First I reported XSS trigged as medium!

I am not satisfied with that later I chained it with account takeover! Got additional. $650

Tips: - if application have feature of Api key and you can't steal session cookies!

1/n

More : 👇

https://twitter.com/bug_vs_me/status/1634090120658780162?t=X54aRAVY05Ajv0zosKda4Q&s=19

Tips 🌿🌻🍂

whenever you saw any email input field!

70% bug hunters don't try XSS there as compared to name field.

always try this in email input field!

"<img/src/onerror=alert(0)"@xss.com

This don't work every time but give it a try found 2 XSS today using this!

Tips 🌿🌻🍂 👆

TIP:

🛡️ Admin panel access using %20 🛡️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

[+] Card Payment Functionality - Checklist

#bugbounty #infosec

📚Book of Bugbounty Tips 🔖

https://gowsundar.gitbook.io/book-of-bugbounty-tips/elastic-search

My API hacking Notes #1

What I learned from reading 220* IDOR bug reports.

Credit: _nyan

https://medium.com/@nynan/what-i-learnt-from-reading-220-idor-bug-reports-6efbea44db7

Hey 🖐 , Those Who are Interested in AI & ML learning Tips & Tricks can join This
Telegram Group : https://t.me/ai_ml_tips

SSRF bible
https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit

Blind XSS Tips
- Create an Account
- Delete/Deactivate Account
- If the website asks for feedback, Put your payload.

#bugbountytips #BugBounty

Best Checklist IDOR

#bugbounty #bugbountytip #bugbountytips #idor

Hello Team,

There is a web application security course from TCM security running in discount.

Course Name: Practical Web Application Security & Testing
Provider: TCM Security
Course Link: https://academy.tcm-sec.com/p/practical-web-application-security-and-testing
Orginal Price: $29.99
Coupon Code: HAPPYBIRTHDAYTAGGART
Discount Price: $1.18 (Inc. TAX)