BugBounty
-
I found an SQL injection using Github dorking and here's my short story.BugBounty 2022. 4. 28. 08:23
Never forget about Github dorking. Last year, I was invited by TVA VDP via Hackerone . After reviewing their scope, I started my recon flow. I always start with github dorking because most of the time it contains low hanging fruits and sometimes hidden subdomains. After a few minutes, I discovered an interesting endpoint within a hidden subdomain. When I say hidden, I mean a subdomain that can't..
-
From Unexploited XSS To Self Stored XSS on victim CookiesBugBounty 2021. 3. 22. 06:01
Day #1 This is part 2 of this story , i will talk about a self XSS on Cookies And how i did the exploit through an out of scope subdomain.So our target is redact.com. first how i got the vulnerable attribute on cookies based? After browsing the redact.com i stopped in this path www.redacted.com/redactedfolder/redactedpage/ID and i used param miner {bruteForce] for hidden parameters , i got TWO b..