whenever you saw any email input field!
70% bug hunters don't try XSS there as compared to name field.
always try this in email input field!
"<img/src/onerror=alert(0)"
@xss
.com
This don't work every time but give it a try found 2 XSS today using this!
#bugbountytips
Trying to improve my stats on HackerOne and spend 20 days 2 Hr/per day.
Found some medium, high and critical issues!
Tip: - always check company's/Organization employees GitHub account for leaked ghp_ token,
and check access to each repo of main organization
#bugbountytips
Found critical IDOR!
Attacker can delete all files on server within 2 minutes
Tips: - use match and replace tool in burp Create 1 attacker account and 1 victim account and replace set match to attacker account and replace set to victim account and test all functions of web app!
The 1st time I tried Bugcrowd! And found 1 P2 level vulnerability
Tip:- always try to check if the website is hosted on Netlify!
Then try:- for example the main domain name is Deepak
So i tried
60% people set Netlify CMS to public signup
#bugbountytips
Me and
@ArmanSameer95
, we both earned a $20,000 bounty on
@Bugcrowd
, it's always fun to collaborate with experienced and talented bug bounty hunters,
Best collaboration ever 💯,
Always try to find a way to escalate Vulnerability impact, 😉
#bugbounty
#Hacking
Discovered a Stored XSS on a well-tested domain. My mindset for successful bug hunting: No app is bug-free. People find critical bugs in older programs 6-7 years old program. Treat every program as new and start hunting! 🔍
#bugbounty
#XSS
bored??
1. Go to burp >> Match and replace
2. set response body false to true
3. set request body false to true
then browse HackerOne reports 😂 you can see Triager UI and some other features!
Bug hunter? slow internet? want a VPS for free $0 as beginners?
$200 credit for a year
Pre required:-
A College ID, Github Account , A credit card ( Don't worry not costing you single rupee )
Solution:-
Go to
Drop down interesting bug bounty writeups you ever read or you wrote!
Because i saw many writeups which are very interesting and valuable but have very little exposure to the community!
Let me and others learn from below posted writeups!!
#BugBounty
If you found XSS and in CSP policy unsafe-inline, inline script is disabled and script can be loaded from whitelisted domains "script-src 'self.
You can't upload script to current domain, but you see YouTube or google in whitelist domains IN CSP you can use this script below!
.
Just wrote a bash script which collect all wild and non-wild in scope domains from all programs
i had set this script to collect paid programs only but you can change it in the script
#bugbountytip
$500 for Stored xss!
First it was accepted as medium severity as i can't steal session cookies because it's secured, but i found that a endpoint exposed csrf token for doing various tasks
I can't code so i created full exploit using chatGPT and now it's marked as high
#bugbounty
First I reported XSS trigged as medium!
I am not satisfied with that later I chained it with account takeover! Got additional. $650
Tips: - if application have feature of Api key and you can't steal session cookies!
1/n
XSS --- severity - 8.9💀
Don't just report xss with alert popup, always try to chain it with critical action like i chain it with org takeover,
where when script execute!
ORG admin upgrade attacker to Admin and Original Admin remove himself from Org within 1 click!
Small start of 2023 with $75 hope this ends in $$$$$
+++ Bug/vulnerability :- Html injection + xss possibility, as i was able to break line but all event listeners filtered so i reported it as HTMLI
+++ Payload used = "<img/src="imageurl">"
@xss
.com
I was using YouTube usually and suddenly got a video showing a POC video of a vulnerability that i uploaded on HackerOne 😂😂
For the 1st 20 seconds I didn't realise that it's my POC video
Yay, I was awarded a $650 bounty on
@Hacker0x01
!
First I reported a XSS but with the help of ChatGPT, I am able to craft a attack which steal key having read and write permission
Medium 4.4 >>>>>> High 7.7
#TogetherWeHitHarder
I was very busy with exams nowadays and wasn't able to hunt bugs for the past 20 days, yesterday I spent 1 hr on a target and found xss where the content type is text/html but in body there is json body so using bad characters i am able to generate a error msg leads to xss
$300
Yay, I was awarded a $500 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
3rd bypass :) access control, always try to set param in url and in body sometimes backend take id from url and validate user but do changed in id in the body! [ both different ids]
Yay, I was awarded a $$$ bounty on
@Hacker0x01
!
And I completed 500 reputation points on HackerOne. Prior, I was not active on HackerOne, but in the past 2 months, I reported a few vulnerabilities and completed 500+ points!
#TogetherWeHitHarder
Yay, I was awarded a $$$$ bounty on
@Hacker0x01
!
#TogetherWeHitHarder
XSS bypass third time on same param! Program implemented fix using regex to prevent XSS but they forgot to set same for uppercase letters so i was able to bypass restriction!
Hi beginners bug hunters just advice please don't ask simple questions in DM or Tagging other hunters without doing your own research!
First Do some research and invest some time to find solutions on your own, If you still can't find solutions then ask me, i always reply,
(1)
$2,000 bounty for exploiting Django Debug mode exposed information about environment variables and vulnerable to many CVSS and i was able to extract AWS key/secret in error logs!
#BugBounty
#Hacking
#bugvsme
Just wrote 200 lines of javascript using AI to show an xss impact to be high, this took me 9 hours, hope for best 👀,
I just used as many functions to extract all data and created a script which works on each and every user, get I'ds combined with Post req. + csrf and all,
Because of bad triger i lost my $4,500
My report marked as informative reported on 16 may
And on
1 june reported again with good poc and today i got duplicate on 2nd report
And what i see is the same poc and the explanation report got triaged which is reported on 17 May :(
🙏 xss was easy to find on this endpoint but no one reported maybe they can't be able to bypass CSP!
As it's limited modified or control over script that's why they set it as low! 😬
#bugbounty
If you found XSS and in CSP policy unsafe-inline, inline script is disabled and script can be loaded from whitelisted domains "script-src 'self.
You can't upload script to current domain, but you see YouTube or google in whitelist domains IN CSP you can use this script below!
.
why XSS not works in 1st case ?
in 1st case i used ' ' and in 2nd and 3rd case i used ` `
New line in 1st case is causing problem syntax error, any way to execute XSS here i have full control user variable value <> '"` is encoded only /\()-+ is allowed and var = "xx\" (1/n)
Yay, I was awarded a $$$ bounty on
@Hacker0x01
!
#TogetherWeHitHarder
Always try to read the js file carefully if you don't understand something using ChatGPT to understand JS code, i found DOM XSS,
If you are not satisfied with severity set by triager, do speak to them and explain in detail why severity should be increased!
vulnerability was XSS to account takeover.
Here I explained in detailed to them.
See result: -
#bugbountytips
Got BOUNTY for bypassing the credit limit,
Turn on burp and explore web application later examine each and every api request that logged into burp! This takes a lot of time but is worthy it in the End 😉
#BugBounty
Crossed 1,000+ reputation on
@Hacker0x01
! 🎉 Started hunting seriously in Feb 2023, mainly on paid programs (95%) 🕵️♂️ Previously focused on self-hosted BB programs. Amazing experience with HackerOne! 💻
#BugBounty
$1250 equilateral bounty in crypto
Bug/vulnerability:- improper Authentication allows any user to act as Admin!
I tested all the endpoints which i found using "gau" and found vulnerable one
Tip:- Manual hunting (80%)+ some recon (20%) = good bounty
#bugbounty
#Hacking
$250 bounty for race condition vulnerability
>Always try Race condition vulnerability on premium features like a user can allow to do only 15 transactions( Free plan ) but due to race condition vulnerability, Attacker able to perform 200 transactions
#bugbounty
#bugbountytips
Demotivate can't be able to find any Vulnerability or bug from the past 10-15 days on ( BBP)
Bug bounty hunters what do you do in this situation?, Any suggestions?
Thank you
#bugbounty
Today i received a private invitation on HackerOne and i had reported a high severity bug in that program, but they are running 2 programs 1 VDP and 1 BB, is this acceptable on HackerOne?? even though both programs have the same scope,
I feel scammed for $2000 🙃
#BugBounty
Any way to close a script tag??
i am using </script> but blocked by Akamai
</Scr</Script//> -- blocked
%3c%2f%53%43%52%49%50%54%2f%2f%2f%2f%3e -- blocked
Hi
#Bugbounty
community and Bug hunters,
Any suggestions or alternatives for XSShunter?
How can someone host their own XSShunter with minimum cost,
Or anyone can build a xsshunter with a database managed by the user itself so data stored safely if possible??
If you send 3-5 hours a find a bug! Try to invest 30 minutes to write a good report with a high impact demonstration!
I was checking my old reports and noticed i could have increased severity i wrote a good report and showed maximum impact !
For example:-
Reminder :- Focus on heath guys, go to GYM or Running or any physical activity minimum 1 hr a day,
Don't just sit in front of PC and then go to sleep,
Physical activity or GYM really give mind/brain a refresh and kills stress