Category Archives: Bug bounty

Different Approaches For Reconnaissance — Bug Bounty’s

Hi, I’m z0id and I’m a security researcher at hackerone and bugcrowd and I’m going to show you different approaches to recon for your bug bounty Journeys. We will follow this check list: Approaches to sub domain Enumeration Visual Recon Google Dorks Content Discovery Approaches to sub domain Enumeration Sub domain enumeration is the key to discovering domains that can contain potential

Read more

How to earn your first bounty in bug bounty hunting

If you are interested in bug bounty hunting and want to learn about it and earn your first bounty, well please read this.   Bigger Scopes Matter Try to choose programs that have a larger scope, the reason for this is because you have more sub domains to work with and find vulnerabilities. Mentors on Twitter A lot of professional

Read more

A cross-platform note-taking & target-tracking app for penetration testers.

Reporting a bug? This is very early days of this project, therefore unexpected bugs, UI glitches and data-corruptions related issues may occur. I’d personally and strongly recommend to keep taking backups daily to not to loose any data if something bad happens. Before reporting a bug or glitch, please confirm if it is not previously reported. Give most possible information

Read more

Priceline Open Redirect Hackerone Disclosure

What is open redirection? Open redirection is a type of vulnerability where by a website can redirect the user to any other website, this could be used by an attacker to send someone a malicious link to a legitimate site that redirects them to a fake site that steals credentials or downloads a backdoor to their machine.   Priceline Open

Read more

Tube8 Reflected XSS Hackerone Discolosure

It was a normal bug hunting day I spent around 10 hours spidering through websites and testing for xss (cross-site-scripting) until I stumbled across an xss vulnerability in one of the most famous porn sites tube8.com. I successfully came up with a proof of concept and sent in a report here is the proof of concept payload. PAYLOAD “accesskey=”x”onclick=”alert(1)”//zpmgz How this

Read more

TomTom Website Hacked With XSS | krypt0mux

Story I have been spidering my way through some websites checking for xss vulnerabilities until I came across one in tomtom.com This vulnerability was such an easy one because burpsuite detected it almost instantly.   What is XSS? cross site scripting or xss for short is an injection attack where by an attacker can insert malicious javascript code into the

Read more