Jorkle (Kyle)Dec 1

Was planning on bug hunting on self hosted VDPs to find my first bug.

Crafted this google dork for finding websites with self hosted vulnerability disclosure programs.

Hopefully someone finds it useful πŸ˜€

("responsible disclosure" OR "vulnerability disclosure) AND intext:scope -intext:hackerone -intext:bugcrowd -intext:intigriti

#bugbounty #bugbountytip

Anonymous πŸˆοΈπŸΎβ˜•πŸ΅πŸ΄πŸ‡΅πŸ‡Έ Jul 28, 2025

Windows Device Names Still Allow Path Traversal in UNC Paths After CVE-2025-27210 Fix
https://hackerone.com/reports/3255707

#bugbounty #bugbountytips #bugbountytip

Node.js disclosed on HackerOne: Windows Device Names Still Allow...

## Summary: I found that Windows device names (CON, PRN, AUX, etc.) can still be used for path traversal attacks when working with UNC network paths, even after the CVE-2025-27210 patch. So basically, the fix only covered regular paths but missed the UNC path scenario when using `path.join()` ## Description: I was testing the recent CVE-2025-27210 fix and noticed something . The patch works...

HackerOne
Anonymous πŸˆοΈπŸΎβ˜•πŸ΅πŸ΄πŸ‡΅πŸ‡Έ Jul 6, 2025

Automate Your Recon: One API to Run All Your Pentesting Tools Instantly
https://infosecwriteups.com/automate-your-recon-one-api-to-run-all-your-pentesting-tools-instantly-e1502862c2c7?source=rss------bug_bounty-5

#bugbounty #bugbountytips #bugbountytip

Tired of Running the Same Pentest Tools Over and Over?

New target? Cool! now it’s time to run tool, wait. Run other tool, wait again. Save results. Validate them. Move on. Repeat. We were doing this every single time in my team, and honestly, it started…

Medium
Anonymous πŸˆοΈπŸΎβ˜•πŸ΅πŸ΄πŸ‡΅πŸ‡Έ Apr 9, 2025

Automate JavaScript (JS) Extraction for Bug Bounty Recon
https://cyberw1ng.medium.com/automate-javascript-js-extraction-for-bug-bounty-recon-6faab744d22e?source=rss------bug_bounty-5

#bugbounty #bugbountytips #bugbountytip

Automate JavaScript (JS) Extraction for Bug Bounty Recon

This article is for educational purposes only. Do not scan or analyze websites without explicit authorization. Only use this methodology in legal bug bounty programs or your own testing labs…

Medium
Anonymous πŸˆοΈπŸΎβ˜•πŸ΅πŸ΄πŸ‡΅πŸ‡Έ Feb 9, 2025

Automating Subdomain Takeover Detection: A Step-by-Step Guide
https://bitpanic.medium.com/automating-subdomain-takeover-detection-a-step-by-step-guide-30d692f70752?source=rss------bug_bounty-5

#bugbounty #bugbountytips #bugbountytip

Automating Subdomain Takeover Detection: A Step-by-Step Guide

Subdomain Takeover is a critical Vulnerability that allows Attackers to hijack the abandoned subdomains which are currently not used by Companies or Web Application. Subdomain Takeover is a…

Medium
Katie Paxton-Fear (InsiderPhD)Nov 24, 2024
Are all the bugs really gone? How should you approach an application if you're done with recon? Here are my top 5 tips for approaching the main program and finding bugs #bugbountytip #BugBounty 1/7
Milad SafdariMay 2, 2024
I just published How i got admin panel without opening the target.😎 go ahead and read my approch to find bugs. #bugbountytips #BugBounty #bugbountytip https://blog.safda.online/how-i-got-admin-panel-without-opening-the-target-8ca4a2c219be
How i got admin panel without opening the target - Milad Safdari (TheSafdari) - Medium

Hi guys, it’s me Milad i come back with another interesting finding.As you may confused from tittle of this article and may ask how it was possible ? but just let me just show you my magic :) A few…

Medium
admiralarjunSep 2, 2023

πŸ’  Finding Clues in the Past: Unveiling Vulnerabilities with Wayback-Machine

#infosecurity #CyberSecurity #BugBounty #bugbountytip

https://hacklido.com/blog/594-finding-clues-in-the-past-unveiling-vulnerabilities-with-wayback-machine

Finding Clues in the Past: Unveiling Vulnerabilities with Wayback-Machine.

Hey there, fellow readers! It’s been a while, but I’m back – 0Γ—2458 in the house! Today, we’re going to dive into something fascinating – the Wayback Machine...

HACKLIDO
Anastasis VasileiadisJul 17, 2023

Time Based SQL injection Payloads

#bugbounty #bugbountytips #bugbountytip #hacking

Anastasis VasileiadisJul 15, 2023

Story of Clickjacking on Microsoft Leads To Privilege Escalation & Account Takeover Of Admin

https://t.co/SnR5s0Hewh

#bug #bugs #bugbounty #bugbountytip #bugbountytips #hacking #hacker #ethicalhacking #ethicalhacker #ethicalhackers #cybersecurity