i have question about sub domains. Suppose if we find sub domains of site x(example.com) with knock py and we get sub domain as example.herukodns.com than how we can say that sub domain belongs to site x
I am new to bug bounty hunting and just started reading and practicing it.I came across a site with response code 500.Is this page vulnerable, is a DoS attack possible for the following case?
I’m new to Bug Bounty.What’s responsible disclosure form and what regulations i should follow before to start working with penetration testing tools against applications?
I have found a vulnerability in a .gov website with a harmless POC included. However, from what I can tell, the state lacks any sort of public disclosure program and appears fairly hostile towards researchers. In the private sector, the same vulnerability falls into the P2 category. It would not likely be considered a P2 on the state .gov website, so I’m not sure if it warrants disclosure if prosecution is on the table. (I haven’t broken the law but I have the feeling the state has a fairly poor understanding of “hacking.”)
Someone pointed me towards this: https://vulcoord.cert.org/VulReport/gov. My first thought would be to submit a report anonymously, but my POC included the email assosciated with H1 and Bugcrowd. I can remove it and then report it, but if the state seeks prosecution, they’ll be able to find it again.
Disclaimer: Noob here
Found an interesting vulnerability in ASP.NET application that allows arbitrary file upload (that could lead to RCE). But in order to achieve RCE the attacker needs to know the exact path to web root and that’s where I am currently stuck. So just wanted to know if there’s any way I can find web root? the vulnerability itself is quite serious but want to demonstrate the maximum possible impact. Need expert advice on this.
EDIT: I can only provide OS paths like C:\Windows or C:\ProgramData etc. but I don’t know www.example.com/webroot corresponds to which directory on the system
In my question, some of the characters are filtered, so I have copied into the image file. Thanks in advance.
I am just starting out with Bug Bounties and I have run into my first roadblock concerning scoping. In the rules of engagement for Twilio it states that: All Third party hosted services, such as support.twilio.com are explicitly out of scope. But the scope includes *.twilio.com
The last statement is confusing me. How does one determine if you are looking at a third-party service vs. non-third party service.
Reference this page for further information: https://bugcrowd.com/twilio
Thanks in advance for the help or pointing me to something to learn.
If a site is vulnerable to a XSS attack vector when injected in HEX encoding, then what is the remediation step?
I’m a newbie. Thanks in advance .
I would like to know how to develop myself to find vulnerabilities in applications on Windows.
What books to read, courses to watch?
What sites can be trained? maybe there is some kind of analog topcoder, only to find bugs in applications on windows, for training.
How important is the reverse engineering in this matter. And how to better study it (books, training, etc).
what better tools to use, what approaches exist?
successful stories of finding bugs.
Or something else that I forgot to mention.
I have good amount of knowledge of hunting bugs from reading alot of books,blogs practicing my skills on Vulnerable labs and watching videos. I was learning bug hunting on my own like most of the hackers do from past few months so few days back i thought i should try to find bugs on bugcrowd and i was successfully found 2,3 bugs that got duplicate but thats not the problem. the problem i am facing is that i couldn’t found a way of proper Recon. i searched alot on internet watched jhadix all 4 videos on recon but still im failing in recon.
i just want to ask for a proper recon techniques with proper tools if anyone can guide me to a blog or video i would love to watch/read it.
Sorry for my bad English waiting for a positive response.
i was about to ask babayaga on facebook for his recon techniques but you gave me his write-up thank you .
Hello BugCrowd, please excuse a noob question
I’m a developer with an interest in mobile apps security.
I’ve found two vulnerabilities in a bank related android application that I use. (in fact 500k people use)
After working 1 day for a POC script to exploit it I contacted them.
Everything was very nice, they said they pay some bounty but cannot say more until I disclose.
So I summited them the report, they got it, acknowledged the vulnerabilities and said they’ll contact me “later”.
But couple of days passed and no one contacted me. They are a small startup with ~20 employees.
I didn’t signed any NDA, I have screenshots of all the conversations
My question is: what to do now?
Should I give them 30 days to fix it and then publish it on my blog?
At lest they should do some credits, because if they fix it tomorrow it will be unprofessional from their part.
Hey guys, I’m very new to bug bounty hunting but really keen to make a start and have lots of time to dedicate to it. I have a relatively good understanding of cyber security as I am currently studying computer science. There is some really good information on this thread but as newbie I just wanted to know what areas I should be making sure I have a good understanding of to begin hunting for my first bounty. If some of you could share your experiences about how you got started and maybe some helpful resources to get started that would be great!
from my personal experience i would say start with reading books:
- The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, 2nd Edition
- OWASP Testing Guide v4
- Web Hacking 101: How to Make Money Hacking Ethically
- Breaking into Information Security: Learning the Ropes 101
- Mastering Modern Web Penetration Testing
Practice your skills on vulnerable labs like:
some more resources:
This is a good start apart from this read other people blogs , write-ups, watch conference videos and others hunters/hackers talk on youtube and don’t forget Google is your best friend. Thats how i started and i hope this will help you.
I Want to ask question a question that i found an xss in username field in login of the website, when we provide wrong username it shows alert that username doesn’t exists and here they didn’t validate the input and it’s in POST request. but it still can’t be use to harm other user’s because through UI it shows xss popup but when i sent the request in burp it shows json response and not html. and website uses APS.net With Signr framework.