“Quick dirty scripts can sometimes work just as well as well-written software. And often, that means saving a lot of time, which is a scarce resource. This has been difficult to accept but it’s one of these things that separates software engineering from bug bounty hunting: breaking stuff doesn’t have to be elegant!”
Hello everyone, I’ve created an account on bugcrowd and submitted a few reports. While going through my reports I realized that I’ve made a mistake while recording a PoC. Is it possible to edit the report?
Good evening, is there perhaps a Legal Guide to BugBounty, I would certainly love such a resource so I know when I am within the boundaries.(eg. is it legal to port scan a target or may we only test for known web ports, If the programme says no scanners to be used, is content fuzzing still in allowed etc.)
If there isn’t one, I volunteer to write one up, in collaboration with the team(because I don’t know a lot so I will write if someone will check it. Or I can set up a questionnaire and ask the team to guide us), and then we can share it for everyone.(I am also going to ask on other platforms and then we can share it with all bugbounty hunters).
Sorry if this question has already been answered elsewhere.
Given the risks involved in conducting security testing, I’m wondering how often bug bounty researchers end up in legal trouble.
Do bug bounty researchers generally form an LLC to shield their personal assets from liability? Or do most researchers just maintain a sole proprietorship?
I’m new to bug bounty and this is my first post on this forum so I’m looking to expand my knowledge not to receive a bounty.
I’m having difficulties to prove impact so my reports are mostly triaged as informative although I’m convinced they could have impact.
For examples I found the following:
Importing a XLSX with XXE payload generates an error picked up by a slackbot with URL unfurling visiting my OAST url
I’m able to upload a PDF with javascript in it and embedded files but all data changing actions are performed by POST request and session & CSRF token cookies are Samesite=Lax
I’m able to enumerate the existing accounts
All these were triaged as informative. Is this reasonable?
Any advice on how to get a better view on the possible impact of these is more than appreciated.
I’m a complete beginner in bug bounties. I do some exercises in intentionally vulnerable applications and spend some time looking into bug bounty programs daily.
The web application that I’m looking into saves user posted images into a database after hashing the user provided filename with md5. I noticed that if you put some special characters in the filename like “/” the file is always saved with the same hash value. I was originally looking into if the hashing could be bypassed and store the original filename instead but apparently it is not possible.
So what I was wondering is could there be some exploit here since I thought maybe the application doesn’t properly validate user input. And is there a risk of causing unintentional damage to the system when doing this kind of testing? Also are the program runners interested in this kind of issues even if they don’t appear to cause security issues?
Hi , I found a subdomain which I think is vulnerable to subdomain takeover but it doesn’t have any cname records can someone point me in the right direction
I have a general question regarding Remote code execution via web shell upload.
I have done the simple lab on port swigger, but i don’t under stand the mechanism behind this vulnerability.
I uploaded a file with one line:
<?php echo "Shell";system($_GET['cmd']); ?>
I understand why this php code works for a web shell, i don’t understand why does the server execute this snippet?
Why does a get request to that resource causes the server to run this php code? or is it rendering the html inside it?
Hi,
A friend recently purchased an Aura Frame digital picture frame and I wondered if anyone has checked out their app, website, or even the frame itself. I am concerned about the security of the device and thought I would see if anyone had already tested them.
Hi, I’m Goldbug! I’m also relatively new to bug bounty.
However, I have learned that although many places and people recommend using Kali Linux, many of the tools used can also be used on windows. So if you have a windows computer or are used to using windows, that will work fine. I use windows with the Firefox browser, burp suite community edition, and connect them with the foxy-proxy Firefox extension.
I find InsiderPhd on YouTube to be an extremely helpful source for good information.
Hope this is helpful to you and much success on your journey!
I have a question about entering the bug bounty game. Over the past year or two I have taken a serious interest in web pen testing, coming from a web development background and being mostly an infrastructure/network hacker.
My question is in relation to WAFs such as Amazon Web Services Web Application Firewall.
All the books i’ve read cover the fundamentals such as XSS, SQLi, IDOR, SSRF etc. I have also taken courses in web application pen testing and API pen testing and feel that I have a solid knowledge of the concepts.
However, when it comes to bug bounty programs, most if not all of these sites and applications seem to be behind some kind of WAF, does that not make alot of these techniques useless? Or what am I not understanding?