#bug-bounty

Mar 3 · 5 min read · Sometimes, the best lessons in web development and security come from staring at a seemingly bulletproof application until its underlying mechanics finally crack. We had been deep in the trenches with

Join discussion

AAbolFazlmp7y0.hashnode.dev

0

From Client Regex to Server Bug: We Hunted CORS and CSRF

Feb 27 · 4 min read · Introduction CORS misconfigurations are everywhere. But spotting the real ones takes more than payloads — it takes understanding the trust model hidden beneath the surface. This is a short story of ho

Join discussion

OROmid Rezaeiblog.voorivex.team

0

uXSS on Samsung Browser [CVE-2025-58485 SVE-2025-1879]

Feb 23 · 13 min read · Introduction This write-up explains how @YShahinzadeh and I discovered a Universal Cross-Site Scripting (UXSS) vulnerability in the Samsung Internet Browser, identified as CVE-2025-58485 and SVE-2025-

Join discussion

MMaMad4Evermikagelabs.hashnode.dev

0

Boost Your Burp Suite: Configuration $ Extensions

Feb 15 · 6 min read · 📚 Before Start (experienced hackers can skip this) Burp Suite is a powerful tool for web security testing, widely used by ethical hackers and penetration testers. It allows you to intercept, modify, and analyze HTTP/S traffic — think of it as Wiresh...

Join discussion

Nnadirhacknote.hashnode.dev

0

How I was able to find 3 Broken Access Control issues in a Bug Bounty Program

Jan 14 · 4 min read · Intro Hi my name is Nadir Feroz a 22-year-old Bug Bounty Hunter focused on web application security. I have been testing and reporting security vulnerabilities for almost 2 years. This is my weblog where I am going to share some of my finding in here...

Join discussion

MTMd. Tanjimul Islam Sifatbugbountysecretsdorks.hashnode.dev

0

Worldclass Google Dorks For Hunt Unique Bug Bounty Programs

Dec 22, 2025 · 2 min read · 🔥 TIER-1: 2025 ACTIVE & MAINTAINED PROGRAMS inurl:/responsible-disclosure intext:"effective date" intext:"2025" inurl:responsible-disclosure intext:"Effective Date" intext:"2025" -hackerone -bugcrowd inurl:vulnerability-disclosure intext:"Last updat...

Join discussion

MMaMad4Evermikagelabs.hashnode.dev

0

Understanding Same-Origin Policy (SOP): Protecting Your Web Security

Dec 8, 2025 · 2 min read · 💀 Same Origin Policy (SOP) Hey there! In this post, we’ll dive into the Same Origin Policy (SOP) — a crucial web security mechanism designed to prevent malicious attacks and protect user privacy. 🧠 What is SOP? Same Origin Policy (SOP) is a securi...

Join discussion

MMaMad4Evermikagelabs.hashnode.dev

0

🍪 HTTP Cookies

Dec 8, 2025 · 2 min read · HTTP Cookies are small pieces of data created by a web server while a user is browsing a website and stored on the user’s device by their web browser. When a user visits a website, the browser automatically sends any cookies that belong to that site ...

Join discussion

AFAeon Flex / Splicer Scornchaincoder.hashnode.dev

0

The Secret World Of Mobile App Bug Bounties And How To Break In

Dec 3, 2025 · 9 min read · There is a reason mobile app bug bounty hunting feels like a secret world. Most newcomers hit the Web first. It is easier to proxy, easier to brute force, easier to pattern match. But mobile? That domain still feels foggy and locked away. People talk...

Join discussion

JWJustin Waltersexegy.today

0

Random thoughts on the situation between Exegy and I

Dec 3, 2025 · 4 min read · I find it so interesting Exegy wanted to weaponize their non-disclose agreement (NDA) against me, especially with it being used in a lawsuit against me four months later. Their NDA is not even up to date on the laws regarding the matter, since it tri...

Join discussion

Tag feed

Tag feed

#bug-bounty

Payment Page XSS: Bypassing Strict Sanitization through URI Structure

From Client Regex to Server Bug: We Hunted CORS and CSRF

uXSS on Samsung Browser [CVE-2025-58485 SVE-2025-1879]

Boost Your Burp Suite: Configuration $ Extensions

How I was able to find 3 Broken Access Control issues in a Bug Bounty Program

Worldclass Google Dorks For Hunt Unique Bug Bounty Programs

Understanding Same-Origin Policy (SOP): Protecting Your Web Security

🍪 HTTP Cookies

The Secret World Of Mobile App Bug Bounties And How To Break In

Random thoughts on the situation between Exegy and I

#bug-bounty

Search Hashnode

#bug-bounty

Payment Page XSS: Bypassing Strict Sanitization through URI Structure

From Client Regex to Server Bug: We Hunted CORS and CSRF

uXSS on Samsung Browser [CVE-2025-58485 SVE-2025-1879]

Boost Your Burp Suite: Configuration $ Extensions

How I was able to find 3 Broken Access Control issues in a Bug Bounty Program

Worldclass Google Dorks For Hunt Unique Bug Bounty Programs

Understanding Same-Origin Policy (SOP): Protecting Your Web Security

🍪 HTTP Cookies

The Secret World Of Mobile App Bug Bounties And How To Break In

Random thoughts on the situation between Exegy and I