bounty-5
Medium
LFI: Identify the vulnerable endpoint and exploit that by reading
the “/etc/passwd” file.
the “/etc/passwd” file.
Description: After trying too many times, I finally identified a Local File Inclusion vulnerability. This
vulnerability occurs when a file…
vulnerability occurs when a file…
❤1
CSRF On Delete Profile: High Severity(7.1) HackerOne: https://medium.com/@josuofficial327/csrf-on-delete-profile-high-severity-7-1-hackerone-33bdb598ef67?source=rss------bug_bounty-5
Medium
CSRF On Delete Profile: High Severity(7.1) HackerOne
👨🏽💻
❤1
Blind XXE with OOB Interaction via XML Parameter Entities: https://osintteam.blog/blind-xxe-with-oob-interaction-via-xml-parameter-entities-97244bf2b85e?source=rss------bug_bounty-5
Medium
Blind XXE with OOB Interaction via XML Parameter Entities
Today, we’ll be learning about a vulnerability that is more like the real-world — a vulnerability that is blind.
❤1
From Comments to Command Execution: How an E-Book Platform Gave Me RCE: https://imooaaz.medium.com/from-comments-to-command-execution-how-an-e-book-platform-gave-me-rce-f27a079ca584?source=rss------bug_bounty-5
Medium
From Comments to Command Execution(RCE)
From Stored XSS to RCE via Unrestricted file upload.
❤1
Simple ATO in private program.: https://medium.com/@oXnoOneXo/simple-ato-in-private-program-890cd1485675?source=rss------bug_bounty-5
Medium
Simple ATO in private program.
Hello Friend. I’m gonna talk about a simple Account Takeover vulnerability I found in a private program at Bugcrowd so grab your coffee and…
❤1
SQL Injection via ORDER BY Parameter: https://medium.com/@mfthylmaz/sql-injection-via-order-by-parameter-a7cb7d04017f?source=rss------bug_bounty-5
Medium
SQL Injection via ORDER BY Parameter
Hi Guys In this blog post, I’ll share the details of an SQL Injection vulnerability I discovered while exploring a web application.
❤2
Mastering 403 Forbidden Bypass Techniques ✨: https://medium.com/@kumawatabhijeet2002/mastering-403-forbidden-bypass-techniques-4ab1482afe49?source=rss------bug_bounty-5
Medium
Mastering 403 Forbidden Bypass Techniques ✨
Are you tired of encountering frustrating 403 Forbidden errors that block your testing progress? Don’t worry! This guide will explore…
❤1
Get the hash of favicon of website (by url or file) and search it in Shodan, Censys and Virustotal.
favihash.com
favihash.com
👍5
Hunting for blind XSS vulnerabilities: A complete guide
https://www.intigriti.com/researchers/blog/hacking-tools/hunting-for-blind-cross-site-scripting-xss-vulnerabilities-a-complete-guide
https://www.intigriti.com/researchers/blog/hacking-tools/hunting-for-blind-cross-site-scripting-xss-vulnerabilities-a-complete-guide
Intigriti
Hunting for blind XSS vulnerabilities: A complete guide
Cross-site scripting (XSS) vulnerabilities are quite common and fun to find. They also carry great impact when chained with other vulnerabilities. But there's another variant of this vulnerability typ...
❤2👍1
Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal · Doyensec's Blog
https://blog.doyensec.com/2025/01/09/cspt-file-upload.html
https://blog.doyensec.com/2025/01/09/cspt-file-upload.html
Intigriti Bug Bytes #220 - January 2025 🚀
https://www.intigriti.com/researchers/blog/bug-bytes/bug-bytes-220-january-2025
https://www.intigriti.com/researchers/blog/bug-bytes/bug-bytes-220-january-2025
Intigriti
Intigriti Bug Bytes #220 - January 2025 🚀
Welcome to the first Bug Bytes of 2025! Each month, we team up with bug bounty experts to bring you insights, platform updates, new programs, and upcoming community events—all to help you find more b...
A Journey of Limited Path Traversal To RCE With $40,000 Bounty!
https://medium.com/@HX007/a-journey-of-limited-path-traversal-to-rce-with-40-000-bounty-fc63c89576ea
https://medium.com/@HX007/a-journey-of-limited-path-traversal-to-rce-with-40-000-bounty-fc63c89576ea
Medium
A Journey of Limited Path Traversal To RCE With $40,000 Bounty!
#Introduce Myself:
👍1
How a Business Logic Vulnerability Led to Unlimited Discount Redemption
https://www.hackerone.com/vulnerability-management/stripe-business-logic-error-bug
https://www.hackerone.com/vulnerability-management/stripe-business-logic-error-bug
HackerOne
How a Business Logic Vulnerability Led to Unlimited Discount Redemption
Learn about the impact, severity, and a real-world example of business logic vulnerabilities.