[Bug Bounty Money] – Episode 7

XSS vulnerability without a content security bypass in a `CUSTOM` App through Button tag , 2,000 USD Possible XSS vulnerability without a content security bypass, 2,000 USD download file type warning on Windows does not appear if “ask where to save file before downloading” setting is enabled, 500 USD Reset password link sent over unsecured … Read more

[Bug Bounty Money] – Episode 6 – Week 17 / 2023

[Bug Bounty Money] – Episode 4 – Weeks 14 & 15 / 2023

adding h1_analyst_* to username for normal users , 500 USD UXss on brave browser via scan QR Code, 500 USD Bypass parsing of transaction data, users on the phishing site will transfer/approve ERC20 tokens without being alerted, 1000 USD Ruby’s CGI library has HTTP response splitting (HTTP header injection), leaking confidential information, 4000 USD Use … Read more

[Bug Bounty Money] – Episode 3 – Week 13 / 2023

Open Redirect Vulnerability in Action Pack, 2400 USD Lack of bruteforce protection for TOTP 2FA, 750 USD Arbitrary read of all SVG files on a Nextcloud server, 1250 USD Cards in Deck are readable by any user, 825 USD HTML injection via insecure parameter [https://www.ubercarshare.com/], 650 USD DOM based XSS via insecure parameter on [ … Read more

[Bug Bounty Money] – Episode 1 – Week 11 / 2023

Traffic amplification attack via discovery protocol, 2000 USD information disclosure of another company bug on video, 500 USD Stored XSS on www.hackerone.com due to deleted S3-bucket from old page_widget, 500 USD Attacker is able to query Github repositories of arbitrary Shopify Hydrogen Users, 900 USD Delete anyone’s content spotlight remotely., 15000 USD

Top 10 web hacking techniques of 2020

PortSwigger (the company behind BurpSuite) launched it’s yearly community vote for the Top 10 Web Hacking Techniques of 2020. Visit https://portswigger.net/polls/top-10-web-hacking-techniques-2020 and vote for your favorites. Exploiting POST-based XSSI XSS fun with animated SVG Attacking MS Exchange Web Interfaces Code injection in Workflows leading to SharePoint RCE Researching Polymorphic Images for XSS on Google Scholar … Read more

Programe Bug Bounty: Bitdefender

Deschidem seria de programe Bug Bounty cu singura companie romaneasca despre care stim ca are asa ceva: Bitdefender. Ce credeam initial ca e lista lunga de domenii “in scope” .. am constatat ca e lista “out of scope”. Programul lor e administrat prin Bugcrowd. De pe Bugcrowd aflam mai multe informatii: – recompensele sunt intre … Read more