After taking a computer security class in college I got into bug bounty and got a few bounties in the last couple months.
However so far I’ve only found bugs like subdomain takeover, reflected XSS, IDOR, DOS most of which basically include me doing decent recon and playing around with parameters in a web app but so far I don’t even know where to begin to look for RCE, XXE, SQLi, SSRF etc. I try running sqlmap but I assume that is just a trivial way to go about it. I found a few possible code injections but I can never figure out how much padding I need for a command or run into a lot of 500 responses.
My main question is so far I only learned how to check the front door of an application, the part that faces the user or the surface level. How do you go even begin to look for the big bugs? I don’t expect to insert 2 quotes in a query to crash a server but there has to be a way to recognize issues other than I dont know running sqlmap and hoping for the best.
I’m open to any and all suggestions.