One step at a time There's no need to rush It's like learning to fly!
This guide is a must-read for beginners to dive into Bug Bounty Hunting. It provides foundational skills, tips, tools, and resources for Bug Bounty Hunters. I’ve covered various aspects including vulnerabilities and learning resources. Are you ready to embark on your Bug Bounty adventure?
This vulnerability on the Bugcrowd platform allowed manipulating rank on the platform using the API.
This blog post is about how a hacker could have Hacked 100k+ Loyalty Programs to get free points & redeem them for free stuff or coupons.
Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features. About the Issue: The issue is really simple to execute. I was looking for a way to use the service for free and managed to find it so easily…
Hey Everyone, I hope you all are fine and doing well. Today I wanna share something related JSON Web Tokens (JWT). In this writeup, I’ll tell you how I was able to confirm emails without confirmation tokens, reset password as well as taking over company emails. So let’s start. What is JSON Web Token? JSON…
Hey guys so this blog post is about RCE issue reported to Microsoft bug bounty program, Remote Code execution issue existed in microsoft.com subdomain running Apache Solr. I’ll try to be as simple as possible. Participated in Microsoft Bug Bounty Program first time.. About the RCE: While doing some recon on microsoft.com website i…
Hey Everyone, My name is M.Qasim Munir and this is my first blog article that I’m writing about getting started in android apps pen-testing. I hope this article will help you with learning something new. Getting Started in Android apps Pen-testing (PART-1): Amazing development and growth in mobile apps have carried a bunch of…
Hey guys so this blog post is about doing static analysis of an Android App, And due to insecure storage of SMS API credentials I was able to Takeover the SMS API here’s a Short POC of the issue.
Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a Short POC tutorial of the issue. A few days ago i was doing static analysis of an Android app on a bug bounty target, as…