In this article, I would like to cover how it is possible to efficiently check thousands of endpoints for potential Cross Site Scripting vulnerabilities in a short amount of time. The technique presented can be completely automated (although I do recommend some manual data filtering to save on server resources). This blueprint could be used to enhance your existing Bug Bounty automation setup. I will be using Axiom tool to help scale XSS hunting to the next level. Cross Site Scripting Hunting Results If you are not very familiar with Axiom tool, I will highly suggest you to follow pr ..read more

Somewhere in the world. November 2023 Hello dear hunters I hope you’re doing great. It’s been over a year since my last publication about Insecure Direct Object References In this post, I’ll delve into the technical details of how I discovered a critical vulnerability “Default Credentials” (P1) in a bug bounty program in under 30 minutes. Note : Vulnerabilities are assessed and then categorized between P1 (most severe) to P5 (least severe) which determines how much an organization should reward the researcher who reported it. What do you mean by default credentials ? I ..read more

First Whoami : Dris R. A Security Researcher, Penetration Tester from Paris ,France. France. Summer 2022 Normally in summer, people chose to go in holiday in their free time, but for my part I was focused in security research, it has now become my playground. I also decided to specialize in web security research to have the maximum skills and therefore have a stronger impact in bug bounty programs or with my clients during web penetration testing. In this post i will explain you technically, how i found my first P1 in bugbounty, in-fact in the same program i found 2 IDOR ..read more

Hey! This is my second part of Epic Bug Hunting Failures. Part two of our is locked and loaded here. If you missed the first act, catch up here https://infosecwriteups.com/epic-bug-hunting-failures-7d95bb61cb12 . After rectifying those mistakes, do you believe that, with some experience, we won’t make any mistakes? Quite the opposite; we are likely to make plenty. Getting too worked up about rewards, bonuses, and being in the spotlight used to be my thing. I used to copy exactly what others did to get those rewards, thinking it would work every time. But it doesn’t. Learning from ot ..read more

Discover how an IDOR vulnerability allowed unauthorized budget changes in Private Program. Learn the steps to reproduce this security flaw and its potential impact on user privacy. IDOR vulnerabilities can potentially expose user data or allow unauthorized access to sensitive features. In this blog post, I’ll walk you through a recent discovery I made while testing Examlent.com(virtual name of privat program domain), a platform where individuals seek job opportunities and employers find potential candidates. This IDOR flaw had the potential to compromise user privacy by letting an attack ..read more

#2 Different Burp Suite Tools — Guide for Burp Suite This article is a part of the Guide for Burp Suite series. Within the previous article, we see the Introduction of Burp Suite. Now we’ll move forward and learn about the different tools that are available with Burp Suite. So Let’s Get Started. Read Complete Article on: https://securitycipher.com/2020/06/07/different-burp-suite-tools-guide-for-burp-suite/ Different Burp Suite Tools - Guide for Burp Suite Burp Suite contains various tools for performing different testing tasks. The tools operate effectively together, and you can pas ..read more

In the world of cybersecurity, the discovery of a vulnerability like CVE-2023-36025 in Windows SmartScreen is a significant event. This post aims to provide a detailed understanding of this vulnerability, how it can be exploited, and its implications. Understanding CVE-2023-36025 CVE-2023-36025 is classified as a security feature bypass vulnerability in the Windows SmartScreen function. SmartScreen serves as a guard against untrusted sources, warning users about potentially malicious websites and files. This vulnerability allows attackers to craft special files or hyperlinks that can bypass S ..read more

Hello, everyone. I hope you are doing well. My name is Mohammad Reza Omrani and in this post, I will describe a vulnerability I recently discovered. We used the domain name redacted.com and collected as many subdomains as possible through Google Dorking. site:"*.redacted.com" I added the new subdomains I found from Google results to a text file. Since this was a manual and time-consuming process, I tried to speed things up like this: site:"*.redacted.com" -www -blog -mail By using a specific filter, you can exclude a term, such as a subdomain, from Google search results. After ..read more

Crafting XSS (Cross-Site Scripting) payloads is a significant aspect of learning about web application security, particularly for educational and ethical hacking purposes. Here, some generic examples of XSS payloads. Remember, these should only be used in legal, ethical contexts, such as in a lab environment, CTF (Capture the Flag) competitions, or when you have explicit permission to test a system. Basic Alert: <script>alert('XSS')</script> Document Cookie Access: <script>alert(document.cookie)</script> JavaScript Execution: <img src=x onerror=alert ..read more

Riding the Waves of API Versioning: Unmasking a Stored XSS Vulnerability, CSP Bypass Using YouTube OEmbed Hello, as some of you already know me, I’m Syed Mushfik Hasan Tahsin aka SMHTahsin33. And for those who doesn’t, I’m a 19 Y/O Cyber Security Enthusiast from Bangladesh with 3+ years of experience. And passionately doing Bug Bounties in my free time solely out of curiosity. I am an eWPTXv2 as well. > Target Mapping : Discovering the Attack Surface The target I was working on, was for collaboration purpose with a bug hunter from Bangladesh. Initially he didn’t provide ..read more