Rogue collaborators and ambiguous branch names in GitHub
GitHub disclosed a bug submitted by inspector-ambitious: https://hackerone.com/reports/1831528 [Source]
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
In an ever-evolving digital landscape, web application security is paramount. Cross-Site Scripting, commonly known as XSS, remains one of the most prevalent and dangerous security vulnerabilities. In this blog post, we will delve into the different types of XSS, explore how it can be exploited, and learn how to detect...
Unauthenticated Remote Access to Testing Endpoint
IBM disclosed a bug submitted by sajidraza: https://hackerone.com/reports/2192984 [Source]
$1120: ATO Bug in Twitter’s
Explore the story of a $1120 Twitter bug, I found — a security flaw that allowed attackers to seize full control of accounts without knowing the password. Everyone who is reading this,I think aware of twitter. A couple of months after starting my bug bounty career, I found this bug...
How I found a Zero Day in W3 Schools
While using the W3Schools.com C Compiler I decided to play around with the shell. Link to the compiler : https://www.w3schools.com/c/tryc.php?filename=demo_compiler #include #include int main() { system(“ls -lra /etc/;set”); return 0; } Summary:The provided code executes a system command to list the contents of the /etc/ directory and display the environment...
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
24 Stories A Hacker’s Tale Ahoy, fellow digital adventurers! Today, we’re embarking on an exciting journey through the vast seas of web applications. Our quest? To uncover hidden treasures, or in this case, vulnerabilities! 1. Setting Sail – Understanding the Scope Before we embark on our hacking adventure, it’s essential...
Navigating the Bounty Seas with Open Bug Bounty
A Hacker’s Tale – Part 2 Welcome back, cyber adventurers, to our world of ethical hacking! In Part One, we set sail on the vast ocean of cybersecurity, armed with knowledge on identifying features, functions, and technologies used in web applications. Now, as we continue our quest for digital treasures,...
Guarding the Cosmos: Securing Your WordPress {wp-config.php}
Prepare for liftoff, fellow space explorers of the digital galaxy! In the boundless expanse of cyberspace, your WordPress website is akin to a spacecraft on an interstellar voyage. At the core of this cosmic vessel lies a vault of unimaginable value—the wp-config.php file. But beware, for this cosmic treasure, if...
Top Bug Bounty Courses and Certifications
Here are some of the top bug bounty courses and certifications available: Bug Bounty Hunter (CBH) through HackTheBox Academy Link Bug Bounty Hunter (CBH) through HackTheBox Academy A comprehensive course that covers all aspects of bug bounty hunting, from finding and exploiting vulnerabilities to reporting them to program administrators.The course...
Public and Private Bug Bounties and Vulnerability Disclosure Programs
Public and private bug bounties and vulnerability disclosure programs (VDPs) are both mechanisms for organizations to discover and fix vulnerabilities in their software systems. Public Bug Bounties Public bug bounties are open to anyone who wants to participate. Organizations that run public bug bounties typically offer rewards for finding and...
Education and Training in Bug Bounty
Education and training are essential for aspiring bug bounty hunters to develop the skills and knowledge necessary to identify and exploit vulnerabilities in computer systems, applications, and networks. Here’s a comprehensive guide to education and training resources for bug bounty hunters: Online Courses and Certifications: HackTheBox Academy: This comprehensive course...
Difference Between Penetration Testing and Bug Bounty
Penetration Testing and Bug Bounty are both methods of identifying and exploiting vulnerabilities in computer systems, applications, or networks. However, there are some key differences between the two. Penetration Testing is a structured, formal process that is typically conducted by a team of security professionals. The goal of a penetration...
access to profile & reset password page without authentication
Tennessee Valley Authority disclosed a bug submitted by mohs3n: https://hackerone.com/reports/2213337 [Source]
Integrity checks according to policies can be circumvented in Node.js 20 and Node.js 18
Internet Bug Bounty disclosed a bug submitted by tniessen: https://hackerone.com/reports/2208860 - Bounty: $1270 [Source]
Incorrect Authorization leads to see other users Documents Uploaded
Tennessee Valley Authority disclosed a bug submitted by mohs3n: https://hackerone.com/reports/2214049 [Source]
internal path disclosure via register error
Tennessee Valley Authority disclosed a bug submitted by mohs3n: https://hackerone.com/reports/2213381 [Source]
captcha bypass leads to register multiple user with one valid captcha
Tennessee Valley Authority disclosed a bug submitted by mohs3n: https://hackerone.com/reports/2213366 [Source]
Permission model improperly protects against path traversal in Node.js 20
Internet Bug Bounty disclosed a bug submitted by tniessen: https://hackerone.com/reports/2225660 - Bounty: $2330 [Source]
Permissions policies can be bypassed via Module._load and require.extensions (High) (CVE-2023-30587)
Internet Bug Bounty disclosed a bug submitted by mattaustin: https://hackerone.com/reports/2188126 - Bounty: $1165 [Source]
CVE-2023-47037: Airflow Broken Access Control Vulnerability
Internet Bug Bounty disclosed a bug submitted by 0xt4req: https://hackerone.com/reports/2249299 [Source]
CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows
Internet Bug Bounty disclosed a bug submitted by mprogrammer: https://hackerone.com/reports/2258758 [Source]
CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the “List dag warnings” feature
Internet Bug Bounty disclosed a bug submitted by balis0ng: https://hackerone.com/reports/2208647 - Bounty: $540 [Source]
Git Reference Ambiguity in GitHub – Commit Smuggling, Account Takeover, and Remote Code Execution
GitHub disclosed a bug submitted by inspector-ambitious: https://hackerone.com/reports/2017600 [Source]
Mozilla FuzzManager API Token Exposed in Git Commit
Mozilla Critical Services disclosed a bug submitted by yakirka: https://hackerone.com/reports/2030076 [Source]
Secrets can be unmasked in the “Rendered Template”
Internet Bug Bounty disclosed a bug submitted by klexadoc: https://hackerone.com/reports/2209665 [Source]
Potential IP revealing using UNC Path in Windows File Picker
Tor disclosed a bug submitted by newfunction: https://hackerone.com/reports/376004 [Source]
SQL Injection in parameter REPORT
Tor disclosed a bug submitted by wiloos: https://hackerone.com/reports/269347 [Source]
Zip bomb
Tor disclosed a bug submitted by zerx: https://hackerone.com/reports/263663 [Source]
Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971)
Tor disclosed a bug submitted by geeknik: https://hackerone.com/reports/274998 [Source]
solving TOR vulnerability, in other to make bruteforce difficult
Tor disclosed a bug submitted by joelisto: https://hackerone.com/reports/268320 [Source]
[rt.torproject.org] No Rate Limitting on Login Form
Tor disclosed a bug submitted by 0xspade: https://hackerone.com/reports/265706 [Source]
Report Regarding Security Vulnerability
Tor disclosed a bug submitted by srkfan: https://hackerone.com/reports/269243 [Source]
Multiple Path Transversal Vulnerabilites
Tor disclosed a bug submitted by myselfphoton: https://hackerone.com/reports/273377 [Source]
https://get.ooni.torproject.org/
Tor disclosed a bug submitted by ba4fe4ca95021d367f8a574: https://hackerone.com/reports/274285 [Source]
Tor Project – Full Path Disclosure
Tor disclosed a bug submitted by yox: https://hackerone.com/reports/269426 [Source]
Content spoofing on
Tor disclosed a bug submitted by nonamehiiden: https://hackerone.com/reports/273819 [Source]
CSRF to Information disclosure on password reset
Mozilla Critical Services disclosed a bug submitted by hackeriron1: https://hackerone.com/reports/2106662 [Source]
Ingress nginx annotation injection causes arbitrary command execution
Kubernetes disclosed a bug submitted by suanve: https://hackerone.com/reports/1728174 - Bounty: $2500 [Source]
Blind SQL injection on id.indrive.com
inDrive disclosed a bug submitted by kristoferent: https://hackerone.com/reports/2051931 - Bounty: $4134 [Source]
Password Reset Token Leak Via Referrer
Liberapay disclosed a bug submitted by 0xthem7: https://hackerone.com/reports/2133308 [Source]
Bug Bytes #217 – How to Submit Vulnerabilities, Writing a Great WriteUp and 2 years of Bug Bounty
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the weeks from November 6th to November 19th...
HTML injection in search UI when selecting a circle with HTML in the display name
Nextcloud disclosed a bug submitted by cx75fa: https://hackerone.com/reports/2210038 [Source]
Delete external storage of any user
Nextcloud disclosed a bug submitted by cx75fa: https://hackerone.com/reports/2212627 [Source]
user_ldap app logs user passwords in the log file on level debug
Nextcloud disclosed a bug submitted by alacn1: https://hackerone.com/reports/2101165 [Source]
Enabling Birthday Contact to any user
Nextcloud disclosed a bug submitted by nvz: https://hackerone.com/reports/2112973 [Source]
XSS in Cisco Endpoint
U.S. Dept Of Defense disclosed a bug submitted by r00tdaddy: https://hackerone.com/reports/2233421 [Source]
Full account takeover of any user through reset password
U.S. Dept Of Defense disclosed a bug submitted by maskedpersian: https://hackerone.com/reports/2194928 [Source]
Unathenticated file read (CVE-2020-3452)
U.S. Dept Of Defense disclosed a bug submitted by r00tdaddy: https://hackerone.com/reports/2233418 [Source]
Unauthorised CocoaPods Auth via Token Leakage & HTTP Header Injection
Snowplow disclosed a bug submitted by reefspek: https://hackerone.com/reports/2228086 [Source]
subdomain takeover at
Mars disclosed a bug submitted by skoll101: https://hackerone.com/reports/2106886 [Source]