Tag feed

#bugbountytips

84 posts205 followers

Explore Hashnode

Alternatives

Trending tags this week

Oosint78shemkar.hashnode.devApr 26 · 6 min read

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

The harmless profile endpoint that taught me how real bugs work Early in my bug bounty journey, I found a bug that looked simple from the outside, but it changed the way I think about web security. At

0

00xryzn1ghtm4r3.hashnode.devFeb 21 · 8 min read

IDOR Fallout: Leaking 2 Million Sensitive Files with a Simple Trick

When you see a public bug bounty program that has been running for over a decade, the assumption is usually that it's been picked completely clean. Every obvious endpoint has been hammered, and every

0

MRMohammad Reza Mirzadzareblog.mirzadzare.netFeb 20 · 7 min read

IP Spoofing to Account Takeover: You Patched It? Really?

Abstract In my previous article, I described how I found a security flaw in a popular desktop app's OAuth flow that allowed me to steal any user's account with just one click. I reported it, saw it pa

0

EEibeib.hashnode.devFeb 16 · 7 min read

Building a custom JS monitoring tool with no coding knowledge using AI

Background I had a very interesting JavaScript-heavy target I was working on, which was built using a microservice architecture. The main domain contains a lot of sub-apps, so doing subdomain enumeration did not result in any significant success othe...

0

MMaMad4Evermikagelabs.hashnode.devFeb 15 · 6 min read

Boost Your Burp Suite: Configuration $ Extensions

📚 Before Start (experienced hackers can skip this) Burp Suite is a powerful tool for web security testing, widely used by ethical hackers and penetration testers. It allows you to intercept, modify, and analyze HTTP/S traffic — think of it as Wiresh...

0

HHacktushackt.usJan 23 · 3 min read

What Can You Do With a Leaked Cognito Identity Pool ID?

Leaking a Cognito Identity Pool ID is often dismissed as a low-impact information disclosure. But when the IAM policy attached to the unauthenticated role is misconfigured, that "low-impact" leak becomes a direct path into the cloud infrastructure. W...

0

HHacktushackt.usDec 21, 2025 · 4 min read

Can you compromise a multi-billion dollar company via /health?

We all have those endpoints we instantly ignore in our HTTP history. You see GET /favicon.ico, you ignore it. You see GET /assets/logo.png, you ignore it. And usually, when you see GET /health, you ignore that too. Why? Because 99.9% of the time, the...

1

T

MMaMad4Evermikagelabs.hashnode.devDec 8, 2025 · 2 min read

Understanding Same-Origin Policy (SOP): Protecting Your Web Security

💀 Same Origin Policy (SOP) Hey there! In this post, we’ll dive into the Same Origin Policy (SOP) — a crucial web security mechanism designed to prevent malicious attacks and protect user privacy. 🧠 What is SOP? Same Origin Policy (SOP) is a securi...

0

MRMohammad Reza Mirzadzareblog.mirzadzare.netDec 1, 2025 · 9 min read

From "Log in with OAuth" to "Your Account Is Mine" – Desktop App Edition

Abstract Just one click on a malicious link → account takeover. No phishing, no malware. I discovered a security flaw in a popular desktop app’s OAuth flow that let me steal any user’s account just

2

VM

TToxSectoxsec.hashnode.devNov 16, 2025 · 5 min read

OSCP Proving Grounds – Levram Walkthrough

ToxSec | Web Exploitation & Linux Privilege Escalation Practice 0x00 OSCP Proving Grounds - Levram Levram is lean and surgical. No filler, no rabbit holes. You go from lazy creds on a forgotten web panel, to an authenticated RCE, and finish with a s...

0

#bugbountytips

Search Hashnode

#bugbountytips

Explore Hashnode

Trending tags this week

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

IDOR Fallout: Leaking 2 Million Sensitive Files with a Simple Trick

IP Spoofing to Account Takeover: You Patched It? Really?

Building a custom JS monitoring tool with no coding knowledge using AI

Boost Your Burp Suite: Configuration $ Extensions

What Can You Do With a Leaked Cognito Identity Pool ID?

Can you compromise a multi-billion dollar company via /health?

Understanding Same-Origin Policy (SOP): Protecting Your Web Security

From "Log in with OAuth" to "Your Account Is Mine" – Desktop App Edition

OSCP Proving Grounds – Levram Walkthrough