Update alert - check out what's new for you on the Vidoc platform. We released some cool new features that might be super useful for your bounty hunting or research!
#bugbountytips
Vulnerability that made us 30 000$ richer (and we still submit reports) - XSS in Swagger-UI related to a bug in DOMPurify - many people waited for this writeup so here you are. Article by
@kannthu1
- happy hacking!
Know any 403 and 404 bypass hacks? We did research on common auth bypass techniques and created new templates in Vidoc Research. Article by
@KlaKlo_
, check it out:
How we made $120 000 in bug bounty programs with our tool and started a company in 2022 - we described our journey in a new article. Lots of tips based on months of research and 143 bug bounty reports.
How to detect AWS S3 Bucket Takeover? 🧐
You can simply make a GET HTTP request to the base
path ("/") and see if there is The specified bucket does
not exist error.
You should see something like this:
1/5
🧵 AWS S3 Bucket Takeover Vulnerabilities 🧵
In this thread, we will dive into what AWS S3 takeovers
are, how to maximize the impact and thus bounty for
them.
Don’t skip it because you might be missing out
on easy bounties.
1/11
#bugbounty
#bugbountytip
Happy to share a new article with you, this time we write about recon - why it is hard to do it right, what are the most common problems and how to solve them (wink, wink - Vidoc Research tool) ;) Check out the blogpost and let us know what you think!
What is the vulnerability in this code?
There is a little-known technique that is similar to No-SQL injections that can be used against some ORMs in Node.js (like Prisma) ;)
Here is the solution👇
1/5
Application.ini File Disclosure. How to find this High
vulnerability?
Yes, you are right. Here we have another easy hack to
show you. Keep reading! 👇
1/5
Unauthorized Jenkins Dashboards 🔓
Don't you love when you find a high vulnerability?
Cause we do, and we are here to show you how.
So keep reading! 👇
1/5
You found a Django app with debug mode enabled, now what?
Here are some learnings of how to escalate it to higher severity 👇 (from low/medium to high/critical)
#bugbountytips
#bugbountytip
#vidoc
Do you know you can balance XSS payloads?
If not, let us show you how! 👇
This is key when bug hunting or pentesting, cause it
shapes your payloads to fit your target's source code.
Allowing you to find XSS vulnerabilities that were
hidden from the inexperienced eye.
1/3
How to exploit it?
Instead of sending normal password send object:
{
"not": null
}
The payload will make sure that the password always matches - like "1=1" in SQL
4/5
Many of you asked about details of the tool we are working on - check out this article, feel free to sign up for early access. Thanks
@kannthu1
and
@KlaKlo_
for awesome work!
Apache Flink Dashboard - how to find them and where to look for sensitive data exposure?
Apache Flink is a robust open-source stream and batch processing framework that has gained much traction in the big data community in recent years.
Wanna know more? 👇
Last year we made $120k in bounties, most of it was easy and repeatable vulnerabilities. Once we detect it on one endpoint we usually scan whole infrastructure of the company for the same bug. Often we find it in several places
#bugbountytips
Check your inbox - we just sent a Nuclei template with Swagger-UI XSS vulnerability to our subscribers! If you are interested in our research and still didn't sign up for our newsletter, here is the link:
If you want to know why collab is important and how we made 120k in 2022 check out our first video, we share lots of
#bugbountytips
.
Many thanks for
@gregxsunday
,
@haqpl
and
@OlivettiOriana
- it wouldn't be possible without you, it was a great year!
Hi everyone! We're excited to announce the launch of the new version of Vidoc Research - web-based security tool for researchers, bounty hunters, and engineers. It's packed with new features to help you work smarter, not harder.
Feeling nosy today? 🕵️ We'll show you how to snoop
around Exposed Git Directories so you can do some
good and help organizations secure their repositories.
Wanna be the superhero today? Keep reading then 👇
1/4
New feature alert 🚨
After we made a $120k bug bounty in the year we kept getting questions about how we did it.
So we are releasing Automated Scans - now you can now schedule modules to run every hour, day, week..
And automate your
#bugbounty
hunting like we did :)
Let's start looking for this vulnerability. To do so, you can:
Google dork 🔎
1. Go to
2. Search for - intitle:"index of" "parameters.yml.test"
OR "parameters.yml.dist" - More information at
Shodan dork 🔍
1. Go to
Are your API endpoints secured against hackers?
If not, let us show you how! 👇
This is key when developing web and mobile applications, because juicy stuff can be taken from an unprotected API. And you don’t want that to happen!
1/3
We love hacking too, so to show our appreciation for all the hard-working bug bounty hunters, we're giving away 3 MONTHLY SUBSCRIPTIONS of Vidoc Research.
Share in comments who motivates you the most in security community and why, we will reward most inspiring answers
#bugbounty
Top discovered vulnerability using Vidoc in 2023? 🧐
Springboot Heapdump Actuator panel
misconfiguration!
Congrats to all bounty hunters who found it and
reported the issue! 🥳
Don’t know what Springboot Heapdump Actuator is?
Check out our Module Library and find out how
Did you know you can use Google to identify sensitive
information from web applications? 🔍
This is called Google Dorking and it can also be used for fingerprinting websites.
It's basically a search string that uses advanced queries
to find information that is not easily
Fiercely defend your server's resources 🛡️ Cause hackers will only take advantage of them ⚔️
Exploitation may lead to DoS, making the API unresponsive or even unavailable to legitimate users.
But worry not, cause here are a few things you can do to secure your API endpoints 👇
Exciting news! 🚀 Vidoc Security Lab just got a boost with an investment from bValue Fund. This is just the beginning, new cool features are coming soon so stay tuned hackers!
Next time you see that some server run on Node.js use this payload:
{
"not": null
}
as a value of some body parameters, it might earn you some nice bounties:)
5/5
How to find Next.js applications?
1. Create an account on Vidoc for free
2. Start Recon on some domain (example - ) and wait for it to finish
3. Go to Recon -> "Explore Data"
4. Search for "Technology next.js" - our AI search will find all Next.js apps:)
How to list all of those pages and corresponding .js files?
1. Go to the page using Next.js -
2. Right-click and "Inspect" -> Tab "Sources"
3. Ctrl+F or Command + F (on Mac) and search for "_buildManifest.js"
4. Open the file
4/5
#jobopportunity
👩💻👨💻
We are currently seeking a skilled Content Creator to
develop engaging articles for our blog and other
platforms. 🧐
If you have experience in this field and a passion for
creating compelling tech content, reach out to us!
Please send us an email at
How can you find this in the wild?
Google dork 🔍
1. Go to https: //google.com
2. Search for - intitle:"Dashboard [Jenkins]"
Shodan dork 🔎
1. Go to https: //shodan.io
2. Search for - html:"Dashboard [Jenkins]"
3/5
Vidoc Platform is going live now! Chosen researchers already got access to the tool. Everybody who signed up for the waitlist will get early access on 10th of October, and if you still didn’t check out the waitlist, here is the link:
Check out - you can get a Recon automation for free:) (and find servers that use Node.js)
We just launched FREE tier with:
- notifications about new subdomains
- 1 monitored domain (you can change it every 24h)
- search of the data
6/5
Nice, what I can do with that?
- Fetch hidden .js files that can contain secrets 🤑
- Look for some hidden admin or internal pages that might have hidden functionality
How to fetch the ".js" files? (tutorial in the photo)
@gregxsunday
We were always most annoyed with garbage recon data, but we solved this problem. You inspired us to write an article actually, thanks Greg and everybody for comments
The beauty of Next.js is its file-based routing system.
Each file inside the 'pages' folder corresponds to a route in your application. Meaning, if you've 'contact.js' inside your 'pages' folder, it translates to '/contact'.
You with me? 👀
3/5
Wow, it looks like you really like our new Automated Scans feature! Happy to see how many of you are using it. Thank you all for the feedback 😎
For those who haven't checked it out yet, here's a quick tutorial 👇
Black Friday starts today!
- 50% discount for our existing users for Module Requests
- 90% discount on subscription fee for new users with code: VIDOC1337
Enjoy!
To find Apache Flink Dashboards you need to:
Google dork 🔎
1. Go to
2. Search for - intitle:"Apache Flink Web Dashboard"
Shodan dork 🔍
1. Go to
2. Search for - http.title:"Apache Flink Web Dashboard"
Don't you feel like doing this manually?
No issues, as our VIDOC tool has a specific module for
this, with even more matching conditions to take your
bug hunting to the next level!
Give it a look at
5/5
API security
#tip
- don't share more information than is absolutely necessary!
(unless you want to be a good target for hackers, and not only ethical ones)
Why? Just keep reading 👇
Delighted to share a wonderful Christmas baking experience with Vidoc Security Lab Team! 🍪🎄
Our day was filled with the warmth of holiday spices and the joy of creating delicious gingerbread cookies together.
Grateful for moments like these that bring festive cheer.
#HappyHolidays
🎄🎄🎄
May your holidays be filled with well-deserved time
with loved ones, and may the New Year bring you the
joy of uncovering elusive vulnerabilities and the thrill of
solving complex security puzzles.
By the way, just a reminder, until the end of December
Another interesting insight for you:
Do you want to know the most searched query in the recon tab?
Yes, we had thousands of those.
It looks like many hackers think alike 😀
Also, yes, it's that easy to do recon with
@vidocsecurity
Check it out if you are planning to do
🎉 Exciting News, Hackers! 🎉
We're thrilled to announce the launch of our FREE tier of Vidoc.
Now, you can experience the full power and potential of our tool without spending $$
Cybersecurity October event in Barcelona went well! Thanks to everyone for attending. Stay tuned for more, because we are planning some events dedicated to tech security people as well. Special thanks to
@georgianabirdan
from
@egldwomen
for being amazing guests.
#ECSM2023
We were really surprise to see this one 😃
The most frequently targeted domains for
reconnaissance using Vidoc in 2023 was Dell, Google
and Fisglobal in the top 3!
Did you do security research on them? 🧐
Are you surprised by this summary? 😲
Let us know ✨
#Vidoc2023
Protect your data with VIDOC during Data Privacy Week!
Explore VIDOC:
✔️ Automation platform for your security team
✔️ 30% off for your business during Data Privacy Week
✔️ Book a demo and elevate your web application security
#DataPrivacyWeek
#Cybersecurity
#VIDOC
#BookDemo
Let's see how you can leverage search engines to find Exposed Kafka UIs:
Google dork 🔎
1. Go to
2. Search for - intitle:"UI for Apache Kafka in Google search bar"
Shodan dork 🔍
1. Go to
2. Search - http.title:"UI for Apache
Wow, you guys are awesome!
6,000,000,000 HTTP scanner requests were sent on Vidoc in 2023!
We're super happy to see you using the platform and being a part of our journey :)
Would anyone like to share their
#bugbounty
story?
Or maybe you have some special requests or ideas
Don't trust the frontend of your application with this validation.
Because bad actors can modify the requests and try
different objectIDs without needing the UI's permission
to do so. And could end up retrieving information
relevant to other users.
Show them that 403
The not-so-funny part comes now, as you will have to revise the results for worthy findings.
But worry not, because our VIDOC platform comes with a module to check Apache Kafka Unauthorized UI Exposure for you on the targets you desire.
Come and give it a look!
Have you heard?
We have released a new feature that will take your work
to the next level 😯⁉️
How come?
Cause we have an AI Security Assistant waiting for you
and your team on the VIDOC platform!🤖
1/3
Do you keep your secrets safe?
Not those 😏 We are talking about the secrets in your applications! The ones used to communicate between systems and services.
Oh, you are not sure? Let us tell you something then👇
Once you gather some results, it's time to review the
findings and the information disclosed.
Do you see any db.user and db.password?
If that's the case, then you got yourself a High
vulnerability to report! 🪲
4/5
This way you always have a newest info on your target infrastructure, scans always run on the latest data from recon. And it's super easy, you don’t need to setup complicated infrastructure.
Profit? You tell us about it when you get your bounty!
What is ORM?
ORM allows you to interact with your DB in an object-oriented way. It abstracts & handles the DB interactions, letting you deal with data as objects and methods in your chosen programming language and it automatically prevents any SQL injections
2/5
So what is Application.ini? 🤔
It's the Zend PHP framework's configuration file. If
misconfigured, it could lead to unauthorized access to
sensitive information, resulting in data breaches, data
modifications, or even complete system compromise.
2/5
Okay, but where is the vulnerability?
The endpoint in the first example does not sanitize the body parameters (email and password) - it just takes the email and password and uses it to fetch user using the Prisma ORM
3/5
So what is Parameters.yml? 🤔
It’s s a juicy file commonly used in Symfony-based
applications for storing configuration parameters.
If misconfigured, it can expose sensitive information
such as database credentials and application secrets.
2/5
What am I doing? 😯
This dork searches for exposed .git directories within a
specific domain, which can reveal a treasure trove of
source code and development history.
That’s why you should help organizations be aware of
misconfigured repositories.
3/4