BugBountyHunter

BugBountyHunter

Sign in Subscribe

Re-using signed messages via Metamask to leak your JWT token on "Web3.0" websites to use on API requests

Re-using signed messages via Metamask to leak your JWT token on "Web3.0" websites to use on API requests

I've been quiet a bit since the new year began and I haven't been as active on social media lately, sorry! I've been working around the clock building and running BugBountyHunter and helping others start their journey in bug bounties, whilst also raising our

Easily leaking passenger information on an Airline

Easily leaking passenger information on an Airline

This post is going to outline how I simply applied my methodology and managed to find multiple vulnerabilities leaking airline passenger information on a YesWeHack [https://www.yeswehack.com/]bug bounty program. My experience on YesWeHack [https://www.yeswehack.com/] has been extremely good as the companies engage & communicate

Leaking OpenID tokens with “ — the bug right infront of you

Leaking OpenID tokens with “ — the bug right infront of you

This is only going to be a short post explaining the details of a vulnerability I found which I believe many researchers overlooked when testing the login flow of one program. This bug may affect other sites using an OpenID login flow, I would recommend testing :) (It is best if

BugBountyHunter Chats — Getting to know 0xblackbird, YouGina, JTCSec and HolyBugx

BugBountyHunter Chats — Getting to know 0xblackbird, YouGina, JTCSec and HolyBugx

BugBountyHunter.com opened early November 2020 and the amount of growth we have seen in members has been phenomenal! Members have been using BARKER to build confidence with testing web applications and leaving no stone unturned, with the end goal to apply this mindset on bug bounty programs.. 0xblackbird [https:

It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive knowledge about the program

It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive knowledge about the program

When a researcher spends a lot of time on one bugbounty program the bug impact tends to increase as they gain knowledge around the web assets and how things work & are connected together. (atleast in my experience, if you have spent a lot of time on one program i’

Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable

Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable

(posted October 29th 2018) I recently gave a talk at @_DC151 [https://twitter.com/_dc151] about some interesting bug and bypasses i’ve found in my time doing bug bounties. In my talk I described an interesting technique for bypassing CSRF protections some sites have with clickjacking. I made a

How re-signing up for an account lead to account takeover

How re-signing up for an account lead to account takeover

This is a quick write-up about an interesting bug I found on a bounty program which lead to unauthorised access to any account you knew the email of (no password needed!). I believe some other researchers may of overlooked the functionality of the site and some of the requests that

How signing up for an account with an @company.com email can have unexpected results

How signing up for an account with an @company.com email can have unexpected results

Something so simple can have unexpected results. It was a late evening and I was fed up of looking at Burp so I decided to just try some things manually on random programs. The result? I ended up with a P1 :)

Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information

Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information

Here is a fun story about how I found IDOR to leak any users’ details, and then broke their patch. The mobile app was leaking any users unique hash, which was required to view & modify your personal data, along with their userid (just an integer). Let’s begin!

Finding XSS on .apple.com and building a proof of concept to leak your PII information

Getting Started

Finding XSS on .apple.com and building a proof of concept to leak your PII information

Back in February of this year I hacked with members of BugBountyHunter.com on a public bug bounty program and we chose Apple as our target. This post will detail how we discovered some XSS and built a PoC to leak PII information across multiple .apple.com subdomains.

One company: 262 bugs, 100% acceptance, 2.57 priority, millions of user details saved.

One company: 262 bugs, 100% acceptance, 2.57 priority, millions of user details saved.

(Posted Feb 25 2017) Welcome all! Firstly, let me introduce myself. I’m known as @zseano and i’m known for being mostly active on BugCrowd. One thing most people don’t know is that all of my bug bounty time is dedicated to one company. That’s right, 99.