403 on /get_all_users 404 on /get_all_userz Then Justin Gardner fuzzed until a double-encoded “S” slipped past the NGINX filter. Result: 4.5M users' PII dumped. Bounty: $15K–$20K Full talk → youtu.be/PXqlHAoF2wc #BugBounty #DEFCON #BBV #AppSec #WebSecurity

New XSS Bypass Cloudflare WAF 🧱 Payload : %3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E #BugBounty #XSS #Cybersecurity

Why spend time manually converting JSON to XML to test for XXE? Just ask Burp AI in Repeater: it handles the transformation and delivers the exploit. Ben Sadeghipour demonstrates this massive shortcut for finding complex, overlooked bugs. 👇

Gareth Heyes just showed how to smuggle data from the URL hash directly into an event handler by making the element rewrite its own attributes. x.com/garethheyes/st… Let's see how it works:

Found an XSS but got blocked by the CSP? cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇

Let's talk manual testing for IDORs. I have pasted a payload from a redacted T-Mobile API below. It does not have a bug (that I am aware of) on it, I want to use this for educational purposes because its a great teaching opportunity. A: This is a URI path parameter representing

Free Bug Bounty course by Z-wink (the_IDORminator ) ranked #1 in the US on Bugcrowd! Learn from the best, especially if you're into IDOR & Broken Access Control: t.me/ZwinKU

I've just upgraded Turbo Intruder with a shiny new algorithm called HTTP Anomaly Rank, which automatically finds the most unusual responses in your attack! Here's a quick demo, full details in the writeup below: youtu.be/z92GobdN40Y

API Pentesting Series — Part 7 Before you attack APIs, you need a solid lab. This part covers: • Tooling (Burp, DevTools, Postman) • Discovery tools (Kiterunner, Nikto) • Docker-based vulnerable APIs • Full environment setup Notion Notes 🔗: notion.so/aacle/PART-7-A…

We’ve published a full guide on detecting React2Shell using Burp Suite. Both Burp Suite Professional and Burp Suite DAST now support updated ActiveScan++ v2.0.8 checks for Next.js, plus optional targeted Bambda tests for deeper investigation. Full breakdown:

How I Discovered 1,400+ Users’ PII Through a GraphQL Query — and Uncovered 5 More Bugs Using the Same Logic explore more: hackprove.com medium.com/@ayaa101/how-i…

As promised my second writeup is live now. From Default IIS Page to Critical SQL Injection: medium.com/p/from-default… #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection

I found an IDOR on a program. They paid me $5,000. Twice. Here is the story: 🧵

On episode 151 we talked about some advanced client-side topics, and here's part 1!

Full PoC – real-world bug bounty workflow 🐞 #bugbountytips 1️⃣ Enumerated IPs using Shodan + Censys 2️⃣ Identified an IP hosting Roundcube Webmail 3️⃣ Began endpoint fuzzing → /webmail returned 403 4️⃣ Continued fuzzing → discovered /webmail/logs (403 again) 5️⃣ Targeted log

Broken Access Control by adding a second parameter with the same name. Access control checks if the first instance of the customerId parameter has access. Then for some reason, server side does the lookup based on the second inserted customerId, resulting in data leak for other

Mock or test response .JSON files Whenever you are on a new #bugbounty target, search JS files for ".JSON". You may find paths to files in "/assets/mock/" or similar that contain PII or even secrets from testing, left there by accident. Got $10,000 💰 for this once.

x.com/i/article/2013…

chrome浏览器漏洞挖掘可以参考的

JS secret leaks = easy money in bug bounty 🔥 I built a FREE JS analyzer tool , just drop a link or a list of links and it extracts everything: 🔑API leaks, tokens, emails, usernames, passwords, and more… all in a clean, simple UI 💻🐞 👀Check it out here: