Jan 6, 2022. 3. Hello Ninjas!!!! I am Vishal Barot aka vFlexo and today I decided to publish a write-up on how I got first bounty through my first ever Bug Report. It was March 2021...
Aug 22, 2023. 1.1K. 11. Hello everyone, Im Fares. Today, Ill share the story of how I successfully identified a reflected XSS vulnerability within a public bug bounty program. To begin...
Dec 20, 2022 In this article, I will tell how I found my first valid XSS on a bug bounty program. So lets start. Im Vikas Anand, a security researcher and a bug bounty hunter from Bihar, India....
You can download it from here, or from SNGWNs GitHub(to activate Burp Pro). You can download the Reflector pluginfrom here, which will be required for hunting down our XSS vulnerabilities. Now its time for the actual bug bounty write-up .
Nov 22, 2020 Today I am going to share how I got my first bounty. This is my first bug bounty write-up so, pardon me for my mistakes. A bit of introduction about me I am vijeta a student and...
Nov 11, 2022 This is the story of how I found my first Stored XSS (Cross Site Scripting) vulnerability in a bug bounty program and a walk through on 4 min read Oct 24, 2022 3
Oct 19, 2023 So in this post, I will discuss, how I discovered my first stored xss vulnerability on one of the government websites. Finally after 15x getting information disclosure, this time I got a...
Jul 2, 2021 Without wasting my time i reported the issue in intigriti and after 3 days i got the repsonse from intigriti saying , your report is acepted. But sadly the program is a vdp and didnt offered any bounty . This is the story of my first reflected xss on intigriti .
Sep 13, 2023 The Discovery. I identify a simple webpage with an error message div. Inspect the source code of this page for get id attributes. Testing them as GET parameters, like adding helloworld to the...
Jan 2, 2024 In this post, Ill share a journey that demonstrates the power of escalating a seemingly minor reflected XSS vulnerability into an impactful discovery, ultimately earning a $500 bounty. The...
Feb 16, 2022. 3. Today I will share a Reflected XSS vulnerability that was reported by me, to a security team as part of their bug bounty program at Hackerone. I became aware of this XSS flaw through a good Google Dork of mine.
Oct 24, 2022 How I Found A Simple Stored XSS. Raymond Lind. . Follow. 4 min read. . Oct 24, 2022. 57. 3. This is the story of how I found my first Stored XSS (Cross Site Scripting) vulnerability in a...
Apr 8, 2021 When the user read the message, the XSS will trigger, allowing the hacker to steal private information, do unauthorized requests, buy, sell skins and so on. Result. CS Money awarded me with a...
3 min read. . Jul 10, 2023. -- Reflected XSS. Ada dua jenis kerentanan XSS Non-Persistent: Reflected XSS, yang diproses oleh server backend, dan DOM-based XSS, yang sepenuhnya diproses...
Mar 31, 2024 Lets get started. First I was reading a write-up on how to find your first bug, which discussed using Google dorks to find vulnerable parameters. The writer listed some google dorks for finding ...
Aug 5, 2020. 86. 1. This was my first XSS related finding that was considered a high severity vulnerability on a bug bounty program. For finding this vulnerability I was paid a bounty...
Dec 23, 2022 This is my first and last Bug Bounty Writeup this year. . I am sharing with you my latest XSS finding, which Ive found 2 weeks ago. This was the fastest and a bit unusual flow that I normally do when I search for XSS. So lets dive in Company asked me to retest an old XSS report.
Dec 27, 2023 Reflected XSS on hidden endpoint. Severity: Medium Payout: $200. I came across a page that was mostly blank, but had a response like wrong URL. I figured there was some sort of functionality if I passed the right parameter. After some fuzzing, it was apparent that redirect=
Sep 16, 2021 Hey, Guys so this is my first blog. so I thought maybe give it try to show people how you could find bugs in an easy way. So let's get started. First After my recon for 4 days. I started to look for URLs. URLs of your choice may be from Wayback or live URLs from the website by crawling. so first I started for archive ones
The results of this page are the results of the google search engine, which are displayed using the google api. So for results that violate copyright or intellectual property rights that are felt to be detrimental and want to be removed from the database, please contact us and fill out the form via the following link here.