#bugbountytips
https://medium.com/@secureITmania/a-secret-note-to-bug-hunters-about-url-structure-and-its-parsers-2982f70ff6d6
https://medium.com/@omaidfaizyar/my-weirdest-bug-bounty-getting-pii-from-o365-b4477f4739e
https://medium.com/@sw33tlie/finding-a-p1-in-one-minute-with-shodan-io-rce-735e08123f52
https://medium.com/@thehacktivists/bypass-otp-verification-through-modifying-request-or-response-54d76cfb34c9
https://medium.com/bugbountywriteup/blocked-user-can-send-notification-due-to-logical-bug-in-instagram-first-instagram-bug-2bd09aa52f14
https://medium.com/@greedybucks/finding-confidential-documents-using-google-dorks-b09dcdd761c8
https://medium.com/bugbountywriteup/help-i-cant-find-bugs-88b005eb69a2
https://medium.com/swlh/ssrf-in-the-wild-e2c598900434
https://medium.com/@secureITmania/how-i-exploit-the-json-csrf-with-method-override-technique-71c0a9a7f3b0
#bugbounty
https://medium.com/@secureITmania/a-secret-note-to-bug-hunters-about-url-structure-and-its-parsers-2982f70ff6d6
https://medium.com/@omaidfaizyar/my-weirdest-bug-bounty-getting-pii-from-o365-b4477f4739e
https://medium.com/@sw33tlie/finding-a-p1-in-one-minute-with-shodan-io-rce-735e08123f52
https://medium.com/@thehacktivists/bypass-otp-verification-through-modifying-request-or-response-54d76cfb34c9
https://medium.com/bugbountywriteup/blocked-user-can-send-notification-due-to-logical-bug-in-instagram-first-instagram-bug-2bd09aa52f14
https://medium.com/@greedybucks/finding-confidential-documents-using-google-dorks-b09dcdd761c8
https://medium.com/bugbountywriteup/help-i-cant-find-bugs-88b005eb69a2
https://medium.com/swlh/ssrf-in-the-wild-e2c598900434
https://medium.com/@secureITmania/how-i-exploit-the-json-csrf-with-method-override-technique-71c0a9a7f3b0
#bugbounty
Medium
A secret note to Bug hunters about URL structure and its parsers.
Understanding the proper URL structure is important to every Bug bounty hunter. So lets go deep dive into the URL structure.
Hunting Tips.pdf
155.2 KB
Collection of #bugbountytips (from Twitter, Facebook,Portswigger,Medium..etc)
https://github.com/Ma4xSec/Hunting-Tips/blob/master/Hunting%20Tips.md
https://github.com/Ma4xSec/Hunting-Tips/blob/master/Hunting%20Tips.md
Logic flaw
https://medium.com/@jeppe.b.weikop/2fa-bypass-via-logical-rate-limiting-bypass-25ae2a4e1835
https://medium.com/@ritishkumarsingh/facebook-vulnerability-hidden-community-manager-in-pages-due-to-invitation-accept-logic-61ddbe229c97
https://medium.com/@milanmagyar/ggvulnz-how-i-hacked-hundreds-of-companies-through-google-groups-b69c658c8924
https://noobe.io/articles/2020-01/how-i-found-bug-google-search-console
https://medium.com/@raushanraj_65039/adding-a-malicious-notebook-to-be-treated-like-a-trusted-notebook-in-google-colab-1337-b84353a9f77
https://medium.com/@jbgrunewald/how-i-made-7500-from-my-first-bug-bounty-found-on-google-cloud-platform-1a5415d7569b
https://medium.com/nassec-cybersecurity-writeups/this-is-how-i-got-xxxx-from-facebook-for-instagram-bug-aaff50342246
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
https://medium.com/bugbountywriteup/bypassing-the-fix-of-my-previous-instagram-bug-49ece4ea7e1d
https://medium.com/@naufalseptiadi/live-video-facebook-application-android-its-not-expired-when-log-out-the-device-on-4d4e0b67b362
#bugbounty #bugbountytips
https://medium.com/@jeppe.b.weikop/2fa-bypass-via-logical-rate-limiting-bypass-25ae2a4e1835
https://medium.com/@ritishkumarsingh/facebook-vulnerability-hidden-community-manager-in-pages-due-to-invitation-accept-logic-61ddbe229c97
https://medium.com/@milanmagyar/ggvulnz-how-i-hacked-hundreds-of-companies-through-google-groups-b69c658c8924
https://noobe.io/articles/2020-01/how-i-found-bug-google-search-console
https://medium.com/@raushanraj_65039/adding-a-malicious-notebook-to-be-treated-like-a-trusted-notebook-in-google-colab-1337-b84353a9f77
https://medium.com/@jbgrunewald/how-i-made-7500-from-my-first-bug-bounty-found-on-google-cloud-platform-1a5415d7569b
https://medium.com/nassec-cybersecurity-writeups/this-is-how-i-got-xxxx-from-facebook-for-instagram-bug-aaff50342246
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
https://medium.com/bugbountywriteup/bypassing-the-fix-of-my-previous-instagram-bug-49ece4ea7e1d
https://medium.com/@naufalseptiadi/live-video-facebook-application-android-its-not-expired-when-log-out-the-device-on-4d4e0b67b362
#bugbounty #bugbountytips