Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application

Показать описание

Welcome to our series called Bug Bounty Redacted! In this series we will be going through reports we have submitted to bug bounty programs over the last five years.

This video series will progress in difficulty, with each episode covering some reports that have been submitted to bug bounty programs and have been rewarded.

Please like, comment and subscribe! We will be releasing a new video once a month. We look forward to educating you through our bug bounty reports!

Assetnote

Рекомендации по теме

Комментарии

great stuff shubs! Something I think people would really benefit from seeing is your approach to black-box manual testing if that's something you'd be open to share. Perhaps going through an intentionally vulnerable application or CTF and just explaining your thought process in different situations.

RespectableMan-cijb

Good stuff as always. But we would love to see any recent reports on H1 or any other BB platform as these reports are quite old.

haxohaxo

Thanks am getting better everyday. Can you suggest which easy bounties I can try it on.

fortsonandrealukolong

I have a bug like you have with the SQL injection. I know if I can't exploit it the triagers will say, no security risk. I guess this type of reporting only works when the program is not managed?

relic

Dear Sir,

Please do cover these crucial topics also. Like...
How to bypass Drupal CMS
How to bypass WAF protection that stops HTML, SQL, and XSS injection payloads? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc. How to bypass WAF using SQLMAP How to find hidden vulnerable parameters and endpoints inside the.js files? How to find hidden admin panels & cPanel and WHM panels. Please cover these important topics. Thanks

Free.Education

great content & thanks for sharing <3

remonsec

The server status endpoint mentioned at 2:05, can anyone tell me what does it means ..like what kind of endpoints is it referring to?

normaliteeos

Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application

Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application

Bug Bounty Redacted #2: Third Party Subdomain Takeover & Exposed Admin Interfaces

Bug Bounty Redacted #4: Writing to S3 buckets & Insecure JWT Implementation

REDACTED: $20,000 OAuth Bounty (FT. Nagli)

Hacking GitLab Instances For A $5,000 Bounty (2 Examples)

Bug Bounty Redacted #5: Second Order Subdomain Takeovers & Logic Bug DoS

How to get IP Address Step. #hacker #hacking #bugbounty #hack

REDACTED: Hacking The Largest Car Manufacturer

FREE COUPON to my Ultimate Bug Bounty course on #udemy

The $8000 NPM_TOKEN Writeup | Bug Bounty

REDACTED EP02: Hacking a Payment Processor (ft Rhynorater)

Business Logic Vulnerability with hidden input | FirstBlood v3 | Bug Bounty Service

Bug Bounty Tips related to SSRF, AWS S3 | Android Pentest on Windows 11 | THM #28

Bug Bounty Series: Episode 1 ($1 mln bounty in Aurora blockchain for the no input sanitization bug)

Same vulnerability 9 months later but with WAF Bypass | Alibaba | Bug Bounty

Overview of Web3 Smart Contract Hacking | IWCON-S22 Talk by Duncan Townsend - #Immunefi

Hacking on Bug Bounties for Five Years | @infosec_au

Bug Bounty Reports | Episode 2

BeVigil || OSINT and Bugbounty

$750 bugbounty | information extraction form apk file | bug bounty poc | hackerone | apk fil testing

$1,000 HackerOne Bounty | Viewing redacted username information

Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty. (Ep. 69)

This is my coolest bug bounty report (SSRF ➡ Phishing)

$6000 Local File Inclusion | Sensitive Data Exposure | Bug Bounty POC 2021