How I Found a P1 Bug in a Bug Bounty Program (Step-by-Step Guide)
This article details the discovery of an XSS vulnerability due to insufficient input validation and lack of Content Security Policy (CSP). The application accepted user input for a query parameter without proper sanitization, allowing script injection through the 'query' field. By injecting a JavaScript payload containing document.cookie manipulation code, the researcher was able to set and persist a PHPSESSID cookie on the victim's device. This payload was executed by the browser, creating a persistent session cookie that allowed an attacker to maintain unauthorized sessions and gain access to other users' accounts without needing their login credentials. The vulnerability paid out $1,000, and the organization addressed it by implementing strong input validation and setting appropriate CSP headers—never trust user-controlled data for security decisions. Key lesson: Validate inputs and enforce strict Content Security Policies to prevent XSS attacks. #BugBounty #XSS #CSP #InputValidation #Infosec
Understanding OTP Verification Bypass via Client-Side Response Manipulation
This article describes an authentication bypass vulnerability caused by insufficient input validation and inadequate server-side response checking on the client side. The application accepted user-supplied One-Time Password (OTP) values without verifying their format or source, allowing attackers to manipulate the OTP response. By injecting a custom JavaScript payload containing `document.cookie = 'session_id=attacker; path=/'`, the researcher was able to set a persistent session cookie on the victim's browser after successfully submitting an invalid OTP. This manipulated response was accepted by the application, leading to unauthorized account access. The vulnerability paid out $500, and the organization addressed it by implementing strong input validation and server-side response verification on client-side scripts—never trust user-controlled data for security decisions. Key lesson: Validate inputs and verify responses at both client-side and server-side to prevent authentication bypass. #BugBounty #AuthenticationBypass #WebSecurity #Infosec
The Ultimate Bug Bounty Recon Guide: From Zero to Finding Critical Vulnerabilities
This article provides a comprehensive guide for conducting reconnaissance in bug bounties. The researcher focuses on various tools and techniques, such as OWASP ZAP, Burp Suite, and Google Dorks, to gather information about target applications. The article covers techniques for subdomain enumeration, identifying sensitive files and directories using directory traversal attacks, and locating hidden APIs through manipulating User-Agent strings. Additionally, it discusses how to leverage open-source intelligence (OSINT) tools like Shodan and Censys to gather more context about a target's infrastructure and exposed assets. With this information, researchers can uncover potential vulnerabilities such as SQL injection, cross-site scripting (XSS), and authentication bypass. This guide serves as an essential starting point for new bug hunters seeking to find critical vulnerabilities effectively. Key lesson: Comprehensive reconnaissance is crucial in the early stages of a bug bounty hunt—employ various tools and techniques to gather valuable information about your target. #BugBounty #WebSecurity #Reconnaissance #OSINT #Infosec
The Bouncer Who Never Checked IDs
This vulnerability was an XSS (Cross-Site Scripting) issue due to insufficient input validation and lack of Content Security Policy (CSP). The application accepted user input for a query parameter without proper sanitization, allowing script injection through the 'query' field. The researcher injected a payload containing JavaScript code that set a cookie named 'PHPSESSID', which is a unique session identifier in PHP applications. This payload was executed by the browser on the victim's device, creating a persistent session cookie. With this cookie, an attacker could maintain unauthorized sessions and gain access to other users' accounts without needing their login credentials. The vulnerability paid out $250, and the organization addressed it by implementing strong input validation and setting appropriate CSP headers—never trust user-controlled data for security decisions. Key lesson: Always validate inputs and enforce strict Content Security Policies. #BugBounty #XSS #CSP #InputValidation #Infosec
Bytemancy 0 — picoCTF Writeup
This article describes an SQL Injection vulnerability discovered during a CTF (Capture The Flag) event. The application accepted user input from a search bar without proper validation, allowing the injection of SQL commands via single quotes and a UNION query. The researcher exploited this flaw by combining multiple SQL statements to extract usernames and hashed passwords from the database and base64-encoding them for further manipulation. The resulting payload was a JavaScript snippet that decoded the extracted data and displayed it in an alert box on the page. This vulnerability highlights the importance of input validation and proper handling of user-supplied data in security contexts. Remediation would involve implementing strong input sanitization, parameterized queries, or stored procedures to prevent SQL injection attacks. Key lesson: Always validate inputs and use secure coding practices to protect against SQL injection. #BugBounty #SQLInjection #CTF #WebSecurity #Infosec
https://medium.com/@may.hack/bytemancy-0-picoctf-writeup-7cee4cb45102?source=rss------bug_bounty-5
WebAssembly Hacking: 7 Practical Examples Every Ethical Hacker Should Master
This article discusses 7 practical WebAssembly (Wasm) hacking examples for ethical hackers. Wasm is a binary instruction format used in high-performance web apps and services, but it can hide vulnerabilities such as sensitive logic on the client, bundle vulnerable C/C++ code, and introduce new attack vectors for XSS, RCE, and privilege escalation. The article provides actionable steps, code, and details that are useful in real-world pentests. Key lesson: Understanding WebAssembly is crucial for finding hidden vulnerabilities in modern web apps. #WebAssembly #EthicalHacking #ReverseEngineering #BugBounty #Cybersecurity
Param Miner: The Burp Suite Extension That Finds Parameters Nobody Told You Existed
This article introduces Param Miner, a Burp Suite extension that identifies hidden parameters in web applications. The root cause was the lack of visibility into all parameters used by the application, leading to potential overlooked vulnerabilities. By automating parameter detection, Param Miner helped security researchers discover and target previously unnoticed parameters for further testing. During testing, the researcher found a hidden parameter named 'q' in the search functionality, which, when exploited with an XSS payload, allowed injecting malicious scripts into the page. The system logic behind this vulnerability was that the application did not properly sanitize user input and relied on client-side validation for security. The impact included cross-site scripting attacks on users who accessed the vulnerable search functionality. No bounty or outcome information was mentioned in the article. To remediate this issue, implement proper input validation at both server-side and client-side to prevent XSS attacks. Additionally, regularly using Param Miner can help uncover hidden parameters in applications. Key lesson: Hidden parameters can harbor vulnerabilities—use tools like Param Miner for comprehensive parameter detection. #BugBounty #Cybersecurity #WebSecurity #XSS #ParamMiner
Alonso Caballero / ReYDeS
Bug Bounty Shorts
Negative PID SL
