Just found an unauth SSRF, I accessed cloud metadata with💥. 1. Found a sub that used a third-party framework.2. Got the source code of the framework on GitHub.3. Code base had a SSRF sink that took in controllable input.4. Checked live target -> Access to internal/cloud metadata.

Today was a good one

For anyone interested in Desktop Application Hacking - I found this talk to be a nice introduction:.

Here is the full writeup on my full Bug Bounty Challenge, I documented. I hope this will answer all questions I keep receiving:.

Was looking today into Cache Poisoning/Deception and found these resources, which I think are going to be pretty helpful:.

Just achieved a full ATO via XSS by bypassing Cloudflare WAF. Credits to @KN0X55 .The payload that bypassed the WAF was:

but I also want to get into research and more low level stuff.- Still going to keep working hard every day and I will still keep posting, if I find something interesting.- There are also still 3 payouts pending which will be 2-3k USD.- Writeup will follow. Thanks to everyone ✌️.

Day 150 - Bug Bounty. - Today will be my last post for this challenge, because I’ve achieved already all the goals I wanted to achieve .- I’m thanking everyone who followed along and I thank @techycodec08 who I got the initial idea from.- I will keep bug bounty hunting,. 1/2.

Day 149 - Bug Bounty . - Got paid for one issue today 🎉.- Also found an access control issue on a main app in combination with a low entropy token.- Kept trying to go for a RCE on an open-source program, without success so far. Total earned so far: $5650

Day 148 - Bug Bounty . - Exploited today a Paddle Oracle which was pretty interesting and new.- Did source code review and found a promising reachable sink, which I kept working on.- Continued working on my source code lead automation. Total earned so far: $5425.

Day 147 - Bug Bounty. - Kept going at a main application and found a couple of minor issues/gadgets.- One report came back as duplicate.- Found a potential RCE and worked on it multiple hours, just to realize that it wasn't exploitable at the end 💀. Total earned so far: $5425.

Day 146 - Bug Bounty. - Focused today on auth and OAuth issues.- Went deep into different OAuth flows, such as implicit, auth code grant, etc. - Found this presentation on OAuth sec which I think was very good and technical:. Total earned so far: $5425.

Day 145 - Bug Bounty . - Full day of hunting again today.- Focused mainly on auth and logic bugs.- Went through every feature and hunted with a goal, which helped thinking of different bypasses. Total earned so far: $5425.

Day 144 - Bug Bounty . - Went today deep in authentication flows.- Learned a lot about different edge cases using different encoding/null bytes.- Found this repo, which constantly updates the best ATO H1 reports:. Total earned so far: $5425.

Day 143 - Bug Bounty . - Kept hunting on a main application today.- Found an email verification bypass which made pre-account takeover possible .- Played around with some secret detection automation. Total earned so far: $5425.

Day 142 - Bug Bounty . - One report was triaged, it was a blind SSRF on a public target.- Focused today mainly on the authentication flow and logic of the app.- Found minor issues, but nothing reportable. Total earned so far: $5425

Day 141 - Bug Bounty. - Kept hunting today and only found a couple of gadgets.- Target seems pretty hardened.- Also kept on reviewing source code and for everyone asking, I found this to be an excellent resource for code review. Total earned so far: $5425.

Day 140 - Bug Bounty. - Started on a new target today .- Went deep into the docs to understand the app first.- Found a couple of interesting gadgets.- Came across this blog post which was nice:. Total earned so far: $5425.

Day 139 - Bug Bounty. - Continued reviewing source code.- Learned specifically about Python sinks that lead to code execution.- Was able to find code execution on a target with over 2000 stars on GitHub, but they don't pay bounties. Total earned so far: $5425.