The following is a list of the top 10 bug bounty sites in 2023, based on a combination of factors including popularity, reputation, and rewards offered: OpenBugBounty HackerOne Bugcrowd Intigriti YesWeHack Cobalt Synack Immunefi HackerX Hackenproof These sites offer a variety of bug bounty programs from companies of all sizes, from startups to Fortune 500 companies. The rewards offered for finding and reporting vulnerabilities can range from a few hundred dollars to tens of thousands of dollars, depending on the severity of the vulnerability and the company’s bug bounty program. In addition ..read more

OpenBugBounty is a non-profit bug bounty platform established in 2014. It is a platform for coordinated, responsible, and ISO 29147 compatible vulnerability disclosure. OpenBugBounty allows security researchers to report XSS and similar security vulnerabilities on any website they discover using non-intrusive security testing techniques. The researchers may choose to make the details of the vulnerabilities public in 90 days since vulnerability submission or to communicate them only to the website operators. The program’s expectation is that the operators of the affected website will reward the ..read more

Coordinated Vulnerability Disclosure (CVD) is a process for disclosing security vulnerabilities to affected organizations in a way that minimizes the risk of harm to users. It is a voluntary process that is typically agreed upon by the vulnerability reporter, the affected organization, and a third-party facilitator. The CVD process typically involves the following steps: The vulnerability reporter discovers a security vulnerability in a product or service. The vulnerability reporter reports the vulnerability to the affected organization. The affected organization evaluates the vulnerability a ..read more

A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse and data breaches. There are many different types of bug bounty programs, each with its own set of rules and regulations. Some of the most common types of bug bounty programs include: Public bug bounty ..read more

Comman Injection Command Injection and OS command Injection also known as shell injection is a web security vulnerability in which an attacker can run arbitrary commands in a server Operating System. This will lead to a full compromise of the application and all its data. An attacker can use that system to compromise another computer in the infrastructure that is not accessible on the internet and pivot its way into the organization. Scenario Consider an application that let users see if something is in the inventory or not. That information is accessed via a URL like the following. https://e ..read more

Overview Authentication Bypass Vulnerabilities are common flaws in web applications today, but they are not always easy to find. With the continuous development of technology and the integration of various platforms, traditional authentication methods are gradually decreasing. The new authentication method not only provides convenience for users but also improves security to a higher level. While old ways of logging in users, such as leveraging single sign-on (SSO), are improvements, these techniques can still contain critical vulnerabilities. Whether it is a business logic error or some other ..read more

A month ago I tried to search a programs in bug bounty and I saw a domain web.com and I try ever with a simple dork: site:web.com ext:html. Tried to search a different extension the most vulnerable is html because in sometimes exist a little javascript and I saw a webpage with a strange description in google. And when saw the code in the page exist a javascript with a document.write with the parameter “Title” so if change this parameter for a simple XSS can exploit this parameter. But I thought in this moment this path is very commun and tried to found this path with the tittle in this html ..read more

Hey everyone, This is a blog related to my recent CVE on ServiceNow. It was found while testing a bug bounty program that was using ServiceNow and their in-scope domain was ‘redacted.service-now.com’. I searched the ServiceNow exploits on google and found that the domain was vulnerable to CVE-2019-20768 and CVE-2021-45901. I reported them and the reports were accepted. Then I tried to find some more bugs and came to an endpoint /logout_redirect.do. After some testing, I discovered that this endpoint reflects the value of the sysparm_url parameter in response. Value of parameter – sysparm_url ..read more

The cookie-based XSS One evening I started hunting on the Terrahost Bug Bounty program. I was testing the terrahost.no main domain. There was a functionality where I could choose the service, then register an account and place an order. So I did that. I chose Virtual Hosting and put all the data – username, address, phone number, postal code, etc. Clicked “Register” And I saw all the data displayed on the screen. Immediately thought of XSS and started looking at the requests in Burp. But found nothing. Refreshed the page and still saw the data. Then I looked into the local storage, session sto ..read more

– The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions.   This issue leads to: CVE 2022-29455 4websecurity.com already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin.  Reference:     – https://nvd.nist.gov/vuln/detail/CVE-2022-29455     – https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor     – https://www ..read more