When you see a target as "*.website.com " that means that you are able to hack on that domain and any sub-domain under that domain.
Hi there!
I wanna ask about duplicates. If a researcher discovered a bug with P3 priority and after submit this bug marked as duplicate and priority is downgraded to P4. Why it happens? Is it common behaviour to set duplicates to P4?
@fal0ker - the duplicate will receive the priority of the original bug. If for some reason this wasn’t the case and you’ve got a question about a particular submission, please email support@bugcrowd.com 
Hi @samhouston , I was finding vulnerability in one of the website and find out that they are sending credential in plain text. Is it a vulnerability ? Could you please let me know in which category I can put this bug and what is the severity of this bug?
Hi @samhouston
The web application is converting special character and brackets to URL encode . Is there any way to bypass it and inject the code?
insecure data transport > clearText transmission of Sensitive data
Which special characters are being URL encoded? Maybe try double URL encoding or other encodings. Perhaps make a separate thread for this on the Web Hacking section of the forum.
1 Like
Hey @teppay! I would recommend using either a checklist methodology such as OWASP testing guide or building out a mind map for better organization while testing.
2 Likes
Hello I need to know. Is a External SSRF where an attacker can only make a request to a different host and if it is. What is the impact?
External SSRF would be a different external host, for example where there’s a slack integration function but instead of Slack you manage to change the request to fetch another external site. This isn’t really impactful in most scenarios - the most impactful SSRF is when you manage to start reading ‘internal’ hosts and this can go from quite severe (P2) to just blind SSRF where you can only enumerate live hosts or live ports, which is more P3, P4 territory.
I found this parameter where I put some XML code, it makes a request to a website I want it to. Its like using the programs website as a proxy. How impactful is this?
For external SSRF, not very, but it also depends if you get to ‘see’ the full response. If so, like I said, try putting in ‘internal IP’ ranges to see if you can start reading internal systems.
There’s a good list of payloads/ideas you can try here
Thinking of SSL, specifically a Sweet32 attack, how do you properly provide a proof of concept? A lot of companies won’t take an nmap or burpsuite scan so how exactly do u go about having a proper proof of concept with out actually hurting anything?
Hi,
I am new to hacking. I know some code basics but still, I am very new.
To read up on disclosure reports, would it be highly advised to set up a virtual machine before going to the bugged links or is opening up a new window sufficient, safety-wise?
What is the meaning of “Safe Harbor” and “Managed by Bugcrowd”?
“Managed by Bugcrowd” means the program is managed by bugcrowd itself, all your reports will validate by bugcrowd first and then the valid ones will be sent to the company.
Safe harbor refers to a legal provision to reduce or eliminate legal or regulatory liability in certain situations as long as certain conditions are met. (google)
Hello Everyone,
Looking at 4 encrypted strings for the same password, and noticed first few chars are same for all the strings, and the rest of the string is been changing. Can you guys help me in understanding why the first few characters are same every time ?
Thanks
Hello everyone, everything good?
I’m extremely novice in this area, I’ve been studying about a while ago and I’m having a hard time, I think, although it’s a short time (I know), I’ve really hit my head and felt bad for reports not applicable or which I thought were one thing but turned out not to be.
I would like to know if I could describe here what I know, what I have studied, etc. so that I can gain a targeting, tips and even know if I am on the right track or if I have done / studied the way wrong? It would help me a lot to know what I need to improve (I think I have a little idea of what it might be), besides wanting to know the most important thing that would be how I can improve in these aspects and how I can take advantage of what I already know, case be useful and I really know something that has some value. Sorry for bothering lately, I’ve sent you some wrong reports and I know how much of a burden it is to both companies and to BugCrowd’s own people, having to read and often reach the end of a long text to see what it is just some silly mistake, a rabbit hole, a false positive or anything of the sort. Making unintentional mistakes and maybe they might hurt me too but I’m trying, you know? I’m really giving my best, even failing, I want to correct myself, improve myself, learn and know which way I should go and how I can improve, that would be great, if anyone can give me that chance. Sorry again for the inconvenience.
Hi im new on bug bounty. I only got $300 since i started bung hunting. Usually i research on lokal web, now im trying to find on bugcrowd program & h1.
I reported an issue on ****( program on bugcrowd) then cliff_bugcrowd triage its.
After a couple of day cliff_bugcrowd make my report “won’t fix”. But after reproduce my PoC this bug is fixed (even there is no sec issue they said).
I hope someone can explain this. I confused rightnow . Thx.
Btw you can watch my write up on YT :
I feel your pain. This is unfortunately a common occurence on all crowdsourced programs (not just bugcrowd). When it happens to me I just avoid that program going forward. You could write to support to ask for a further explanation but as there is no formal escalation process this is very hit and miss.