The writeup is ready
(Subdomain Fuzzing worth 35k bounty!)
I tried my best to make everything clear,and useful
Enjoy :)
#BugBounty
#bugbountytip
#bugcrowd
Nice and Fast P1 in my fav prorgam ❤️️️
dirsearch>
/accesslogs/ (add it to your dirlist) >
directory listing>
Logs file >
700 users and admins password Disclosure :)
Good luck :)
#bugbounty
#bugcrowd
#bugbountytips
I earned $7,500 for my submission on
@bugcrowd
with
@GodfatherOrwa
#tip
:
Found admin[.]target[.]com>no thing in github>reading js>found an other domain with the same back-fornt end>admin.devtarget[.]com>searched in github>found user,pass>worked>Auth Bypass
2 tips here are more important than hacking tip :)
* Choose someone you trust
* There should be a program that you can called it ( Fav program )
we spent months in this program and here are some bugs we found
* Auth Bypass 15k
* RCE 16k
* SQLI 15k
#bugbountytip
#bugcrowd
@GodfatherOrwa
@Bugcrowd
When u see `javax.faces.ViewState`,always test it using `jexboss`using this command`python3 -u xxx --cmd "Your OOB Command " --app-unserialize`,also use`Java Deserialization Scanner`by scanning `javax.faces.ViewState`to find the right`gadget` best luck :)
Response manipulation is becoming popular than past
Login with a valid username (use random password) ~ inspect the response ~ change "login: false" to true, auth bypass, that leads to PII disclosure,BAC
Good luck :)
#bugbounty
#bugcrowd
#bugbountytips
How my friend got a Rce, sqli in Facebook❤️
And another Authentication Bypass by me ♥️
Orwa is one of my Best friends
He started with nothing only with GitHub leaks,
In few months, just few
He made his way in Facebook hof
With sqli rce
He love to learn more, working hard❤️
In most of cases, you should be authenticated,
In rare case you don't have to
if you should be authenticated
you can go to
target[.]com/libs/granite/core/content/login.html
in try one of this AEM default credentials
in my case it was anonymous:anonymous
@GodfatherOrwa
@Bugcrowd
Response manipulation is becoming popular than past
Login with a valid username (use random password) ~ inspect the response ~ change "login: false" to true, auth bypass, that leads to PII disclosure,BAC
Good luck :)
#bugbounty
#bugcrowd
#bugbountytips
🚨BREAKING: NEW FOOTAGE SHOWS ISRAELI ARMY MASSACRED PATIENTS AT INDONESIAN HOSPITAL
⚠️Warning: Graphic Footage.
New details have emerged regarding the siege by Israeli forces on the Indonesian Hospital in the northern Gaza Strip on November 20, 2023.
Reports indicate that
@TheMsterDoctor1
When you copy And paste something
Please edit the post
When i shared this tip, i made a mistake in (prorgam) it should be (Program) fix it 😉🙃
@haxor31337
@Bugcrowd
@bsysop
Nice one!
I really loved this new feature from bugcrowd (collaboration in private bbp if your friend invited too)
By the way, I think we work in the same program😂
Good luck ❤
@Masonhck3571
I have been bug hunter for 1.7 year
In this 1.7 I daily open H1 hacktivity reading new reports, writing new notes
Every day, before I start hacking
This helped me a lot ❤
Congratulations and a big thank you to everyone who participated in the
#HackerCup2022
! 👏
In 1st place, taking home $10,000, awesome swag, and bragging rights is... ⤵️
🥇 Tess's Squad with 5925 points!
#BCTeamHunt
@0x_rood
Hi
@0x_rood
thx mate
about the condition it depends
for E.G of the response was 301, u should match 301 and replace it with 200 , or 302 ...etc , sometimes 401,or 402
also redirects headers like `Location` and also in the HTML response
you know what we think?
#bughunters
deserve gifts 😍 Follow the link before to learn how you can be entered into our MONEY TALKS GIVEAWAY simply for doing what you already do best;
#bughunting
🐛
#hacking
#bugbounty
@haxor31337
Thank you ♥️
Sometime the crictal impact bugs can come with easy exploit
In program i reported rce just by puting in the paramter value ";id"
Like
Paramter=1;id, and it was not oob or blind 😂
@_2os5
For example:
U find RCE in Admin[.]target[.]com and it fixed
U will FUZZING like AdminFUZZ[.]target[.]com
U maybe find AdminDev[.]target[.]com and it have the same RCE
🇵🇸🇮🇱 Retired IDF soldiers talk about their experience in the Israeli military and laugh as they do so.
“One of the soldiers r*ped a 16-year-girl *laugh*”
“He put Palestinians in a cage and killed them”
“Soldiers chased villagers with flamethrowers and set them on fire”
“If I
@awaisaskanii
For example:
U find RCE in Admin[.]target[.]com and it fixed
U will FUZZING like AdminFUZZ[.]target[.]com
U maybe find a AdminDev[.]target[.]com and it have the same RCE
مقتطفات من حفل إطلاق "منصة مكافأة الثغرات واختبارات الاختراقات الأردنية"والتي أطلقها #المركز_الوطني_للأمن_السيبراني يوم الإثنين الموافق ٢٢ أيار، ٢٠٢٣ بالتعاون مع شركة أكتوبيان سيكيوريتي
#NCSCJO
#bugbounty
@iirode0
In Amazon
1_Choking Rescue Device for Kids and Adults, Arixmed Anti Choking Device, Portable Airway Suction Device, First Aid Choking Device
2_Automatic Choking Rescue Device for Kids and Adults with 3 Masks
@caseyjohnellis
I didn't report anything related to this cve
As a full-time bug hunter,I prefer to wait for 15-30 days then start to test for new cve, This would give programs time to fix their bugs
I think this is the best practice for any new cve as a bug hunter
BTW I don't love easy wins :)
@disnhau
@GodfatherOrwa
@Bugcrowd
The Main bug was auth bypass to admin panel, P1 of course, But I decided to dig deeper in this panel, I found rce sqli ..etc , so auth bypass P1 But when you find RCE it also will still as p1 but the payout will be more since the impact not only auth bypass