Bug Bounty Redacted #1: Exposed Redis and HAProxy

Показать описание

Welcome to our new series called Bug Bounty Redacted! In this series we will be going through reports we have submitted to bug bounty programs over the last five years.

This video series will progress in difficulty, with each episode covering some reports that have been submitted to bug bounty programs and have been rewarded.

In this episode, we cover two reports - the discovery of an exposed Redis instance and an exposed HAProxy statistics panel. The discovery process and information about the exact report is shared in this video.

Please like, comment and subscribe! We will be releasing a new video once a month. We look forward to educating you through our bug bounty reports!

Assetnote

Рекомендации по теме

Комментарии

Love it and love seeing you make more content man. Great work!

NahamSec

Great! Looking forward to more episodes of this series

BugBountyReportsExplained

For some reason I am happy these videos are not seen enough

amit-mishra

This is great! Love the idea of this series!

Studiom

Love the video man! Video for video, you've got the best security research channel on Youtube (Sorry Nahamsec!). I just wish you had more videos!

JaminSoch

Useful - new learning - nmap scan can lead to open port exploit - bug bounty

exploreThe_

Thanks for sharing, looking forward to the next!

RespectableMan-cijb

Thanks for a great video! It would be helpful to know which bug bounty platform you are using, which categories each of those bugs fell into and what amount of bounty they generated. Looking forward to more episodes.

edwardlichtner

As always such great content! Thanks for sharing 👊🏿😎

ChOkO

Wonderful, please share the severity too. Thanks

simn

6 years ago reports which are not reproducible anymore for like 2 years? Wow

(Redis sets password by default for ~ 2 years now)

TaReN

1. You didn't show them a proof of concept. How were you awarded with a bounty since you didn't show them

2. Can you actually help with the particular nmap and netcat command 🙏

3. You talked about keys and config. Which exact command did you run to get those disclosed information.

4. Lastly. Please can you tell the range of bounty awarded on this type of vulnerability.

Thank you

dr.b

Add some live labs and your methodology

xbeven

You should do it weekly not yearly your contents are valuable

danzosow

Bug Bounty Redacted #1: Exposed Redis and HAProxy

Bug Bounty Redacted #1: Exposed Redis and HAProxy

Bug Bounty Redacted #2: Third Party Subdomain Takeover & Exposed Admin Interfaces

Hackerone's BEST Bug Bounty Hunting Secrets EXPOSED

$6000 Local File Inclusion | Sensitive Data Exposure | Bug Bounty POC 2021

Bug Bounty Redacted #5: Second Order Subdomain Takeovers & Logic Bug DoS

Bug Bounty Redacted #4: Writing to S3 buckets & Insecure JWT Implementation

Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application

I quit my IT job for YouTube and bounty - bounty vlog #0

he hacked my websites

Logical Bug - email changed

The $8000 NPM_TOKEN Writeup | Bug Bounty

Live Stream Shodan for Bug Bounties | Shodan Live Exploitation for Fun & Profit

BUG BOUNTY: HOW TO FIND MISCONFIGURATION IN AWS S3 BUCKET #1

Hacking on Bug Bounties for Five Years | @infosec_au

Xss on googlenestcommunity #xss #google #googlevrp #bugbounty

Attack against Aws Bucket Listing to all | Bugbounty Live attack | @cyberUF

#MentorshipMondays | Getting Started in Bug Bounties

0-Day $10,000 Oracle E-Business Suite Bounty | Thanks to @orwaatyat2958

Business Logic Vulnerability with hidden input | FirstBlood v3 | Bug Bounty Service

Complete Guide to Bug Bounty Programs | How to Earn with Ethical Hacking

Your Recon Process is Boring!

How to get the LINK GLOVE before 20K SLAPS! | Roblox Slap Battles

Where People Go When They Want to Hack You

Patreon Reflected Xss Vulnerability | BugBounty | HackingSpotTelugu