newfolder

None => Critical (10/10) Second Order Account Takeover : (attacker's VERIFIED email attached to attacker's UNVERIFIED email merged can takeover vicitm's VERIFIED account) H1 : Closing as Self Account Takeover (none). Me : Should I Takeover your Account? H1 : Sure! Me : BOOOM

@abdilahrf @iustinBB What if the server sends cache:MISS everytime, on existent and non existent path ? Any way to bypass it ?

@newfolderj @iustinBB I guess No cache no exploit

ASP.net responds with a 400 bad request on all requests containing two referer headers. This can be used to acheive cache poisoning DoS if the cache stores 400 response errors.

@HusseiN98D Hussein, it took me few days to find out in burp previous saved files but I am unable to send you DM as its blocked and require subscription.

@newfolderj If this is a BB program and you'd like collaborating shoot a DM and we can try

Whenever you see host/?param=ID, try to traverse inside. An easy way to detect if this might be 'traversable' is by doing host/?param=x/../ID and observe the response. In case both are the same response, you're good to start trying exploitation.

@iustinBB leet

If you want to find domains associated to an organization, you can explore DuckDuckGo's tracker-radar. It's a publicly accesible dataset that stores web tracking information, including domains operated by an organization. #L44" target="_blank" rel="nofollow noopener">github.com/duckduckgo/tra…

@khalidmeister1 @HusseiN98D @samwcyo So whats the point of traversing here or its not vulnerable or should I try something else or maybe you would mind mentioning what you found via the above method as everytime I belive there is nothing when I perform ../ at api endpoints

@khalidmeister1 @HusseiN98D @samwcyo Irfan I have watched the video several times and read different articles but cant exploit or unable to understand the scenario bcz I get /user/victim = 403 with every traverse e.g /user/me/../victim or /user/me/../../user/victim

@m4ll0k Paramminer have this functionality, you would need to Tick it when send request to paramminer

Is there a burp extension or something that can extract values from the response and make a request with the extracted values ... Something like autoRepeater with the ability to extract from response automatically ? Or I need build one ? 🥲

@nadiadurrani99 yeh guman MUSAB bin Walid ko bhi tha k agar bani israel k sar kaat day to shayd MUSA na payda ho PMLN ko b yahi lgta hi k in sab ko hata k PTI end ho jaygi magar dar asal tareekh aj phir Sheikh Mujeeb Rehman ka daur dikha rahi hi k kaise aik akylay nay kaya palat di thi sab ki :)

Just submitted my first Smart Contract Bug to the DeFi Protocol, big thanks to Owen, @pashov & @gogotheauditor for their public audits.

@h4x0r_dz I would suggest to go for web3 ctfs such as etheranut etc

I moved From bug bounty to ctf And I can confirm CTF is the real hacking, A bug bounty is just an easy game compared to ctf bug bounty : vulnerability assessment CTF : real hacking

@AkashHamal0x01 Put and Delete should be same report because of same path. POST should be in different report. I would suggest to submit put first , if the program is considering medium then add the delete one to bump the severity .

Just a quick question: POST /user => Create PUT /user/<ID> => Update DELETE /user/<ID> => Delete Should it be one report or multiple reports? and why? #BugBountyHelp

@3ncryptSaan @Hacker0x01 Hi ranjan, hackerone told me that we have stopped h1 clear and not accepting any applications. Would you mind telling me when you applied for it and how long did it take ?

What a Day it is!!! Just Made it To h1-Clear To be a verified Hacker at @Hacker0x01 Worked Damn hard for this verified Blue tick and to be a verified Hacker #hackerone #bugbounty #hacking #h1_clear #verified

@tosun7331 @osamaavvan Just sent dm

Done with Bug Bounties, now I'm looking for a job in security preferably remote. Web/Android and Network are my forte. Anyone hiring? #cybersecurity

@osamaavvan Onsite

@newfolderj Remote?

@brutexploiter I hope people would get it as it took me and the triager 3 days arguing that what is this and at the end I took his account so marked as critical

@brutexploiter so the victim and the unverified email both got the forget token , attacker change pass and got the victim's account and at the same time his email also get verified and accounts also got merged so at the end victim's account is destroyed and there are now two account of attacker

None => Critical (10/10) Second Order Account Takeover : (attacker's VERIFIED email attached to attacker's UNVERIFIED email merged can takeover vicitm's VERIFIED account) H1 : Closing as Self Account Takeover (none). Me : Should I Takeover your Account? H1 : Sure! Me : BOOOM