Tag feed

#hackerone

13 posts30 followers

Explore Hashnode

Alternatives

Trending tags this week

Ttheblxckcicadablog.ovawatch.co.zaApr 10 · 2 min read

My First Bug Bounty: Chaining Open Redirect and DOM XSS into Account Takeover

This was my first ever valid bug bounty report through a VDP, and it got marked Medium severity. It was also not a duplicate, so for me this was a huge win. One thing I had heard a lot in bug bounty i

1

A

MCMohamed Chadlyn1ghtm4r3.hashnode.devMar 3 · 5 min read

Payment Page XSS: Bypassing Strict Sanitization through URI Structure

Sometimes, the best lessons in web development and security come from staring at a seemingly bulletproof application until its underlying mechanics finally crack. We had been deep in the trenches with

0

ASAdarsh Shettyalbatraoz.hashnode.devNov 6, 2025 · 4 min read

Abusing an 'Intended' GraphQL API Design: A One-Click Exploit to Steal GitLab CI/CD Secrets

Introduction Hello, I'm Adarsh Shetty, AKA Albatraoz, a Senior Appsec Engineer. By day, I secure applications and infrastructure; in my spare time, I enjoy hunting for security vulnerabilities in bug bounty programs. Over the years, my focus has grav...

0

KNKhoa Nguyenkhoafrancis.xyzFeb 7, 2025 · 2 min read

Introduction to HackerOne Hacker101 CTF

Giới thiệu Trong thế giới an ninh mạng, việc thực hành và rèn luyện kỹ năng là điều cực kỳ quan trọng. Một trong những cách tốt nhất để làm điều đó là tham gia các cuộc thi CTF (Capture The Flag). Nếu bạn đang tìm kiếm một nền tảng để luyện tập kỹ n...

0

CRChaitanya Rajblog.chaitanyaraj.devJun 16, 2024 · 3 min read

Unlocking the Secrets of Hacker101: Your First Capture the Flag Challenge

Hey there, tech adventurers! Welcome to my blog! Today, we're diving headfirst into the thrilling world of Capture the Flag (CTF) challenges. Whether you're a complete newbie to cybersecurity or a seasoned pro looking to sharpen your skills, this wal...

0

JDJapz Divinoh4nt3rx.hashnode.devAug 7, 2023 · 4 min read

HackerOne redacted usernames disclosure in "Export as .pdf" feature

Severity: Low (3.4)Weakness: Sensitive Information DisclosureBounty: $500 Hello hunters! I just want to share these new findings on the HackerOne bug bounty platform. First, I just wanna let you know that I disagree with the rated severity being Low...

0

RRameshsil3ntkill3r.comJun 28, 2023 · 3 min read

Sensitive Data Exposure Through Password Reset Functionality - Bug Bounty

Hi there 👋, Hope you're doing well. Today, I'm excited to share one of my interesting discoveries in bug hunting. WHO AM I ?🎭 My self Ramesh. I am a security researcher, moreover certified ethical hacker(CEH), bug bounty hunter and CTF player. Dedi...

0

ZMZeeshan M.z-sec.coMar 29, 2023 · 4 min read

Hacking Admin Panel & Getting free subscription

Note: For maintaining the program's privacy I won't disclose the program. So, a few months back I and Haseeb were hunting on a private program and the program is a services-based company that has paid services only. So the program had very limited as...

0

VGVeshraj Ghimireinfos3c.hashnode.devNov 23, 2022 · 2 min read

Interesting Stored XSS via meta data

Back in February of this year, Bibek Neupane and I had hacked on a private bug bounty program on Hackerone, we had chosen one of the social platform as our target. This post will detail how we discovered Stored Cross-Site Scripting via meta data on o...

1

J

SBSaajan Bhujelinfos3c.hashnode.devOct 22, 2022 · 3 min read

Password Reset Token Leak via X-Forwarded-Host

Hi everyone, I am Saajan Bhujel. Student of Bachelor of Commerce(B.Com) and also I am a Bug Bounty Hunter. This is my 1st blog, if you find any spelling mistakes, so please bear with me for the next few minutes. And this blog is about a vulnerability...

0

#hackerone

Search Hashnode

#hackerone

Explore Hashnode

Trending tags this week

My First Bug Bounty: Chaining Open Redirect and DOM XSS into Account Takeover

Payment Page XSS: Bypassing Strict Sanitization through URI Structure

Abusing an 'Intended' GraphQL API Design: A One-Click Exploit to Steal GitLab CI/CD Secrets

Introduction to HackerOne Hacker101 CTF

Unlocking the Secrets of Hacker101: Your First Capture the Flag Challenge

HackerOne redacted usernames disclosure in "Export as .pdf" feature

Sensitive Data Exposure Through Password Reset Functionality - Bug Bounty

Hacking Admin Panel & Getting free subscription

Interesting Stored XSS via meta data

Password Reset Token Leak via X-Forwarded-Host