Tag feed

#bugbounty

335 posts307 followers

Trending tags this week

Kkristofprzybylakcyber-hunter.hashnode.dev

How a Voucher Validation Flaw Led to More Than €10,000 in Credit

2d ago · 3 min read · The Discovery The platform offered newly registered users a welcome voucher that could be redeemed for credit. At first glance, the implementation appeared secure. Manually modifying the visible vouch

Join discussion

AAnirudhblog.redtrib3.in

1

Indirect prompt injection In Atlassian's Rovo chat

May 7 · 5 min read · Prompt injection is not a new idea. But most of the write-ups you'll find are about chatbots being tricked directly. I have been a reading a lot about Indirect prompt injection bugs lately and started

YAbu commented

OZOliver Zehentleitnerblog.technopathy.club

1

Binance Fixed the IP Whitelist Gap. The Disclosure Process Is Still Broken.

May 5 · 11 min read · I wanted to re-open an old Binance API security issue. Not because I enjoy re-litigating old reports. Because the last thirteen days made the threat model painfully concrete. I found or stumbled into

LLaura commented

MLMd. Lavib Uddin Ashiklavib-uddin-ashik.hashnode.dev

0

My First Bug Bounty Experience: Lessons, Challenges, and Growth 👨‍💻

Apr 28 · 3 min read · Bug bounty hunting is one of the most exciting ways to learn cybersecurity while working on real-world applications. Unlike theoretical learning, it gives you the opportunity to test live systems, thi

Join discussion

Oosint78shemkar.hashnode.dev

0

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

Apr 26 · 6 min read · The harmless profile endpoint that taught me how real bugs work Early in my bug bounty journey, I found a bug that looked simple from the outside, but it changed the way I think about web security. At

Join discussion

Kkristofprzybylakcyber-hunter.hashnode.dev

0

The Infinite Consultation: How a Business Logic Flaw Led to Unlimited Free Vet Appointments

Apr 26 · 3 min read · In cybersecurity, we often hunt for complex technical bugs. However, some of the most fun vulnerabilities aren’t found in the code's syntax, but in its Business Logic. I discovered a Medium-severity f

Join discussion

Ttheblxckcicadablog.ovawatch.co.za

1

My First Bug Bounty: Chaining Open Redirect and DOM XSS into Account Takeover

Apr 10 · 2 min read · This was my first ever valid bug bounty report through a VDP, and it got marked Medium severity. It was also not a duplicate, so for me this was a huge win. One thing I had heard a lot in bug bounty i

AArchit commented

ADAditya Dixitblog.dixitaditya.com

3

Hijacking iOS Deep Links in a Health App Using Custom URL Schemes

Apr 9 · 9 min read · Overview During a recent pentest of an iOS health application (let's call it MedVault), I came across something interesting. The app was using custom URL schemes for deep linking but had no Universal

LALaura and 2 more commented

EEibeib.hashnode.dev

0

Crafting a Full Read SSRF: A Journey Through Oauth DCR, Open URL Redirects, and Path Normalization

Apr 6 · 8 min read · The Bug This blog post outlines the chains of multiple gadgets to achieve a full read ssrf on a target. Open Dynamic client registration on the MCP server to create an open redirect gadget Path norm

Join discussion

AKAkbar Khanakbarkhan.hashnode.dev

0

How I Set Up a Complete Phishing Simulation Lab Using GoPhish, AWS EC2 & Namecheap — A Step-by-Step Technical Guide

Apr 6 · 8 min read · A real-world authorized engagement breakdown covering DNS, GoPhish configuration, SSL setup, and email deliverability — written for IT and security professionals. ⚠️ Disclaimer This engagement was per

Join discussion

#bugbounty

Search Hashnode

#bugbounty

Trending tags this week

How a Voucher Validation Flaw Led to More Than €10,000 in Credit

Indirect prompt injection In Atlassian's Rovo chat

Binance Fixed the IP Whitelist Gap. The Disclosure Process Is Still Broken.

My First Bug Bounty Experience: Lessons, Challenges, and Growth 👨‍💻

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

The Infinite Consultation: How a Business Logic Flaw Led to Unlimited Free Vet Appointments

My First Bug Bounty: Chaining Open Redirect and DOM XSS into Account Takeover

Hijacking iOS Deep Links in a Health App Using Custom URL Schemes

Crafting a Full Read SSRF: A Journey Through Oauth DCR, Open URL Redirects, and Path Normalization

How I Set Up a Complete Phishing Simulation Lab Using GoPhish, AWS EC2 & Namecheap — A Step-by-Step Technical Guide